From ec0756c50e0bfdb87c42d8634f3e567e15912b7f Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sat, 7 Nov 2015 17:14:06 +0000
Subject: [PATCH 01/20] Create UserController

---
 application/controller/UserController.php | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 application/controller/UserController.php

diff --git a/application/controller/UserController.php b/application/controller/UserController.php
new file mode 100644
index 000000000..e69de29bb

From 33865fdd61832e662047a2353b28204638fd7b6c Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sat, 7 Nov 2015 17:35:57 +0000
Subject: [PATCH 02/20] Create RegisterController

---
 application/controller/RegisterController.php | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 application/controller/RegisterController.php

diff --git a/application/controller/RegisterController.php b/application/controller/RegisterController.php
new file mode 100644
index 000000000..e69de29bb

From 60149a215de8d093deed7fbaf6a0b210c1bfea5e Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 11:46:08 +0000
Subject: [PATCH 03/20] Move register and verify view files to view/register

---
 application/view/register/register.php | 37 ++++++++++++++++++++++++++
 application/view/register/verify.php   | 12 +++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 application/view/register/register.php
 create mode 100644 application/view/register/verify.php

diff --git a/application/view/register/register.php b/application/view/register/register.php
new file mode 100644
index 000000000..a9169c141
--- /dev/null
+++ b/application/view/register/register.php
@@ -0,0 +1,37 @@
+<div class="container">
+
+    <!-- echo out the system feedback (error and success messages) -->
+    <?php $this->renderFeedbackMessages(); ?>
+
+    <!-- login box on left side -->
+    <div class="login-box" style="width: 50%; display: block;">
+        <h2>Register a new account</h2>
+
+        <!-- register form -->
+        <form method="post" action="<?php echo Config::get('URL'); ?>login/register_action">
+            <!-- the user name input field uses a HTML5 pattern check -->
+            <input type="text" pattern="[a-zA-Z0-9]{2,64}" name="user_name" placeholder="Username (letters/numbers, 2-64 chars)" required />
+            <input type="text" name="user_email" placeholder="email address (a real address)" required />
+            <input type="password" name="user_password_new" pattern=".{6,}" placeholder="Password (6+ characters)" required autocomplete="off" />
+            <input type="password" name="user_password_repeat" pattern=".{6,}" required placeholder="Repeat your password" autocomplete="off" />
+
+            <!-- show the captcha by calling the login/showCaptcha-method in the src attribute of the img tag -->
+            <img id="captcha" src="<?php echo Config::get('URL'); ?>login/showCaptcha" />
+            <input type="text" name="captcha" placeholder="Please enter above characters" required />
+
+            <!-- quick & dirty captcha reloader -->
+            <a href="#" style="display: block; font-size: 11px; margin: 5px 0 15px 0; text-align: center"
+               onclick="document.getElementById('captcha').src = '<?php echo Config::get('URL'); ?>login/showCaptcha?' + Math.random(); return false">Reload Captcha</a>
+
+            <input type="submit" value="Register" />
+        </form>
+    </div>
+</div>
+<div class="container">
+    <p style="display: block; font-size: 11px; color: #999;">
+        Please note: This captcha will be generated when the img tag requests the captcha-generation
+        (= a real image) from YOURURL/login/showcaptcha. As this is a client-side triggered request, a
+        $_SESSION["captcha"] dump will not show the captcha characters. The captcha generation
+        happens AFTER the request that generates THIS page has been finished.
+    </p>
+</div>
diff --git a/application/view/register/verify.php b/application/view/register/verify.php
new file mode 100644
index 000000000..6a880c47c
--- /dev/null
+++ b/application/view/register/verify.php
@@ -0,0 +1,12 @@
+<div class="container">
+
+    <h1>Verification</h1>
+    <div class="box">
+
+        <!-- echo out the system feedback (error and success messages) -->
+        <?php $this->renderFeedbackMessages(); ?>
+
+        <a href="<?php echo Config::get('URL'); ?>">Go back to home page</a>
+    </div>
+
+</div>

From 41f82c25dc44a65408a7bbbaf9d7ce068aa570a1 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 16:09:01 +0000
Subject: [PATCH 04/20] Remove register and verify view files from view/login
 directory

---
 application/view/login/register.php | 37 -----------------------------
 application/view/login/verify.php   | 12 ----------
 2 files changed, 49 deletions(-)
 delete mode 100644 application/view/login/register.php
 delete mode 100644 application/view/login/verify.php

diff --git a/application/view/login/register.php b/application/view/login/register.php
deleted file mode 100644
index a9169c141..000000000
--- a/application/view/login/register.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<div class="container">
-
-    <!-- echo out the system feedback (error and success messages) -->
-    <?php $this->renderFeedbackMessages(); ?>
-
-    <!-- login box on left side -->
-    <div class="login-box" style="width: 50%; display: block;">
-        <h2>Register a new account</h2>
-
-        <!-- register form -->
-        <form method="post" action="<?php echo Config::get('URL'); ?>login/register_action">
-            <!-- the user name input field uses a HTML5 pattern check -->
-            <input type="text" pattern="[a-zA-Z0-9]{2,64}" name="user_name" placeholder="Username (letters/numbers, 2-64 chars)" required />
-            <input type="text" name="user_email" placeholder="email address (a real address)" required />
-            <input type="password" name="user_password_new" pattern=".{6,}" placeholder="Password (6+ characters)" required autocomplete="off" />
-            <input type="password" name="user_password_repeat" pattern=".{6,}" required placeholder="Repeat your password" autocomplete="off" />
-
-            <!-- show the captcha by calling the login/showCaptcha-method in the src attribute of the img tag -->
-            <img id="captcha" src="<?php echo Config::get('URL'); ?>login/showCaptcha" />
-            <input type="text" name="captcha" placeholder="Please enter above characters" required />
-
-            <!-- quick & dirty captcha reloader -->
-            <a href="#" style="display: block; font-size: 11px; margin: 5px 0 15px 0; text-align: center"
-               onclick="document.getElementById('captcha').src = '<?php echo Config::get('URL'); ?>login/showCaptcha?' + Math.random(); return false">Reload Captcha</a>
-
-            <input type="submit" value="Register" />
-        </form>
-    </div>
-</div>
-<div class="container">
-    <p style="display: block; font-size: 11px; color: #999;">
-        Please note: This captcha will be generated when the img tag requests the captcha-generation
-        (= a real image) from YOURURL/login/showcaptcha. As this is a client-side triggered request, a
-        $_SESSION["captcha"] dump will not show the captcha characters. The captcha generation
-        happens AFTER the request that generates THIS page has been finished.
-    </p>
-</div>
diff --git a/application/view/login/verify.php b/application/view/login/verify.php
deleted file mode 100644
index 6a880c47c..000000000
--- a/application/view/login/verify.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<div class="container">
-
-    <h1>Verification</h1>
-    <div class="box">
-
-        <!-- echo out the system feedback (error and success messages) -->
-        <?php $this->renderFeedbackMessages(); ?>
-
-        <a href="<?php echo Config::get('URL'); ?>">Go back to home page</a>
-    </div>
-
-</div>

