Beispiel #1
0
 public static function isApiKeyAvailable($api_key)
 {
     $b = false;
     $sql = "SELECT u ";
     $sql .= "FROM " . self::TABLE_NAME . " u ";
     $sql .= "WHERE u.apikey = '{$api_key}'";
     $result = DbResource::getEntityManager()->createQuery($sql)->getOneOrNullResult();
     if ($result === null) {
         $b = true;
     }
     return $b;
 }
Beispiel #2
0
 /**
  * checks for session concurrency
  *
  * This is done as the following:
  * UserA logs in with his session id('123') and it will be stored in the database.
  * Then, UserB logs in also using the same email and password of UserA from another PC,
  * and also store the session id('456') in the database
  *
  * Now, Whenever UserA performs any action,
  * You then check the session_id() against the last one stored in the database('456'),
  * If they don't match then log both of them out.
  *
  * @access public
  * @static static method
  * @return bool
  * @see Session::updateSessionId()
  * @see http://stackoverflow.com/questions/6126285/php-stop-concurrent-user-logins
  */
 public static function isConcurrentSessionExists()
 {
     $b = false;
     if (session_status() === PHP_SESSION_ACTIVE) {
         $session_id = session_id();
         $userName = Session::getDecoded(Session::SESSION_USER_NAME);
         // \Slim\Slim::getInstance()->log->debug("\$session_id : " . $session_id);
         // \Slim\Slim::getInstance()->log->debug("\$userName : "******"SELECT u FROM " . UserModel::TABLE_NAME . " u WHERE u.username = '******'";
             $result = DbResource::getEntityManager()->createQuery($dql)->getResult();
             // return one row (we only have one result or nothing)
             $user = array_shift($result);
             if ($user) {
                 //if(!empty($result)){ // Questo statement è un bug nel codice originale di PANIQUE (lasciare qui il commento)
                 $userSessionId = $user->getSessionid();
             }
             // \Slim\Slim::getInstance()->log->debug("\$userSessionId : " . $userSessionId);
             if ($userSessionId && $session_id !== $userSessionId) {
                 $b = true;
             }
         }
     }
     // \Slim\Slim::getInstance()->log->debug("isConcurrentSessionExists: " . $b);
     return $b;
 }
Beispiel #3
0
 /**
  * checks the email/verification code combination and set the user's activation status to true in the database
  *
  * @param string $user_name
  * @param string $ua_verification_code verification token
  *
  * @return bool success status
  */
 public static function verifyNewUser($user_name, $ua_verification_code)
 {
     $dql = "UPDATE " . User::TABLE_NAME . " u SET u.active = 1, u.activationhash = NULL WHERE u.username = '******' AND u.activationhash = '" . $ua_verification_code . "'";
     $numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
     if ($numUpdated == 1) {
         Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL'));
         return true;
     }
     Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED'));
     return false;
 }
Beispiel #4
0
 /**
  * Deletes the cookie
  * It's necessary to split deleteCookie() and logout() as cookies are deleted without logging out too!
  * Sets the remember-me-cookie to ten years ago (3600sec * 24 hours * 365 days * 10).
  * that's obviously the best practice to kill a cookie @see http://stackoverflow.com/a/686166/1114320
  */
 public static function deleteCookie($user_name = null)
 {
     // is $user_name was set, then clear remember_me token in database
     if ($user_name) {
         $user_name = Filter::html_entity_invert($user_name);
         $user = UserModel::getByUsername($user_name);
         $user->setRemembermetoken(NULL);
         $em = DbResource::getEntityManager();
         $em->persist($user);
         $em->flush();
     }
     // delete remember_me cookie in browser
     setcookie(self::COOKIE_REMEMBER_ME, false, time() - 3600 * 24 * 3650, Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http'));
 }
Beispiel #5
0
 public static function writeNewFbUserToDatabase($fb_graph_user, $accessToken)
 {
     if ($fb_graph_user) {
         $fb_id = $fb_graph_user->getId();
         $email = $fb_graph_user->getEmail();
         $display = $fb_graph_user->getName();
         $first_name = $fb_graph_user->getFirstName();
         $middle_name = $fb_graph_user->getMiddleName();
         $last_name = $fb_graph_user->getLastName();
         $pic_url = $fb_graph_user->getPicture()->getUrl();
         $now = new \DateTime();
         $now->setTimestamp(time());
         $ip = IubarFattureApp::getInstance()->request->getIp();
         $fbUser = new Userexternal();
         $fbUser->setId($fb_id);
         $fbUser->setDisplay($display);
         $fbUser->setEmail($email);
         $fbUser->setFirstName($first_name);
         $fbUser->setMiddleName($middle_name);
         $fbUser->setLastName($last_name);
         $fbUser->setPictureUrl($pic_url);
         $fbUser->setCreationtime($now);
         $fbUser->setCreationip($ip);
         $fbUser->setAccesstoken($accessToken);
         // TODO: insieme ad accessToken devo
         // $fbUser->setAccesstokenexpireat()
         // $fbUser->setAccesstokenscope()
         $fbUser->setProvidertype(UserModel::PROVIDER_TYPE_FB);
         try {
             $em = DbResource::getEntityManager();
             $em->persist($fbUser);
             $em->flush();
             return true;
         } catch (Exception $e) {
             return false;
         }
     }
 }
Beispiel #6
0
 /**
  * Writes new email address to database
  *
  * @param $user_name string
  * @param $new_user_email string new email address
  *
  * @return bool
  */
 public static function saveNewEmailAddress($user_name, $new_user_email)
 {
     $dql = "UPDATE " . self::TABLE_NAME . " u SET u.email = '" . $new_user_email . "' WHERE u.username = '******'";
     $numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
     if ($numUpdated == 1) {
         return true;
     }
     return false;
 }
Beispiel #7
0
 /**
  * Delete a user's avatar
  *
  * @param int $userName
  * @return bool success
  */
 public static function deleteAvatar($userName)
 {
     if (!$userName) {
         //TODO: aggiungere altri eventuali controlli
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
         return false;
     }
     // try to delete image, but still go on regardless of file deletion result
     self::deleteAvatarImageFile($userName);
     $dql = "UPDATE " . UserModel::TABLE_NAME . " u SET u.hasavatar = 0 WHERE u.username = '******'";
     $numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
     if ($numUpdated == 1) {
         Session::set(Session::SESSION_USER_AVATAR_FILE, self::getPublicUserAvatarFilePathByUserName($userName));
         Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_SUCCESSFUL"));
         return true;
     } else {
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
         return false;
     }
 }
Beispiel #8
0
 /**
  * Writes the new password to the database
  *
  * @param string $user_name
  * @param string $user_password_hash
  *
  * @return bool
  */
 public static function saveChangedPassword($user_name, $user_password_hash)
 {
     $dql = "UPDATE " . UserModel::TABLE_NAME . " u SET";
     $dql .= " u.pwdhash = '" . $user_password_hash . "'";
     $dql .= " WHERE u.username = '******'";
     $dql .= " AND u.providertype = '" . UserModel::PROVIDER_TYPE_DEFAULT . "'";
     $numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
     // if one result exists, return true, else false. Could be written even shorter btw.
     return $numUpdated == 1 ? true : false;
 }