/**
* Once a user has been validated, do everything needed to sign them in
* @param $user User
* @param bool $enable_auto_sign_in
* @return SignInResult
*/
public function SignInValidUser(User $user, $enable_auto_sign_in)
{
# Bail out if user account not activated
# (if there's no role it's because I've tried to activate the account by flipping
# the activation field, but I haven't added the account to the "Signed in user" role)
if (!$user->GetAccountActivated()) {
return SignInResult::NotActivated();
}
# bail out if user account has been disabled
if ($user->GetAccountDisabled()) {
if ($this->auto_sign_in instanceof IAutoSignIn) {
$this->SaveAutoSignIn($user->GetId(), false);
}
return SignInResult::AccountDisabled();
}
# Elevation of privilege, so regenerate session id to guard against session fixation attack
if (!headers_sent()) {
session_regenerate_id(false);
}
$this->SaveToSession($user);
$this->LoadUserPermissions();
$this->Lock(array("nsa_user"));
# update stats in db...
$sql = 'UPDATE nsa_user SET ' . 'sign_in_count = sign_in_count+1, ' . 'last_signed_in = ' . gmdate('U') . ' ' . 'WHERE user_id = ' . $user->GetId();
$this->GetDataConnection()->query($sql);
$this->Unlock();
# process remember me option
if ($this->auto_sign_in instanceof IAutoSignIn) {
$this->auto_sign_in->SaveAutoSignIn($user->GetId(), $enable_auto_sign_in);
}
return SignInResult::Success();
}