From 35d1e128ec043b48d25c714db56638a5c5317b85 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 16:34:39 +0000
Subject: [PATCH 05/20] Move register and user action methods to their new
 controllers

---
 application/controller/LoginController.php    | 215 ------------------
 application/controller/RegisterController.php |  74 ++++++
 application/controller/UserController.php     | 176 ++++++++++++++
 3 files changed, 250 insertions(+), 215 deletions(-)

diff --git a/application/controller/LoginController.php b/application/controller/LoginController.php
index 0e8206766..7dc0ad4d2 100644
--- a/application/controller/LoginController.php
+++ b/application/controller/LoginController.php
@@ -87,181 +87,6 @@ public function loginWithCookie()
         }
     }
 
-    /**
-     * Show user's PRIVATE profile
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
-     */
-    public function showProfile()
-    {
-        Auth::checkAuthentication();
-        $this->View->render('login/showProfile', array(
-            'user_name' => Session::get('user_name'),
-            'user_email' => Session::get('user_email'),
-            'user_gravatar_image_url' => Session::get('user_gravatar_image_url'),
-            'user_avatar_file' => Session::get('user_avatar_file'),
-            'user_account_type' => Session::get('user_account_type')
-        ));
-    }
-
-    /**
-     * Show edit-my-username page
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
-     */
-    public function editUsername()
-    {
-        Auth::checkAuthentication();
-        $this->View->render('login/editUsername');
-    }
-
-    /**
-     * Edit user name (perform the real action after form has been submitted)
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action
-     */
-    public function editUsername_action()
-    {
-        Auth::checkAuthentication();
-
-        // check if csrf token is valid
-        if (!Csrf::isTokenValid()) {
-            self::logout();
-        }
-
-        UserModel::editUserName(Request::post('user_name'));
-        Redirect::to('login/index');
-    }
-
-    /**
-     * Show edit-my-user-email page
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
-     */
-    public function editUserEmail()
-    {
-        Auth::checkAuthentication();
-        $this->View->render('login/editUserEmail');
-    }
-
-    /**
-     * Edit user email (perform the real action after form has been submitted)
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
-     */
-    // make this POST
-    public function editUserEmail_action()
-    {
-        Auth::checkAuthentication();
-        UserModel::editUserEmail(Request::post('user_email'));
-        Redirect::to('login/editUserEmail');
-    }
-
-    /**
-     * Edit avatar
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
-     */
-    public function editAvatar()
-    {
-        Auth::checkAuthentication();
-        $this->View->render('login/editAvatar', array(
-            'avatar_file_path' => AvatarModel::getPublicUserAvatarFilePathByUserId(Session::get('user_id'))
-        ));
-    }
-
-    /**
-     * Perform the upload of the avatar
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
-     * POST-request
-     */
-    public function uploadAvatar_action()
-    {
-        Auth::checkAuthentication();
-        AvatarModel::createAvatar();
-        Redirect::to('login/editAvatar');
-    }
-
-    /**
-     * Delete the current user's avatar
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
-     */
-    public function deleteAvatar_action()
-    {
-        Auth::checkAuthentication();
-        AvatarModel::deleteAvatar(Session::get("user_id"));
-        Redirect::to('login/editAvatar');
-    }
-
-    /**
-     * Show the change-account-type page
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
-     */
-    public function changeUserRole()
-    {
-        Auth::checkAuthentication();
-        $this->View->render('login/changeUserRole');
-    }
-
-    /**
-     * Perform the account-type changing
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action
-     * POST-request
-     */
-    public function changeUserRole_action()
-    {
-        Auth::checkAuthentication();
-
-        if (Request::post('user_account_upgrade')) {
-            // "2" is quick & dirty account type 2, something like "premium user" maybe. you got the idea :)
-            UserRoleModel::changeUserRole(2);
-        }
-
-        if (Request::post('user_account_downgrade')) {
-            // "1" is quick & dirty account type 1, something like "basic user" maybe.
-            UserRoleModel::changeUserRole(1);
-        }
-
-        Redirect::to('login/changeUserRole');
-    }
-
-    /**
-     * Register page
-     * Show the register form, but redirect to main-page if user is already logged-in
-     */
-    public function register()
-    {
-        if (LoginModel::isUserLoggedIn()) {
-            Redirect::home();
-        } else {
-            $this->View->render('login/register');
-        }
-    }
-
-    /**
-     * Register page action
-     * POST-request after form submit
-     */
-    public function register_action()
-    {
-        $registration_successful = RegistrationModel::registerNewUser();
-
-        if ($registration_successful) {
-            Redirect::to('login/index');
-        } else {
-            Redirect::to('login/register');
-        }
-    }
-
-    /**
-     * Verify user after activation mail link opened
-     * @param int $user_id user's id
-     * @param string $user_activation_verification_code user's verification token
-     */
-    public function verify($user_id, $user_activation_verification_code)
-    {
-        if (isset($user_id) && isset($user_activation_verification_code)) {
-            RegistrationModel::verifyNewUser($user_id, $user_activation_verification_code);
-            $this->View->render('login/verify');
-        } else {
-            Redirect::to('login/index');
-        }
-    }
-
     /**
      * Show the request-password-reset page
      */
@@ -315,44 +140,4 @@ public function setNewPassword()
         );
         Redirect::to('login/index');
     }
-
-    /**
-     * Password Change Page
-     * Show the password form if user is logged in, otherwise redirect to login page
-     */
-    public function changePassword()
-    {
-        Auth::checkAuthentication();
-        $this->View->render('login/changePassword');
-    }
-
-    /**
-     * Password Change Action
-     * Submit form, if retured positive redirect to index, otherwise show the changePassword page again
-     */
-    public function changePassword_action()
-    {
-        $result = PasswordResetModel::changePassword(
-            Session::get('user_name'), Request::post('user_password_current'),
-            Request::post('user_password_new'), Request::post('user_password_repeat')
-        );
-
-        if($result)
-            Redirect::to('login/index');
-        else
-            Redirect::to('login/changePassword');
-    }
-
-    /**
-     * Generate a captcha, write the characters into $_SESSION['captcha'] and returns a real image which will be used
-     * like this: <img src="......./login/showCaptcha" />
-     * IMPORTANT: As this action is called via <img ...> AFTER the real application has finished executing (!), the
-     * SESSION["captcha"] has no content when the application is loaded. The SESSION["captcha"] gets filled at the
-     * moment the end-user requests the <img .. >
-     * Maybe refactor this sometime.
-     */
-    public function showCaptcha()
-    {
-        CaptchaModel::generateAndShowCaptcha();
-    }
 }
diff --git a/application/controller/RegisterController.php b/application/controller/RegisterController.php
index e69de29bb..a21207e47 100644
--- a/application/controller/RegisterController.php
+++ b/application/controller/RegisterController.php
@@ -0,0 +1,74 @@
+<?php
+
+/**
+ * RegisterController
