If I know the name of one of the users, whats to stop me from just setting my session "auth-identity" { "id" : 1, "name" : "John Smith", "profile" : 1 }, and then increasing the numbers until I get it right? Is there some hidden session authentication I don't see?

after working on Auth lib for a while I just noticed that when we use Remember Me on login process all cookies will be remove after we call remove() but why the token record is still in the table? I can't figure out what purpose for keeping it there, anyways I have put 2 lines of code into remove() function in order to remove those record from table after logout

$token = $this->cookies->get('RMT')->getValue();
UserRememberTokens::findFirstByToken($token)->delete();
$this->cookies->get('RMT')->delete();

Wrong number of parameters
#0 /var/www/html/public/index.php(41): Phalcon\Mvc\Application->handle()
#1 {main}

please, update this repository phalcon v4

Hi

This is first time that I use vokuro! I have a problem with login action.
I have added a column to Users table (member_id) and I want to change login credentials from email and password to memebr_id and password.
I have got this message:

Column 'member_id' doesn't belong to any of the selected models (1), when preparing: SELECT [Vokuro\Models\Users].* FROM [Vokuro\Models\Users] WHERE member_id='admin' LIMIT 1

How can I fix it ?

Latest 1.x aws sdk for php no longer support this sintax:

new \AmazonSES(
$this->config->amazon->AWSAccessKeyId,
$this->config->amazon->AWSSecretKey
);

It should be replaced with something like this:

new \AmazonSES(array(
"key"=>$this->config->amazon->AWSAccessKeyId,
"secret"=>$this->config->amazon->AWSSecretKey
));

Hello,

Following tutorial https://docs.phalcon.io/4.0/en/tutorial-vokuro, I installed the application. I'm on windows machine and using php build in server. I can display main page, about page, register, login, logout, but as soon as I hit Users Panel (/users) getting error:

Action 'index' was not found on handler 'user_control'
#0 [internal function]: Phalcon\Mvc\Dispatcher->throwDispatchException('Action 'index' ...', 5)
#1 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->dispatch()
#2 D:\develop\vokuro\src\Application.php(71): Phalcon\Mvc\Application->handle('/users')
#3 D:\develop\vokuro\public\index.php(28): Vokuro\Application->run()
#4 D:\develop\vokuro\.htrouter.php(22): require_once('D:\\develop\\voku...')
#5 {main}

acording to documentation the /users url should lead to UsersController->actionIndex.

which folder must be writable
cache?
cache/volt?

please add this to README.md

• Update copyright year
• Add license to header in .php files
• PSR-2 (in code)
• Phan integration with higher (less strict) level of checks (due php-ast, not in current iteration)
• Psalm integration with (less strict) level 8 of checks
• Bug fixes (if any)
• First and basic tests
• PHP 7+ syntax (not in current iteration, after acceptance tests will cover most part of application)
• Add dotenv package, with configs pointing to .env file

composer.phar is not found in the repo of vokuro

Make sending emails optional

Most users will be using this to get to grips with PhalconPHP on a test environment without the ability to send emails. The addition of a boolean to the config files should sort this - when true, emails are sent as normal; when false, emails are not sent (and accounts do not require being activated by an email link, etc).

Started this already, will add this week.

Correct me if im wrong , maybe im not understanding correctly the use of relationship , but im
wondering why in this scenario its not more appropiate the --- hasOne --- relationship because you only need to registered and validated just one user, and this will appear only once in the table, right?

Using phalcon 3.3.1, there's a warning about the way forms are cleared. Create a new user to reproduce.

PHP Deprecated:  Function Phalcon\Tag::resetInput() is deprecated

Currently Vokuro is using Boostrap 2 for theming and the Bookstrap 4 alpha/beta is probably far enough along to use now.

Now that RC.2 is out we would like to upgrade our package to RC.2 and implement changes if needed. See https://github.com/phalcon/cphalcon/releases/tag/v4.0.0-rc.2

Approx All attributes are set to integers

$table->addColumn('usersId', 'integer')
->addColumn('code', 'integer')
->addColumn('createdAt', 'integer')
->addColumn('modifiedAt', 'integer')
->addColumn('reset', 'char', ['limit' => 1])
->addIndex(['usersId'])
->create();

Hi

how to fix this issue:

No credentials were provided. The SDK attempts to retrieve Instance Profile credentials from the EC2 Instance Metadata Service, but doing this requires the "default_cache_config" option to be set in the config.inc.php file or constructor. In order to cache the retrieved credentials.

