/**
  * Verify user after activation mail link opened
  * @param string $ua_verification_code user's activation verification token
  */
 public function getVerify($ua_verification_code)
 {
     $this->app->log->debug(get_class($this) . '->getVerify()');
     $user_name = Encryption::decrypt($this->app->request->get("user_name"));
     if (isset($user_name) && isset($ua_verification_code)) {
         $success = RegistrationModel::verifyNewUser($user_name, $ua_verification_code);
         if ($success) {
             // TODO: valutare se inviare mail di benvenuto all'utente
         }
         $this->app->render($this->app->config('app.templates.path') . '/login/verify.twig', array('feedback_positive' => $this->getFeedbackPositiveMessages(), 'feedback_negative' => $this->getFeedbackNegativeMessages()));
     } else {
         $this->app->redirect($this->app->config('app.baseurl') . '/login');
     }
 }
Beispiel #2
0
 /**
  * Sends the verification email (to confirm the account).
  * The construction of the mail $body looks weird at first, but it's really just a simple string.
  *
  * @param string $user_name
  * @param string $user_email user's email
  * @param string $user_activation_hash user's mail verification hash string
  *
  * @return boolean gives back true if mail has been sent, gives back false if no mail could been sent
  */
 private static function sendVerificationEmail($user_name, $user_email, $user_activation_hash)
 {
     $app = \Slim\Slim::getInstance();
     $url = $app->config('app.baseurl') . '/' . Config::get('email.verification.url') . '/' . urlencode($user_activation_hash) . "?user_name=" . urlencode(Encryption::encrypt($user_name));
     $subject = Config::get('email.verification.subject');
     $body = Config::get('email.verification.content') . ' <a href="' . $url . '">' . $url . '</a>';
     $mail = new \Iubar\Login\Core\EmailSender();
     $mail->setTo($user_email);
     $mail->setSubject($subject);
     $mail->setBodyHtml($body);
     $mail_sent = $mail->go(true);
     if ($mail_sent) {
         Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_SUCCESSFUL'));
         return true;
     } else {
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_ERROR'));
         return false;
     }
 }
Beispiel #3
0
 /**
  * Write remember-me token into database and into cookie
  * Maybe splitting this into database and cookie part ?
  *
  * @param $user_name string
  */
 public static function setRememberMeInDatabaseAndCookie($user_name)
 {
     $user = UserModel::getByUsername($user_name);
     // generate 64 char random string
     $random_token_string = hash('sha256', mt_rand());
     // write that token into database
     $user->setRemembermetoken($random_token_string);
     $em = DbResource::getEntityManager();
     $em->persist($user);
     $em->flush();
     // generate cookie string that consists of user id, random string and combined hash of both
     // never expose the original user id, instead, encrypt it.
     $cookie_string_first_part = Encryption::encrypt($user_name) . ':' . $random_token_string;
     $cookie_string_hash = hash('sha256', $user_name . ':' . $random_token_string);
     $cookie_string = $cookie_string_first_part . ':' . $cookie_string_hash;
     // set cookie, and make it available only for the domain created on (to avoid XSS attacks, where the
     // attacker could steal your remember-me cookie string and would login itself).
     // If you are using HTTPS, then you should set the "secure" flag (the second one from right) to true, too.
     // @see http://www.php.net/manual/en/function.setcookie.php
     setcookie(self::COOKIE_REMEMBER_ME, $cookie_string, time() + Config::get('cookie.runtime'), Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http'));
 }
Beispiel #4
0
 /**
  * Send the password reset mail
  *
  * @param string $user_name username
  * @param string $user_password_reset_hash password reset hash
  * @param string $user_email user email
  *
  * @return bool success status
  */
 public static function sendPasswordResetMail($user_name, $user_password_reset_hash, $user_email)
 {
     // create email body
     $app = \Slim\Slim::getInstance();
     $url = $app->config('app.baseurl') . '/' . Config::get('email.pwdreset.url') . '/' . urlencode($user_password_reset_hash) . "?user_name=" . urlencode(Encryption::encrypt($user_name));
     $subject = Config::get('email.pwdreset.subject');
     $body = Config::get('email.pwdreset.content') . ' <a href="' . $url . '">' . $url . '</a>';
     // create instance of EmailSender class, try sending and check
     $mail = new \Application\Core\EmailSender();
     $mail->setTo($user_email);
     $mail->setSubject($subject);
     $mail->setBodyHtml($body);
     $mail_sent = $mail->go(true);
     if ($mail_sent) {
         Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_PASSWORD_RESET_MAIL_SENDING_SUCCESSFUL'));
         return true;
     }
     Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_RESET_MAIL_SENDING_ERROR'));
     return false;
 }
Beispiel #5
0
 /**
  * Verify the verification token of that user (to show the user the password editing view or not)
  * @param string $user_name username
  * @param string $verification_code password reset verification token
  */
 public function getVerifyPasswordReset($verification_code)
 {
     $this->app->log->debug(get_class($this) . '->getVerifyPasswordReset()');
     // check if this the provided verification code fits the user's verification code
     $user_name = Encryption::decrypt($this->app->request->get("user_name"));
     if (PasswordResetModel::verifyPasswordReset($user_name, $verification_code)) {
         $this->app->render($this->app->config('app.templates.path') . '/login/password-reset.twig', array('user_name' => $user_name, 'user_password_reset_hash' => $verification_code, 'feedback_positive' => $this->getFeedbackPositiveMessages(), 'feedback_negative' => $this->getFeedbackNegativeMessages()));
     } else {
         $this->redirectToLogin();
     }
 }