+ * Register new user
+ */
+class RegisterController extends Controller
+{
+    /**
+     * Construct this object by extending the basic Controller class. The parent::__construct thing is necessary to
+     * put checkAuthentication in here to make an entire controller only usable for logged-in users (for sure not
+     * needed in the RegisterController).
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Register page
+     * Show the register form, but redirect to main-page if user is already logged-in
+     */
+    public function index()
+    {
+        if (LoginModel::isUserLoggedIn()) {
+            Redirect::home();
+        } else {
+            $this->View->render('register/register');
+        }
+    }
+
+    /**
+     * Register page action
+     * POST-request after form submit
+     */
+    public function register_action()
+    {
+        $registration_successful = RegistrationModel::registerNewUser();
+
+        if ($registration_successful) {
+            Redirect::to('login/index');
+        } else {
+            Redirect::to('register');
+        }
+    }
+
+    /**
+     * Verify user after activation mail link opened
+     * @param int $user_id user's id
+     * @param string $user_activation_verification_code user's verification token
+     */
+    public function verify($user_id, $user_activation_verification_code)
+    {
+        if (isset($user_id) && isset($user_activation_verification_code)) {
+            RegistrationModel::verifyNewUser($user_id, $user_activation_verification_code);
+            $this->View->render('register/verify');
+        } else {
+            Redirect::to('login/index');
+        }
+    }
+
+    /**
+     * Generate a captcha, write the characters into $_SESSION['captcha'] and returns a real image which will be used
+     * like this: <img src="......./login/showCaptcha" />
+     * IMPORTANT: As this action is called via <img ...> AFTER the real application has finished executing (!), the
+     * SESSION["captcha"] has no content when the application is loaded. The SESSION["captcha"] gets filled at the
+     * moment the end-user requests the <img .. >
+     * Maybe refactor this sometime.
+     */
+    public function showCaptcha()
+    {
+        CaptchaModel::generateAndShowCaptcha();
+    }
+}
diff --git a/application/controller/UserController.php b/application/controller/UserController.php
index e69de29bb..739621041 100644
--- a/application/controller/UserController.php
+++ b/application/controller/UserController.php
@@ -0,0 +1,176 @@
+<?php
+
+/**
+ * UserController
+ * Controls everything that is user-related
+ */
+class UserController extends Controller
+{
+    /**
+     * Construct this object by extending the basic Controller class. The parent::__construct thing is necessary to
+     * put checkAuthentication in here to make an entire controller only usable for logged-in users
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Show user's PRIVATE profile
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
+     */
+    public function index()
+    {
+        Auth::checkAuthentication();
+        $this->View->render('login/showProfile', array(
+            'user_name' => Session::get('user_name'),
+            'user_email' => Session::get('user_email'),
+            'user_gravatar_image_url' => Session::get('user_gravatar_image_url'),
+            'user_avatar_file' => Session::get('user_avatar_file'),
+            'user_account_type' => Session::get('user_account_type')
+        ));
+    }
+
+    /**
+     * Show edit-my-username page
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
+     */
+    public function editUsername()
+    {
+        Auth::checkAuthentication();
+        $this->View->render('login/editUsername');
+    }
+
+    /**
+     * Edit user name (perform the real action after form has been submitted)
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action
+     */
+    public function editUsername_action()
+    {
+        Auth::checkAuthentication();
+
+        // check if csrf token is valid
+        if (!Csrf::isTokenValid()) {
+            self::logout();
+        }
+
+        UserModel::editUserName(Request::post('user_name'));
+        Redirect::to('login/index');
+    }
+
+    /**
+     * Show edit-my-user-email page
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
+     */
+    public function editUserEmail()
+    {
+        Auth::checkAuthentication();
+        $this->View->render('login/editUserEmail');
+    }
+
+    /**
+     * Edit user email (perform the real action after form has been submitted)
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
+     */
+    // make this POST
+    public function editUserEmail_action()
+    {
+        Auth::checkAuthentication();
+        UserModel::editUserEmail(Request::post('user_email'));
+        Redirect::to('login/editUserEmail');
+    }
+
+    /**
+     * Edit avatar
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
+     */
+    public function editAvatar()
+    {
+        Auth::checkAuthentication();
+        $this->View->render('login/editAvatar', array(
+            'avatar_file_path' => AvatarModel::getPublicUserAvatarFilePathByUserId(Session::get('user_id'))
+        ));
+    }
+
+    /**
+     * Perform the upload of the avatar
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
+     * POST-request
+     */
+    public function uploadAvatar_action()
+    {
+        Auth::checkAuthentication();
+        AvatarModel::createAvatar();
+        Redirect::to('login/editAvatar');
+    }
+
+    /**
+     * Delete the current user's avatar
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
+     */
+    public function deleteAvatar_action()
+    {
+        Auth::checkAuthentication();
+        AvatarModel::deleteAvatar(Session::get("user_id"));
+        Redirect::to('login/editAvatar');
+    }
+
+    /**
+     * Show the change-account-type page
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
+     */
+    public function changeUserRole()
+    {
+        Auth::checkAuthentication();
+        $this->View->render('login/changeUserRole');
+    }
+
+    /**
+     * Perform the account-type changing
+     * Auth::checkAuthentication() makes sure that only logged in users can use this action
+     * POST-request
+     */
+    public function changeUserRole_action()
+    {
+        Auth::checkAuthentication();
+
+        if (Request::post('user_account_upgrade')) {
+            // "2" is quick & dirty account type 2, something like "premium user" maybe. you got the idea :)
+            UserRoleModel::changeUserRole(2);
+        }
+
+        if (Request::post('user_account_downgrade')) {
+            // "1" is quick & dirty account type 1, something like "basic user" maybe.
+            UserRoleModel::changeUserRole(1);
+        }
+
+        Redirect::to('login/changeUserRole');
+    }
+
+    /**
+     * Password Change Page
+     * Show the password form if user is logged in, otherwise redirect to login page
+     */
+    public function changePassword()
+    {
+        Auth::checkAuthentication();
+        $this->View->render('login/changePassword');
+    }
+
+    /**
+     * Password Change Action
+     * Submit form, if retured positive redirect to index, otherwise show the changePassword page again
+     */
+    public function changePassword_action()
+    {
+        $result = PasswordResetModel::changePassword(
+            Session::get('user_name'), Request::post('user_password_current'),
+            Request::post('user_password_new'), Request::post('user_password_repeat')
+        );
+
+        if($result)
+            Redirect::to('login/index');
+        else
+            Redirect::to('login/changePassword');
+    }
+}

From 68e7b005b133e1e14f89b9cc74b1c2cb9f66979a Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 18:17:58 +0000
Subject: [PATCH 06/20] Rename view/register/register.php to index.php