#0 /Applications/MAMP/htdocs/phalcon/vokuro/vendor/amazonwebservices/aws-sdk-for-php/services/ses.class.php(77): CFRuntime->__construct(Array)
#1 /Applications/MAMP/htdocs/phalcon/vokuro/app/library/Mail/Mail.php(33): AmazonSES->__construct(Array)
#2 /Applications/MAMP/htdocs/phalcon/vokuro/app/library/Mail/Mail.php(113): Vokuro\Mail\Mail->amazonSESSend('Message-ID: <84...')
#3 /Applications/MAMP/htdocs/phalcon/vokuro/app/models/EmailConfirmations.php(76): Vokuro\Mail\Mail->send(Array, 'Please confirm ...', 'confirmation', Array)
#4 [internal function]: Vokuro\Models\EmailConfirmations->afterCreate()
#5 [internal function]: Phalcon\Mvc\Model->fireEvent('afterCreate')
#6 [internal function]: Phalcon\Mvc\Model->_postSave(true, false)
#7 /Applications/MAMP/htdocs/phalcon/vokuro/app/models/Users.php(111): Phalcon\Mvc\Model->save()
#8 [internal function]: Vokuro\Models\Users->afterSave()
#9 [internal function]: Phalcon\Mvc\Model->fireEvent('afterSave')
#10 [internal function]: Phalcon\Mvc\Model->_postSave(true, false)
#11 /Applications/MAMP/htdocs/phalcon/vokuro/app/controllers/SessionController.php(50): Phalcon\Mvc\Model->save()
#12 [internal function]: Vokuro\Controllers\SessionController->signupAction()
#13 [internal function]: Phalcon\Dispatcher->dispatch()
#14 /Applications/MAMP/htdocs/phalcon/vokuro/public/index.php(33): Phalcon\Mvc\Application->handle()
#15 {main}

We implemented a temporary fix in https://github.com/phalcon/vokuro/tree/4.0.x/app/Phalcon
After the next v4 release these fixes should be removed.

See phalcon/cphalcon#14265 and phalcon/cphalcon#14346

after set directSmtp to true, when signup, get following errors:

Expected response code 250 but got code "530", with message "530-5.5.1 Authentication Required. Learn more at 530 5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257 mq7sm403441pdb.31 - gsmtp "
#0 /var/www/vokuro/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(281): Swift_Transport_AbstractSmtpTransport->_assertResponseCode('530-5.5.1 Authe...', Array)
#1 /var/www/vokuro/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/EsmtpTransport.php(245): Swift_Transport_AbstractSmtpTransport->executeCommand('MAIL FROM: <pho...', Array, Array)
#2 /var/www/vokuro/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/EsmtpTransport.php(327): Swift_Transport_EsmtpTransport->executeCommand('MAIL FROM: <pho...', Array)
#3 /var/www/vokuro/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(421): Swift_Transport_EsmtpTransport->_doMailFromCommand('phosphorum@phal...')
#4 /var/www/vokuro/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(449): Swift_Transport_AbstractSmtpTransport->_doMailTransaction(Object(Swift_Message), 'phosphorum@phal...', Array, Array)
#5 /var/www/vokuro/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/AbstractSmtpTransport.php(176): Swift_Transport_AbstractSmtpTransport->_sendTo(Object(Swift_Message), 'phosphorum@phal...', Array, Array)
#6 /var/www/vokuro/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Mailer.php(86): Swift_Transport_AbstractSmtpTransport->send(Object(Swift_Message), Array)
#7 /var/www/vokuro/app/library/Mail/Mail.php(112): Swift_Mailer->send(Object(Swift_Message))
#8 /var/www/vokuro/app/models/EmailConfirmations.php(76): Vokuro\Mail\Mail->send(Array, 'Please confirm ...', 'confirmation', Array)
#9 [internal function]: Vokuro\Models\EmailConfirmations->afterCreate()
#10 [internal function]: Phalcon\Mvc\Model->fireEvent('afterCreate')
#11 [internal function]: Phalcon\Mvc\Model->_postSave(true, false)
#12 /var/www/vokuro/app/models/Users.php(111): Phalcon\Mvc\Model->save()
#13 [internal function]: Vokuro\Models\Users->afterSave()
#14 [internal function]: Phalcon\Mvc\Model->fireEvent('afterSave')
#15 [internal function]: Phalcon\Mvc\Model->_postSave(true, false)
#16 /var/www/vokuro/app/controllers/SessionController.php(50): Phalcon\Mvc\Model->save()
#17 [internal function]: Vokuro\Controllers\SessionController->signupAction()
#18 [internal function]: Phalcon\Dispatcher->dispatch()
#19 /var/www/vokuro/public/index.php(33): Phalcon\Mvc\Application->handle()
#20 {main}

From schemas files create separate migrations and describe how to execute them during project installation.

