Beispiel #1
0
 /**
  * Kicks the selected user out of the system instantly by resetting the user's session.
  * This means, the user will be "logged out".
  *
  * @param $userId
  * @return bool
  */
 private static function resetUserSession($userId)
 {
     $database = DatabaseFactory::getFactory()->getConnection();
     $query = $database->prepare("UPDATE users SET session_id = :session_id  WHERE user_id = :user_id LIMIT 1");
     $query->execute(array(':session_id' => null, ':user_id' => $userId));
     if ($query->rowCount() == 1) {
         Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_USER_SUCCESSFULLY_KICKED'));
         return true;
     }
 }
 /**
  * Writes the new account type marker to the database and to the session
  *
  * @param $type
  *
  * @return bool
  */
 public static function saveRoleToDatabase($type)
 {
     // if $type is not 1 or 2
     if (!in_array($type, [1, 2])) {
         return false;
     }
     $database = DatabaseFactory::getFactory()->getConnection();
     $query = $database->prepare("UPDATE users SET user_account_type = :new_type WHERE user_id = :user_id LIMIT 1");
     $query->execute(array(':new_type' => $type, ':user_id' => Session::get('user_id')));
     if ($query->rowCount() == 1) {
         // set account type in session
         Session::set('user_account_type', $type);
         return true;
     }
     return false;
 }
Beispiel #3
0
 /**
  * Delete a user's avatar
  *
  * @param int $userId
  * @return bool success
  */
 public static function deleteAvatar($userId)
 {
     if (!ctype_digit($userId)) {
         Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
         return false;
     }
     // try to delete image, but still go on regardless of file deletion result
     self::deleteAvatarImageFile($userId);
     $database = DatabaseFactory::getFactory()->getConnection();
     $sth = $database->prepare("UPDATE users SET user_has_avatar = 0 WHERE user_id = :user_id LIMIT 1");
     $sth->bindValue(":user_id", (int) $userId, \PDO::PARAM_INT);
     $sth->execute();
     if ($sth->rowCount() == 1) {
         Session::set('user_avatar_file', self::getPublicUserAvatarFilePathByUserId($userId));
         Session::add("feedback_positive", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_SUCCESSFUL"));
         return true;
     } else {
         Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
         return false;
     }
 }
Beispiel #4
0
 /**
  * Deletes the cookie
  * It's necessary to split deleteCookie() and logout() as cookies are deleted without logging out too!
  * Sets the remember-me-cookie to ten years ago (3600sec * 24 hours * 365 days * 10).
  * that's obviously the best practice to kill a cookie @see http://stackoverflow.com/a/686166/1114320
  *
  * @param string $user_id
  */
 public static function deleteCookie($user_id = null)
 {
     // is $user_id was set, then clear remember_me token in database
     if (isset($user_id)) {
         $database = DatabaseFactory::getFactory()->getConnection();
         $sql = "UPDATE users SET user_remember_me_token = :user_remember_me_token WHERE user_id = :user_id LIMIT 1";
         $sth = $database->prepare($sql);
         $sth->execute(array(':user_remember_me_token' => NULL, ':user_id' => $user_id));
     }
     // delete remember_me cookie in browser
     setcookie('remember_me', false, time() - 3600 * 24 * 3650, Config::get('COOKIE_PATH'), Config::get('COOKIE_DOMAIN'), Config::get('COOKIE_SECURE'), Config::get('COOKIE_HTTP'));
 }
Beispiel #5
0
 /**
  * Delete a specific note
  * @param int $note_id id of the note
  * @return bool feedback (was the note deleted properly ?)
  */
 public static function deleteNote($note_id)
 {
     if (!$note_id) {
         return false;
     }
     $database = DatabaseFactory::getFactory()->getConnection();
     $sql = "DELETE FROM notes WHERE note_id = :note_id AND user_id = :user_id LIMIT 1";
     $query = $database->prepare($sql);
     $query->execute(array(':note_id' => $note_id, ':user_id' => Session::get('user_id')));
     if ($query->rowCount() == 1) {
         return true;
     }
     // default return
     Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_DELETION_FAILED'));
     return false;
 }
Beispiel #6
0
 /**
  * Gets the user's data by user's id and a token (used by login-via-cookie process)
  *
  * @param $user_id
  * @param $token
  *
  * @return mixed Returns false if user does not exist, returns object with user's data when user exists
  */
 public static function getUserDataByUserIdAndToken($user_id, $token)
 {
     $database = DatabaseFactory::getFactory()->getConnection();
     // get real token from database (and all other data)
     $query = $database->prepare("SELECT user_id, user_name, user_email, user_password_hash, user_active,\n                                          user_account_type,  user_has_avatar, user_failed_logins, user_last_failed_login\n                                     FROM users\n                                     WHERE user_id = :user_id\n                                       AND user_remember_me_token = :user_remember_me_token\n                                       AND user_remember_me_token IS NOT NULL\n                                       AND user_provider_type = :provider_type LIMIT 1");
     $query->execute(array(':user_id' => $user_id, ':user_remember_me_token' => $token, ':provider_type' => 'DEFAULT'));
     // return one row (we only have one result or nothing)
     return $query->fetch();
 }
 /**
  * Validates current and new passwords
  *
  * @param string $user_name
  * @param string $user_password_current
  * @param string $user_password_new
  * @param string $user_password_repeat
  *
  * @return bool
  */
 public static function validatePasswordChange($user_name, $user_password_current, $user_password_new, $user_password_repeat)
 {
     $database = DatabaseFactory::getFactory()->getConnection();
     $sql = "SELECT user_password_hash, user_failed_logins FROM users WHERE user_name = :user_name LIMIT 1;";
     $query = $database->prepare($sql);
     $query->execute(array(':user_name' => $user_name));
     $user = $query->fetch();
     if ($query->rowCount() == 1) {
         $user_password_hash = $user->user_password_hash;
     } else {
         Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST'));
         return false;
     }
     if (!password_verify($user_password_current, $user_password_hash)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_CURRENT_INCORRECT'));
         return false;
     } else {
         if (empty($user_password_new) || empty($user_password_repeat)) {
             Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY'));
             return false;
         } else {
             if ($user_password_new !== $user_password_repeat) {
                 Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG'));
                 return false;
             } else {
                 if (strlen($user_password_new) < 6) {
                     Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
                     return false;
                 } else {
                     if ($user_password_current == $user_password_new) {
                         Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_NEW_SAME_AS_CURRENT'));
                         return false;
                     }
                 }
             }
         }
     }
     return true;
 }
 /**
  * checks the email/verification code combination and set the user's activation status to true in the database
  *
  * @param int $user_id user id
  * @param string $user_activation_verification_code verification token
  *
  * @return bool success status
  */
 public static function verifyNewUser($user_id, $user_activation_verification_code)
 {
     $database = DatabaseFactory::getFactory()->getConnection();
     $sql = "UPDATE users SET user_active = 1, user_activation_hash = NULL\n                WHERE user_id = :user_id AND user_activation_hash = :user_activation_hash LIMIT 1";
     $query = $database->prepare($sql);
     $query->execute(array(':user_id' => $user_id, ':user_activation_hash' => $user_activation_verification_code));
     if ($query->rowCount() == 1) {
         Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL'));
         return true;
     }
     Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED'));
     return false;
 }