---
 application/view/register/{register.php => index.php} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename application/view/register/{register.php => index.php} (100%)

diff --git a/application/view/register/register.php b/application/view/register/index.php
similarity index 100%
rename from application/view/register/register.php
rename to application/view/register/index.php

From 8d6c6b33a81556c46d04381da0075abadfcf0e7e Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 22:07:55 +0000
Subject: [PATCH 07/20] Changed View->render and Redirect::to()

---
 application/controller/LoginController.php    |  4 +--
 application/controller/RegisterController.php |  4 +--
 application/controller/UserController.php     | 26 +++++++++----------
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/application/controller/LoginController.php b/application/controller/LoginController.php
index 7dc0ad4d2..9c4302f54 100644
--- a/application/controller/LoginController.php
+++ b/application/controller/LoginController.php
@@ -46,12 +46,12 @@ public function login()
             Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie')
         );
 
-        // check login status: if true, then redirect user login/showProfile, if false, then to login form again
+        // check login status: if true, then redirect user user/index, if false, then to login form again
         if ($login_successful) {
             if (Request::post('redirect')) {
                 Redirect::to(ltrim(urldecode(Request::post('redirect')), '/'));
             } else {
-                Redirect::to('login/showProfile');
+                Redirect::to('user/index');
             }
         } else {
             Redirect::to('login/index');
diff --git a/application/controller/RegisterController.php b/application/controller/RegisterController.php
index a21207e47..32408973f 100644
--- a/application/controller/RegisterController.php
+++ b/application/controller/RegisterController.php
@@ -25,7 +25,7 @@ public function index()
         if (LoginModel::isUserLoggedIn()) {
             Redirect::home();
         } else {
-            $this->View->render('register/register');
+            $this->View->render('register/index');
         }
     }
 
@@ -40,7 +40,7 @@ public function register_action()
         if ($registration_successful) {
             Redirect::to('login/index');
         } else {
-            Redirect::to('register');
+            Redirect::to('register/index');
         }
     }
 
diff --git a/application/controller/UserController.php b/application/controller/UserController.php
index 739621041..bc905adcf 100644
--- a/application/controller/UserController.php
+++ b/application/controller/UserController.php
@@ -22,7 +22,7 @@ public function __construct()
     public function index()
     {
         Auth::checkAuthentication();
-        $this->View->render('login/showProfile', array(
+        $this->View->render('user/index', array(
             'user_name' => Session::get('user_name'),
             'user_email' => Session::get('user_email'),
             'user_gravatar_image_url' => Session::get('user_gravatar_image_url'),
@@ -38,7 +38,7 @@ public function index()
     public function editUsername()
     {
         Auth::checkAuthentication();
-        $this->View->render('login/editUsername');
+        $this->View->render('user/editUsername');
     }
 
     /**
@@ -55,7 +55,7 @@ public function editUsername_action()
         }
 
         UserModel::editUserName(Request::post('user_name'));
-        Redirect::to('login/index');
+        Redirect::to('user/editUsername');
     }
 
     /**
@@ -65,7 +65,7 @@ public function editUsername_action()
     public function editUserEmail()
     {
         Auth::checkAuthentication();
-        $this->View->render('login/editUserEmail');
+        $this->View->render('user/editUserEmail');
     }
 
     /**
@@ -77,7 +77,7 @@ public function editUserEmail_action()
     {
         Auth::checkAuthentication();
         UserModel::editUserEmail(Request::post('user_email'));
-        Redirect::to('login/editUserEmail');
+        Redirect::to('user/editUserEmail');
     }
 
     /**
@@ -87,7 +87,7 @@ public function editUserEmail_action()
     public function editAvatar()
     {
         Auth::checkAuthentication();
-        $this->View->render('login/editAvatar', array(
+        $this->View->render('user/editAvatar', array(
             'avatar_file_path' => AvatarModel::getPublicUserAvatarFilePathByUserId(Session::get('user_id'))
         ));
     }
@@ -101,7 +101,7 @@ public function uploadAvatar_action()
     {
         Auth::checkAuthentication();
         AvatarModel::createAvatar();
-        Redirect::to('login/editAvatar');
+        Redirect::to('user/editAvatar');
     }
 
     /**
@@ -112,7 +112,7 @@ public function deleteAvatar_action()
     {
         Auth::checkAuthentication();
         AvatarModel::deleteAvatar(Session::get("user_id"));
-        Redirect::to('login/editAvatar');
+        Redirect::to('user/editAvatar');
     }
 
     /**
@@ -122,7 +122,7 @@ public function deleteAvatar_action()
     public function changeUserRole()
     {
         Auth::checkAuthentication();
-        $this->View->render('login/changeUserRole');
+        $this->View->render('user/changeUserRole');
     }
 
     /**
@@ -144,7 +144,7 @@ public function changeUserRole_action()
             UserRoleModel::changeUserRole(1);
         }
 
-        Redirect::to('login/changeUserRole');
+        Redirect::to('user/changeUserRole');
     }
 
     /**
@@ -154,7 +154,7 @@ public function changeUserRole_action()
     public function changePassword()
     {
         Auth::checkAuthentication();
-        $this->View->render('login/changePassword');
+        $this->View->render('user/changePassword');
     }
 
     /**
@@ -169,8 +169,8 @@ public function changePassword_action()
         );
 
         if($result)
-            Redirect::to('login/index');
+            Redirect::to('user/index');
         else
-            Redirect::to('login/changePassword');
+            Redirect::to('user/changePassword');
     }
 }

From 3991e31e5127a714fe557f4efd97121c9521212a Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 22:17:19 +0000
Subject: [PATCH 08/20] Move view user action files to view/user directory

---
 application/view/{login => user}/changePassword.php | 0
 application/view/{login => user}/changeUserRole.php | 0
 application/view/{login => user}/editAvatar.php     | 0
 application/view/{login => user}/editUserEmail.php  | 0
 application/view/{login => user}/editUsername.php   | 0
 application/view/{login => user}/showProfile.php    | 0
 6 files changed, 0 insertions(+), 0 deletions(-)
 rename application/view/{login => user}/changePassword.php (100%)
 rename application/view/{login => user}/changeUserRole.php (100%)
 rename application/view/{login => user}/editAvatar.php (100%)
 rename application/view/{login => user}/editUserEmail.php (100%)
 rename application/view/{login => user}/editUsername.php (100%)
 rename application/view/{login => user}/showProfile.php (100%)

diff --git a/application/view/login/changePassword.php b/application/view/user/changePassword.php
similarity index 100%
rename from application/view/login/changePassword.php
rename to application/view/user/changePassword.php
diff --git a/application/view/login/changeUserRole.php b/application/view/user/changeUserRole.php
similarity index 100%
rename from application/view/login/changeUserRole.php
rename to application/view/user/changeUserRole.php
diff --git a/application/view/login/editAvatar.php b/application/view/user/editAvatar.php
similarity index 100%
rename from application/view/login/editAvatar.php
rename to application/view/user/editAvatar.php
diff --git a/application/view/login/editUserEmail.php b/application/view/user/editUserEmail.php
similarity index 100%
rename from application/view/login/editUserEmail.php
rename to application/view/user/editUserEmail.php
diff --git a/application/view/login/editUsername.php b/application/view/user/editUsername.php
similarity index 100%
rename from application/view/login/editUsername.php
rename to application/view/user/editUsername.php
diff --git a/application/view/login/showProfile.php b/application/view/user/showProfile.php
similarity index 100%
rename from application/view/login/showProfile.php
rename to application/view/user/showProfile.php