• about/index.volt
• emailTemplates/confirmation.volt
• emailTemplates/reset.volt
• index/index.volt
• layouts/emailTemplates.volt
• layouts/private.volt
• layouts/public.volt
• permissions/index.volt
• privacy/index.volt
• profiles/create.volt
• profiles/edit.volt
• profiles/index.volt
• profiles/search.volt
• session/forgotPassword.volt
• session/login.volt
• session/signup.volt
• terms/index.volt
• users/changePassword.volt
• users/create.volt
• users/edit.volt
• users/index.volt
• users/search.volt
• index.volt

Hi,

This is first time that I use vokuro! I have problem with crop image.

app.js

var app = angular.module('angularjs-starter', []);

app.controller('MainCtrl', function($scope) {
  $scope.name = 'World';  
  $scope.selected = function(x) {
    console.log("selected",x);
  };
});

app.directive('imgCropped', function() {
  return {
    restrict: 'E',
    replace: true,
    scope: { src:'@', selected:'&' },
    link: function(scope,element, attr) {
      var myImg;
      var clear = function() {
        if (myImg) {
          myImg.next().remove();
          myImg.remove();
          myImg = undefined;
        }
      };
      scope.$watch('src', function(nv) {  
        clear();
        if (nv) {
          element.after('<img />');
          myImg = element.next();  
          myImg.attr('src',nv);
          $(myImg).Jcrop({
            trackDocument: true,  
            onSelect: function(x) {  
              scope.$apply(function() {
                scope.selected({cords: x});
              });
            }
          });
        }
      });
  scope.$on('$destroy', clear);
}

  };
});

if i include this file means vokuro application submit buttons not working.

I've noticed that the forms are not being validated and that the validation is being done in the models. So the message strings for forms are never being used.

• Travis build
• Vokuro docs link
• Backers/sponsors

after signup, can't receive confirmation email, does Email Confirmation Module need to inistall aws sdk?

I was wondering, how can i pass the message to calling controller for signup action as it shows an email has been sent (in aftersave() function) in a blank page and not showing in the template.

in "layouts/public.volt", I find a code below.

{%- if logged_in %}
   some codes
{% endif %}

If "logged_in" is not defined, error occurs.
AboutController does not set a this var.

I am getting empty page when email is successfully sent from afterCreate() method of ResetPasswords.php model.

Hi Guys,

This is a wonderful example. Unfortunately I can't test it really, because the following error message come up after I hit the signup button on /session/signup page.

Catchable fatal error: Argument 1 passed to AmazonSES::__construct() must be an array, string given

Any idea?
Regards,
Sandor

I am working on a portal and using vokuro as a baseline. When I enter email address ForgotPassword, the email is received properly but view does not load and just the flash message on the screen on a white screen.

If i comment out,

$this->getDI()
       ->getMail()
       ->send([
            $this->users->userEmail => $this->users->userName
       ], "Reset your password", 'resetpassword', [
           'resetUrl' => '/reset-password/' . $this->resetCode . '/' . $this->users->userEmail
       ]);

view loads as expected.

• Normalize composer.json (https://github.com/localheinz/composer-normalize)
• Add PHPCS to travis with PSR-2 rules
• Composer project installation (http://php-pds.com/)
• Fill community profile (https://github.com/phalcon/vokuro/community)
• Database tables review and refactor through migrations
• Code refactor + Unit tests
• Code refactor + Functional tests
• Fix email confirmation

Summary:
An exception occurs when attempting to logout from a valid user session. It is triggered clicking on the logout link from the site navbar or following the uri directly: 'session/logout'.

Details:
File (Directory) Path: src/Plugins/Auth/
File Name: Auth.php
Line Number: 264
Line Snippet:
$userId = $this->findFirstByToken($token);

Enclosing Method Name: remove

Problem: Attempting to logout from a valid user session is impossible due to an exception being rasied in the process. This happens as a result of calling the deleteToken() and passing the $userId variable as a parameter. If its 'set', its of the string data type. The deleteToken() method requires an one parameter of type: integer.

Suggested solution: This snippet, in line 264, could be changed from:

$userId = $this->findFirstByToken($token);

to:

$userId = (int) $this->findFirstByToken($token);

This is because strict_types are set to true and the call to the deleteToken() method, on line 266, while passing the $userId variable as a parameter will throw an error...