From 3683f0acd5f49a4f55e1884093477d001fcd40d1 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 22:34:05 +0000
Subject: [PATCH 09/20] Fixed logout if CSRF not valid

Logout action should be do in other way. Repeat this 3 lines every time
we need valid CSRF, will be confusing.
---
 application/controller/UserController.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/application/controller/UserController.php b/application/controller/UserController.php
index bc905adcf..5df1ab264 100644
--- a/application/controller/UserController.php
+++ b/application/controller/UserController.php
@@ -51,7 +51,9 @@ public function editUsername_action()
 
         // check if csrf token is valid
         if (!Csrf::isTokenValid()) {
-            self::logout();
+            LoginModel::logout();
+            Redirect::home();
+            exit();
         }
 
         UserModel::editUserName(Request::post('user_name'));

From 314e2452c51638bbf97cae1481bd38203bf958dd Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 22:43:14 +0000
Subject: [PATCH 10/20] Rename showProfile.php to index.php

---
 application/view/user/{showProfile.php => index.php} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename application/view/user/{showProfile.php => index.php} (100%)

diff --git a/application/view/user/showProfile.php b/application/view/user/index.php
similarity index 100%
rename from application/view/user/showProfile.php
rename to application/view/user/index.php

From 17cca668ab9260cd4aae7faedc5efd1c71d38d53 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 23:18:57 +0000
Subject: [PATCH 11/20] Fixed showCaptcha

---
 application/view/register/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/view/register/index.php b/application/view/register/index.php
index a9169c141..cdbde62c2 100644
--- a/application/view/register/index.php
+++ b/application/view/register/index.php
@@ -16,12 +16,12 @@
             <input type="password" name="user_password_repeat" pattern=".{6,}" required placeholder="Repeat your password" autocomplete="off" />
 
             <!-- show the captcha by calling the login/showCaptcha-method in the src attribute of the img tag -->
-            <img id="captcha" src="<?php echo Config::get('URL'); ?>login/showCaptcha" />
+            <img id="captcha" src="<?php echo Config::get('URL'); ?>register/showCaptcha" />
             <input type="text" name="captcha" placeholder="Please enter above characters" required />
 
             <!-- quick & dirty captcha reloader -->
             <a href="#" style="display: block; font-size: 11px; margin: 5px 0 15px 0; text-align: center"
-               onclick="document.getElementById('captcha').src = '<?php echo Config::get('URL'); ?>login/showCaptcha?' + Math.random(); return false">Reload Captcha</a>
+               onclick="document.getElementById('captcha').src = '<?php echo Config::get('URL'); ?>register/showCaptcha?' + Math.random(); return false">Reload Captcha</a>
 
             <input type="submit" value="Register" />
         </form>

From c084b995b94f1bed47a569f352c64986cd1f16d1 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 23:22:05 +0000
Subject: [PATCH 12/20] Changed form actions in user views

---
 application/view/user/changePassword.php | 4 ++--
 application/view/user/changeUserRole.php | 2 +-
 application/view/user/editAvatar.php     | 4 ++--
 application/view/user/editUserEmail.php  | 2 +-
 application/view/user/editUsername.php   | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/application/view/user/changePassword.php b/application/view/user/changePassword.php
index 3bc56033c..519d4500d 100644
--- a/application/view/user/changePassword.php
+++ b/application/view/user/changePassword.php
@@ -8,9 +8,9 @@
         <h2>Set new password</h2>
 
         <!-- new password form box -->
-        <form method="post" action="<?php echo Config::get('URL'); ?>login/changePassword_action" name="new_password_form">
+        <form method="post" action="<?php echo Config::get('URL'); ?>user/changePassword_action" name="new_password_form">
             <label for="change_input_password_current">Enter Current Password:</label>
-            <p><input id="change_input_password_current" class="reset_input" type='password' 
+            <p><input id="change_input_password_current" class="reset_input" type='password'
                    name='user_password_current' pattern=".{6,}" required autocomplete="off"  /></p>
             <label for="change_input_password_new">New password (min. 6 characters)</label>
             <p><input id="change_input_password_new" class="reset_input" type="password"
diff --git a/application/view/user/changeUserRole.php b/application/view/user/changeUserRole.php
index 2a0951c19..49c79020f 100644
--- a/application/view/user/changeUserRole.php
+++ b/application/view/user/changeUserRole.php
@@ -20,7 +20,7 @@
 
         <h2>Currently your account type is: <?php echo Session::get('user_account_type'); ?></h2>
         <!-- basic implementation for two account types: type 1 and type 2 -->
-	    <form action="<?php echo Config::get('URL'); ?>login/changeUserRole_action" method="post">
+	    <form action="<?php echo Config::get('URL'); ?>user/changeUserRole_action" method="post">
             <?php if (Session::get('user_account_type') == 1) { ?>
                 <input type="submit" name="user_account_upgrade" value="Upgrade my account (to Premium User)" />
 	        <?php } else if (Session::get('user_account_type') == 2) { ?>
diff --git a/application/view/user/editAvatar.php b/application/view/user/editAvatar.php
index f62f4e29a..66b17c813 100644
--- a/application/view/user/editAvatar.php
+++ b/application/view/user/editAvatar.php
@@ -12,7 +12,7 @@
             realize there's a new image as new and old one have the same filename.
         </div>
 
-        <form action="<?php echo Config::get('URL'); ?>login/uploadAvatar_action" method="post" enctype="multipart/form-data">
+        <form action="<?php echo Config::get('URL'); ?>user/uploadAvatar_action" method="post" enctype="multipart/form-data">
             <label for="avatar_file">Select an avatar image from your hard-disk (will be scaled to 44x44 px, only .jpg currently):</label>
             <input type="file" name="avatar_file" required />
             <!-- max size 5 MB (as many people directly upload high res pictures from their digital cameras) -->
@@ -23,6 +23,6 @@
 
     <div class="box">
         <h3>Delete your avatar</h3>
-        <p>Click this link to delete your (local) avatar: <a href="<?php echo Config::get('URL'); ?>login/deleteAvatar_action">Delete your avatar</a>
+        <p>Click this link to delete your (local) avatar: <a href="<?php echo Config::get('URL'); ?>user/deleteAvatar_action">Delete your avatar</a>
     </div>
 </div>
diff --git a/application/view/user/editUserEmail.php b/application/view/user/editUserEmail.php
index 7d1097f0f..6f2f48644 100644
--- a/application/view/user/editUserEmail.php
+++ b/application/view/user/editUserEmail.php
@@ -7,7 +7,7 @@
     <div class="box">
         <h2>Change your email address</h2>
 
-        <form action="<?php echo Config::get('URL'); ?>login/editUserEmail_action" method="post">
+        <form action="<?php echo Config::get('URL'); ?>user/editUserEmail_action" method="post">
             <label>
                 New email address: <input type="text" name="user_email" required />
             </label>
diff --git a/application/view/user/editUsername.php b/application/view/user/editUsername.php
index 91fedf880..975803a91 100644
--- a/application/view/user/editUsername.php
+++ b/application/view/user/editUsername.php
@@ -7,7 +7,7 @@
     <div class="box">
         <h2>Change your username</h2>
 
-        <form action="<?php echo Config::get('URL'); ?>login/editUserName_action" method="post">
+        <form action="<?php echo Config::get('URL'); ?>user/editUserName_action" method="post">
             <!-- btw http://stackoverflow.com/questions/774054/should-i-put-input-tag-inside-label-tag -->
             <label>
                 New username: <input type="text" name="user_name" required />

From 94f8473a2ef1232cf7a2e67fa96866764e2cbdf6 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 23:47:04 +0000
Subject: [PATCH 13/20] Change form action in register views

---
 application/view/register/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/view/register/index.php b/application/view/register/index.php
index cdbde62c2..406c08d88 100644
--- a/application/view/register/index.php
+++ b/application/view/register/index.php
@@ -8,7 +8,7 @@
         <h2>Register a new account</h2>
 
         <!-- register form -->
-        <form method="post" action="<?php echo Config::get('URL'); ?>login/register_action">
+        <form method="post" action="<?php echo Config::get('URL'); ?>register/register_action">
             <!-- the user name input field uses a HTML5 pattern check -->
             <input type="text" pattern="[a-zA-Z0-9]{2,64}" name="user_name" placeholder="Username (letters/numbers, 2-64 chars)" required />
             <input type="text" name="user_email" placeholder="email address (a real address)" required />

From fa2cc4cd3a8e624b6ad09da938451259a5a5ef88 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sun, 8 Nov 2015 23:47:36 +0000
Subject: [PATCH 14/20] Fixed links in right menu

---
 application/view/_templates/header.php | 28 +++++++++++++-------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/application/view/_templates/header.php b/application/view/_templates/header.php
index 476d54aea..67b9c3870 100644
--- a/application/view/_templates/header.php
+++ b/application/view/_templates/header.php
@@ -36,8 +36,8 @@
                 <li <?php if (View::checkForActiveControllerAndAction($filename, "login/index")) { echo ' class="active" '; } ?> >
                     <a href="<?php echo Config::get('URL'); ?>login/index">Login</a>
                 </li>
-                <li <?php if (View::checkForActiveControllerAndAction($filename, "login/register")) { echo ' class="active" '; } ?> >
-                    <a href="<?php echo Config::get('URL'); ?>login/register">Register</a>
+                <li <?php if (View::checkForActiveControllerAndAction($filename, "register/index")) { echo ' class="active" '; } ?> >
+                    <a href="<?php echo Config::get('URL'); ?>register/index">Register</a>
                 </li>
             <?php } ?>
         </ul>
@@ -45,23 +45,23 @@
         <!-- my account -->
         <ul class="navigation right">
         <?php if (Session::userIsLoggedIn()) : ?>
-            <li <?php if (View::checkForActiveController($filename, "login")) { echo ' class="active" '; } ?> >
-                <a href="<?php echo Config::get('URL'); ?>login/showprofile">My Account</a>
+            <li <?php if (View::checkForActiveController($filename, "user")) { echo ' class="active" '; } ?> >
+                <a href="<?php echo Config::get('URL'); ?>user/index">My Account</a>
                 <ul class="navigation-submenu">
-                    <li <?php if (View::checkForActiveController($filename, "login")) { echo ' class="active" '; } ?> >
-                        <a href="<?php echo Config::get('URL'); ?>login/changeUserRole">Change account type</a>
+                    <li <?php if (View::checkForActiveController($filename, "user")) { echo ' class="active" '; } ?> >
+                        <a href="<?php echo Config::get('URL'); ?>user/changeUserRole">Change account type</a>
                     </li>
-                    <li <?php if (View::checkForActiveController($filename, "login")) { echo ' class="active" '; } ?> >
-                        <a href="<?php echo Config::get('URL'); ?>login/editAvatar">Edit your avatar</a>
+                    <li <?php if (View::checkForActiveController($filename, "user")) { echo ' class="active" '; } ?> >
+                        <a href="<?php echo Config::get('URL'); ?>user/editAvatar">Edit your avatar</a>
                     </li>
-                    <li <?php if (View::checkForActiveController($filename, "login")) { echo ' class="active" '; } ?> >
-                        <a href="<?php echo Config::get('URL'); ?>login/editusername">Edit my username</a>
+                    <li <?php if (View::checkForActiveController($filename, "user")) { echo ' class="active" '; } ?> >
+                        <a href="<?php echo Config::get('URL'); ?>user/editusername">Edit my username</a>
                     </li>
-                    <li <?php if (View::checkForActiveController($filename, "login")) { echo ' class="active" '; } ?> >
-                        <a href="<?php echo Config::get('URL'); ?>login/edituseremail">Edit my email</a>
+                    <li <?php if (View::checkForActiveController($filename, "user")) { echo ' class="active" '; } ?> >
+                        <a href="<?php echo Config::get('URL'); ?>user/edituseremail">Edit my email</a>
                     </li>
-                    <li <?php if (View::checkForActiveController($filename, "login")) { echo ' class="active" '; } ?> >
-                        <a href="<?php echo Config::get('URL'); ?>login/changePassword">Change Password</a>
+                    <li <?php if (View::checkForActiveController($filename, "user")) { echo ' class="active" '; } ?> >
+                        <a href="<?php echo Config::get('URL'); ?>user/changePassword">Change Password</a>
                     </li>
                     <li <?php if (View::checkForActiveController($filename, "login")) { echo ' class="active" '; } ?> >
                         <a href="<?php echo Config::get('URL'); ?>login/logout">Logout</a>

From 8904ac28400e77789aff1aebf9602344f398b8b4 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Mon, 9 Nov 2015 21:21:07 +0000
Subject: [PATCH 15/20] Fixed typo

---
 application/controller/LoginController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/application/controller/LoginController.php b/application/controller/LoginController.php
index 9c4302f54..6bf70dd1d 100644
--- a/application/controller/LoginController.php
+++ b/application/controller/LoginController.php
@@ -46,7 +46,7 @@ public function login()
             Request::post('user_name'), Request::post('user_password'), Request::post('set_remember_me_cookie')
         );
 
-        // check login status: if true, then redirect user user/index, if false, then to login form again
+        // check login status: if true, then redirect user to user/index, if false, then to login form again
         if ($login_successful) {
             if (Request::post('redirect')) {
                 Redirect::to(ltrim(urldecode(Request::post('redirect')), '/'));