Hi

         This is first time that I use vokuro! i have problem with insert image.

this is my user-controller code

public function createAction()
{
if ($this->request->isPost()) {

        $user = new Users();




        $user->assign(array(
            'name' => $this->request->getPost('name', 'striptags'),
            'profilesId' => $this->request->getPost('profilesId', 'int'),
            'email' => $this->request->getPost('email', 'email'),
            'image'=> $this->request->getPost('image', 'striptags')
        ));



        $file = $this->request->getPost('image');
        if ($this->request->hasFiles() == true) {
        foreach ($this->request->getUploadedFiles() as $file) {
                $image = $file->getName();
                $path = 'img/uploads/' . $image;
                $file->moveTo($path);
            }
        }
            echo $image;

        if (!$user->save()) {
            $this->flash->error($user->getMessages());
        } else {

            $this->flash->success("User was created successfully");

            Tag::resetInput();
        }
    }

    $this->view->form = new UsersForm(null);
}

UserForm

$image = new File('image', array(
'placeholder' => 'image'
));

     $image->addValidators(array(
        new PresenceOf(array(
            'message' => 'The name is required'
        ))
    ));

$this->add($image);

above code i am using image uploading in upload folder ,but i am not able to insert in users table.

I started learning Phalcon few months back and everything was good till I reached Vokuro, it was incomplete and then I thought to continue learning phalcon some other time. So I again decided to get back to phalcon few weeks ago, have been going through lots of docs and references, but I wish if Vokuro had proper tutorial like INVO then would have saved a lots of confusion I had earlier. Specially if one is first timer to any Framework (not only phalcon).

I am not yet strong enough in Phalcon to complete tutorial docs myself, I wish if someone else with proper command over Phalcon can do it. It will really help new starters to get better Idea about this impressive framework.

I copy app/controllers/ControllerBase.php to my website,
I get the error message like "Notice: Access to undefined property acl in ".

https://getcomposer.org/doc/03-cli.md#create-project

After a successful login I am automatically logout when clicking on the vokuro logo in the top bar or the home or about link.

Why is that?

Why am I being constatnly logged out?

I have tried different browsers , ticking remember me before login, however, I am always getting logged out?

The userAgent field in the schemas is too short.

Chrome in OSX El Capitan gives

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

which won't fit in varchar(120)

I've tried to create a pull request, but I'm getting an auth error.

Hei,

Vokuro does not check the foldernames of the views-folders.

While http://vokuro.phalconphp.com/users is not accessible without logging in, http://vokuro.phalconphp.com/uSers (uppercase S) delivers some private content such as the menu for logged in users.

Hei, the field "attempted" in failed_logins has the TYPE TINYINT (5).
But Vokuro uses a timestamp on this field.

I changed it to INT (10) in my case.
So now the login - throtteling works. :)

greetings

After creating an account:
http://vokuro.phalconphp.com/session/signup

Error sending email from AWS SES: Sender InvalidClientTokenId The security token included in the request is invalid 350dbe73-0d08-11e4-9f8a-4156733d90b3 

If you submit a wrong form and then try to complete well, always CSRF gets fail

trace with forgetpassword

SQLSTATE[42S22]: Column not found: 1054 Unknown column 'users.username' in 'field list'
#0 [internal function]: PDOStatement->execute()
#1 [internal function]: Phalcon\Db\Adapter\Pdo->executePrepared(Object(PDOStatement), Array, Array)
#2 [internal function]: Phalcon\Db\Adapter\Pdo->query('SELECT `users`....', Array, Array)
#3 [internal function]: Phalcon\Mvc\Model\Query->_executeSelect(Array, Array, Array)
#4 [internal function]: Phalcon\Mvc\Model\Query->execute(Array, Array)
#5 [internal function]: Phalcon\Mvc\Model::findFirst(Array)
#6 C:\inetpub\wwwroot\ccn\phalcon\Phalcon\vokuro\app\controllers\SessionController.php(117): Phalcon\Mvc\Model::__callStatic('findFirstByEmai...', Array)
#7 C:\inetpub\wwwroot\ccn\phalcon\Phalcon\vokuro\app\controllers\SessionController.php(117): Vokuro\Models\Users::findFirstByEmail('chiiwenl@yahoo....')
#8 [internal function]: Vokuro\Controllers\SessionController->forgotPasswordAction()
#9 [internal function]: Phalcon\Dispatcher->dispatch()
#10 C:\inetpub\wwwroot\ccn\phalcon\Phalcon\vokuro\public\index.php(33): Phalcon\Mvc\Application->handle()
#11 {main}

• Change domain from phalconphp.com to phalcon.io
• Generate new password hashes and put original in migrations seed
• Write acceptance tests
• Add namespaces for db seeds and migrations
• Add .htrouter.php (https://pastebin.com/raw/7h3ni5pb)
• Rewrite service providers as separate classes
• PSR-4
• Refactor code to PHP 7.x syntax
• Reach until level 3 in psalm
• Update @deprecated code
• Review and Update README
• Setup travis
• Composer project installation (http://php-pds.com/)

All input data seems to be valid, but occurs current error...