From 1c3faf9b72d5312b390afd951a480b3ee0043c36 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Mon, 9 Nov 2015 21:51:42 +0000
Subject: [PATCH 16/20] Move Auth::checkAuthentication() to constructor

All pages (user actions) in UserController are visible for logged-in
users
---
 application/controller/UserController.php | 31 ++++-------------------
 1 file changed, 5 insertions(+), 26 deletions(-)

diff --git a/application/controller/UserController.php b/application/controller/UserController.php
index 5df1ab264..0af7fb22d 100644
--- a/application/controller/UserController.php
+++ b/application/controller/UserController.php
@@ -7,21 +7,22 @@
 class UserController extends Controller
 {
     /**
-     * Construct this object by extending the basic Controller class. The parent::__construct thing is necessary to
-     * put checkAuthentication in here to make an entire controller only usable for logged-in users
+     * Construct this object by extending the basic Controller class.
      */
     public function __construct()
     {
         parent::__construct();
+
+        // VERY IMPORTANT: All controllers/areas that should only be usable by logged-in users
+        // need this line! Otherwise not-logged in users could do actions.
+        Auth::checkAuthentication();
     }
 
     /**
      * Show user's PRIVATE profile
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
      */
     public function index()
     {
-        Auth::checkAuthentication();
         $this->View->render('user/index', array(
             'user_name' => Session::get('user_name'),
             'user_email' => Session::get('user_email'),
@@ -33,22 +34,17 @@ public function index()
 
     /**
      * Show edit-my-username page
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
      */
     public function editUsername()
     {
-        Auth::checkAuthentication();
         $this->View->render('user/editUsername');
     }
 
     /**
      * Edit user name (perform the real action after form has been submitted)
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action
      */
     public function editUsername_action()
     {
-        Auth::checkAuthentication();
-
         // check if csrf token is valid
         if (!Csrf::isTokenValid()) {
             LoginModel::logout();
@@ -62,33 +58,27 @@ public function editUsername_action()
 
     /**
      * Show edit-my-user-email page
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
      */
     public function editUserEmail()
     {
-        Auth::checkAuthentication();
         $this->View->render('user/editUserEmail');
     }
 
     /**
      * Edit user email (perform the real action after form has been submitted)
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
      */
     // make this POST
     public function editUserEmail_action()
     {
-        Auth::checkAuthentication();
         UserModel::editUserEmail(Request::post('user_email'));
         Redirect::to('user/editUserEmail');
     }
 
     /**
      * Edit avatar
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
      */
     public function editAvatar()
     {
-        Auth::checkAuthentication();
         $this->View->render('user/editAvatar', array(
             'avatar_file_path' => AvatarModel::getPublicUserAvatarFilePathByUserId(Session::get('user_id'))
         ));
@@ -96,46 +86,37 @@ public function editAvatar()
 
     /**
      * Perform the upload of the avatar
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
      * POST-request
      */
     public function uploadAvatar_action()
     {
-        Auth::checkAuthentication();
         AvatarModel::createAvatar();
         Redirect::to('user/editAvatar');
     }
 
     /**
      * Delete the current user's avatar
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
      */
     public function deleteAvatar_action()
     {
-        Auth::checkAuthentication();
         AvatarModel::deleteAvatar(Session::get("user_id"));
         Redirect::to('user/editAvatar');
     }
 
     /**
      * Show the change-account-type page
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
      */
     public function changeUserRole()
     {
-        Auth::checkAuthentication();
         $this->View->render('user/changeUserRole');
     }
 
     /**
      * Perform the account-type changing
-     * Auth::checkAuthentication() makes sure that only logged in users can use this action
      * POST-request
      */
     public function changeUserRole_action()
     {
-        Auth::checkAuthentication();
-
         if (Request::post('user_account_upgrade')) {
             // "2" is quick & dirty account type 2, something like "premium user" maybe. you got the idea :)
             UserRoleModel::changeUserRole(2);
@@ -151,11 +132,9 @@ public function changeUserRole_action()
 
     /**
      * Password Change Page
-     * Show the password form if user is logged in, otherwise redirect to login page
      */
     public function changePassword()
     {
-        Auth::checkAuthentication();
         $this->View->render('user/changePassword');
     }
 

From 90d6f2bc5fd696e9ecc8ae8bfe08ef12d43f21ea Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Mon, 9 Nov 2015 22:05:01 +0000
Subject: [PATCH 17/20] Fixed register link

---
 application/view/login/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/view/login/index.php b/application/view/login/index.php
index 7099788ef..cbd724244 100644
--- a/application/view/login/index.php
+++ b/application/view/login/index.php
@@ -24,7 +24,7 @@
                     <?php if (!empty($this->redirect)) { ?>
                         <input type="hidden" name="redirect" value="<?php echo $this->redirect ?>" />
                     <?php } ?>
-					<!-- 
+					<!--
 						set CSRF token in login form, although sending fake login requests mightn't be interesting gap here.
 						If you want to get deeper, check these answers:
 							1. natevw's http://stackoverflow.com/questions/6412813/do-login-forms-need-tokens-against-csrf-attacks?rq=1
@@ -42,7 +42,7 @@
             <!-- register box on right side -->
             <div class="register-box">
                 <h2>No account yet ?</h2>
-                <a href="<?php echo Config::get('URL'); ?>login/register">Register</a>
+                <a href="<?php echo Config::get('URL'); ?>register/index">Register</a>
             </div>
 
         </div>

From cdde4ef0f6ea74eeb276f1d2683ef24c4fd5eafc Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sat, 21 Nov 2015 00:53:02 +0000
Subject: [PATCH 18/20] Fixed major and minor changes missed

Bugs found by @geozak see:
https://github.com/panique/huge/pull/747#issuecomment-158368144
---
 README.md                                 | 4 ++--
 application/config/config.development.php | 2 +-
 application/view/index/index.php          | 2 +-
 application/view/register/index.php       | 2 +-
 application/view/user/changePassword.php  | 2 +-
 application/view/user/changeUserRole.php  | 2 +-
 application/view/user/editUserEmail.php   | 2 +-
 application/view/user/editUsername.php    | 2 +-
 application/view/user/index.php           | 2 +-
 9 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index a82ae05f4..f5a017f44 100644
--- a/README.md
+++ b/README.md
@@ -360,7 +360,7 @@ have a value of `7` inside the database table field `user_account_type`. They ca
 (as this wouldn't make sense).
 
 2. Normal users don't have admin features for sure. But they can upgrade and downgrade their accounts (try it out via
-/login/changeUserRole), which is basically a super-simple implementation of the basic-user / premium-user concept. 
+/user/changeUserRole), which is basically a super-simple implementation of the basic-user / premium-user concept. 
 Normal users have a value of `1` or `2` inside the database table field `user_account_type`. By default all new 
 registered users are normal users with user role 1 for sure.
 
@@ -375,7 +375,7 @@ the application puts a "random string" inside the form (as a hidden input field)
 checks if the POST request contains exactly the form token that is inside the session.
   
 This CSRF prevention feature is currently implemented on the login form process (see *application/view/login/index.php*)
-and user name change form process (see *application/view/login/editUsername.php*), most other forms are not security-
+and user name change form process (see *application/view/user/editUsername.php*), most other forms are not security-
 critical and should stay as simple as possible.
 
 A big thanks to OmarElGabry for implementing this!
diff --git a/application/config/config.development.php b/application/config/config.development.php
index 4243d5d99..5e3de72c3 100644
--- a/application/config/config.development.php
+++ b/application/config/config.development.php
@@ -146,7 +146,7 @@
 	'EMAIL_PASSWORD_RESET_FROM_NAME' => 'My Project',
 	'EMAIL_PASSWORD_RESET_SUBJECT' => 'Password reset for PROJECT XY',
 	'EMAIL_PASSWORD_RESET_CONTENT' => 'Please click on this link to reset your password: ',
-	'EMAIL_VERIFICATION_URL' => 'login/verify',
+	'EMAIL_VERIFICATION_URL' => 'register/verify',
 	'EMAIL_VERIFICATION_FROM_EMAIL' => 'no-reply@example.com',
 	'EMAIL_VERIFICATION_FROM_NAME' => 'My Project',
 	'EMAIL_VERIFICATION_SUBJECT' => 'Account activation for PROJECT XY',
diff --git a/application/view/index/index.php b/application/view/index/index.php
index 30611711d..d7a819b47 100644
--- a/application/view/index/index.php
+++ b/application/view/index/index.php
@@ -7,7 +7,7 @@
 
         <h3>What happens here ?</h3>
         <p>
-            This is the homepage. As no real URL-route (like /login/register) is provided, the app uses the default
+            This is the homepage. As no real URL-route (like /register/index) is provided, the app uses the default
             controller and the default action, defined in application/config/config.php, by default it's
             IndexController and index()-method. So, the app will load application/controller/IndexController.php and
             run index() from that file. Easy. That index()-method (= the action) has just one line of code inside
diff --git a/application/view/register/index.php b/application/view/register/index.php
index 406c08d88..4994935ed 100644
--- a/application/view/register/index.php
+++ b/application/view/register/index.php
@@ -30,7 +30,7 @@
 <div class="container">
     <p style="display: block; font-size: 11px; color: #999;">
         Please note: This captcha will be generated when the img tag requests the captcha-generation
-        (= a real image) from YOURURL/login/showcaptcha. As this is a client-side triggered request, a
+        (= a real image) from YOURURL/register/showcaptcha. As this is a client-side triggered request, a
         $_SESSION["captcha"] dump will not show the captcha characters. The captcha generation
         happens AFTER the request that generates THIS page has been finished.
     </p>
diff --git a/application/view/user/changePassword.php b/application/view/user/changePassword.php
index 519d4500d..be1a037e1 100644
--- a/application/view/user/changePassword.php
+++ b/application/view/user/changePassword.php
@@ -1,5 +1,5 @@
 <div class="container">
-    <h1>LoginController/changePassword</h1>
+    <h1>UserController/changePassword</h1>
 
     <!-- echo out the system feedback (error and success messages) -->
     <?php $this->renderFeedbackMessages(); ?>
diff --git a/application/view/user/changeUserRole.php b/application/view/user/changeUserRole.php
index 49c79020f..c80713af4 100644
--- a/application/view/user/changeUserRole.php
+++ b/application/view/user/changeUserRole.php
@@ -1,5 +1,5 @@
 <div class="container">
-    <h1>LoginController/changeUserRole</h1>
+    <h1>UserController/changeUserRole</h1>
 
     <!-- echo out the system feedback (error and success messages) -->
     <?php $this->renderFeedbackMessages(); ?>
diff --git a/application/view/user/editUserEmail.php b/application/view/user/editUserEmail.php
index 6f2f48644..431336292 100644
--- a/application/view/user/editUserEmail.php
+++ b/application/view/user/editUserEmail.php
@@ -1,5 +1,5 @@
 <div class="container">
-    <h1>LoginController/editUserEmail</h1>
+    <h1>UserController/editUserEmail</h1>
 
     <!-- echo out the system feedback (error and success messages) -->
     <?php $this->renderFeedbackMessages(); ?>
diff --git a/application/view/user/editUsername.php b/application/view/user/editUsername.php
index 975803a91..e84d1c3ff 100644
--- a/application/view/user/editUsername.php
+++ b/application/view/user/editUsername.php
@@ -1,5 +1,5 @@
 <div class="container">
-    <h1>LoginController/editUsername</h1>
+    <h1>UserController/editUsername</h1>
 
     <!-- echo out the system feedback (error and success messages) -->
     <?php $this->renderFeedbackMessages(); ?>
diff --git a/application/view/user/index.php b/application/view/user/index.php
index eeadc667e..4a3d97074 100644
--- a/application/view/user/index.php
+++ b/application/view/user/index.php
@@ -1,5 +1,5 @@
 <div class="container">
-    <h1>LoginController/showProfile</h1>
+    <h1>UserController/showProfile</h1>
 
     <div class="box">
         <h2>Your profile</h2>

From 851d594258d827510529a3e1e4bd4ba3e4660ac9 Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sat, 21 Nov 2015 01:21:50 +0000
Subject: [PATCH 19/20] Improved logout

As pointed in the very first comment in
https://github.com/panique/huge/blob/develop/application/core/Csrf.php
---
 application/controller/UserController.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/application/controller/UserController.php b/application/controller/UserController.php
index 0af7fb22d..7119b76ba 100644
--- a/application/controller/UserController.php
+++ b/application/controller/UserController.php
@@ -47,9 +47,7 @@ public function editUsername_action()
     {
         // check if csrf token is valid
         if (!Csrf::isTokenValid()) {
-            LoginModel::logout();
-            Redirect::home();
-            exit();
+            Login::logout();
         }
 
         UserModel::editUserName(Request::post('user_name'));

From 9141b70e14a44f067414d79d19879380d4b9f4fb Mon Sep 17 00:00:00 2001
From: slaveek <slarush@gmail.com>
Date: Sat, 21 Nov 2015 13:34:26 +0000
Subject: [PATCH 20/20] Revert "Improved logout"

This reverts commit 851d594258d827510529a3e1e4bd4ba3e4660ac9.
---
 application/controller/UserController.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/application/controller/UserController.php b/application/controller/UserController.php
index 7119b76ba..0af7fb22d 100644
--- a/application/controller/UserController.php
+++ b/application/controller/UserController.php
@@ -47,7 +47,9 @@ public function editUsername_action()
     {
         // check if csrf token is valid
         if (!Csrf::isTokenValid()) {
-            Login::logout();
+            LoginModel::logout();
+            Redirect::home();
+            exit();
         }
 
         UserModel::editUserName(Request::post('user_name'));