public function getLoginCallbackFromJs()
{
$this->app->log->debug(get_class($this) . '->getLoginCallbackFromJs()');
$login_successful = false;
if (Session::getDecoded(Session::FACEBOOK_ACCESS_TOKEN)) {
$login_successful = FacebookModel::loginWithAccesstoken();
} else {
$login_successful = FacebookModel::loginFromJs();
}
$this->redirectAfterLogin($login_successful);
}
/**
* Create an avatar picture (and checks all necessary things too)
* TODO decouple
* TODO total rebuild
*/
public static function createAvatar()
{
// check avatar folder writing rights, check if upload fits all rules
if (self::isAvatarFolderWritable() and self::validateImageFile()) {
// create a jpg file in the avatar folder, write marker to database
$user_name = Session::get(Session::SESSION_USER_NAME);
$target_file_path = Config::get('avatar.path') . $this->getIdForImage($user_name);
self::resizeAvatarImage($_FILES['avatar_file']['tmp_name'], $target_file_path, Config::get('avatar.size'), Config::get('avatar.size'));
self::writeAvatarToDatabase(Session::getDecoded(Session::SESSION_USER_NAME));
Session::set(Session::SESSION_USER_AVATAR_FILE, self::getPublicUserAvatarFilePathByUserName(Session::get(Session::SESSION_USER_NAME)));
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_AVATAR_UPLOAD_SUCCESSFUL'));
}
}
/**
* checks for session concurrency
*
* This is done as the following:
* UserA logs in with his session id('123') and it will be stored in the database.
* Then, UserB logs in also using the same email and password of UserA from another PC,
* and also store the session id('456') in the database
*
* Now, Whenever UserA performs any action,
* You then check the session_id() against the last one stored in the database('456'),
* If they don't match then log both of them out.
*
* @access public
* @static static method
* @return bool
* @see Session::updateSessionId()
* @see http://stackoverflow.com/questions/6126285/php-stop-concurrent-user-logins
*/
public static function isConcurrentSessionExists()
{
$b = false;
if (session_status() === PHP_SESSION_ACTIVE) {
$session_id = session_id();
$userName = Session::getDecoded(Session::SESSION_USER_NAME);
// \Slim\Slim::getInstance()->log->debug("\$session_id : " . $session_id);
// \Slim\Slim::getInstance()->log->debug("\$userName : "******"SELECT u FROM " . UserModel::TABLE_NAME . " u WHERE u.username = '******'";
$result = DbResource::getEntityManager()->createQuery($dql)->getResult();
// return one row (we only have one result or nothing)
$user = array_shift($result);
if ($user) {
//if(!empty($result)){ // Questo statement è un bug nel codice originale di PANIQUE (lasciare qui il commento)
$userSessionId = $user->getSessionid();
}
// \Slim\Slim::getInstance()->log->debug("\$userSessionId : " . $userSessionId);
if ($userSessionId && $session_id !== $userSessionId) {
$b = true;
}
}
}
// \Slim\Slim::getInstance()->log->debug("isConcurrentSessionExists: " . $b);
return $b;
}
/**
* Log out process: delete cookie, delete session
*/
public static function logout()
{
$user_name = Session::getDecoded(Session::SESSION_USER_NAME);
$user_provider = Session::get(Session::SESSION_USER_PROVIDER_TYPE);
if ($user_provider == UserModel::PROVIDER_TYPE_FB) {
// Facebook
// Session::set(Session::FACEBOOK_ID, null);
// Session::set(Session::FACEBOOK_ACCESS_TOKEN, null);
// Session::set(Session::FACEBOOK_DISPLAY_NAME, null);
// Session::set(Session::FACEBOOK_PICTURE, null);
} else {
if ($user_provider == UserModel::PROVIDER_TYPE_GO) {
// Session::set(Session::GOOGLE_ID, null);
// Session::set(Session::GOOGLE_BEARER_TOKEN, null);
// Session::set(Session::GOOGLE_DISPLAY_NAME, null);
// Session::set(Session::GOOGLE_PICTURE, null);
} else {
self::deleteCookie($user_name);
// solo per provider 'DEFAULT'
}
}
Session::destroy();
Session::updateSessionId($user_name, null);
// if(false){ // Il seguente blocco è inutile (vedi statement successivi)
// Session::set(Session::SESSION_FEEDBACK_NEGATIVE, null);
// Session::set(Session::SESSION_FEEDBACK_POSITIVE, null);
// Session::set(Session::SESSION_USER_NAME, null);
// Session::set(Session::SESSION_USER_EMAIL, null);
// Session::set(Session::SESSION_USER_ACCOUNT_TYPE, null);
// Session::set(Session::SESSION_USER_PROVIDER_TYPE, null);
// Session::set(Session::SESSION_USER_AVATAR_FILE, null);
// Session::set(Session::SESSION_USER_GRAVATAR_IMAGE_URL, null);
// Session::set(Session::SESSION_USER_LOGGED_IN, null);
// }
return true;
}
public static function loginWithAccessToken()
{
$access_token_string = Session::getDecoded(Session::FACEBOOK_ACCESS_TOKEN);
$accessToken = new AccessToken($access_token_string);
return self::loginWithAccessToken2($accessToken);
}
/**
* Edit the user's email
*
* @param $new_user_email
*
* @return bool success status
*/
public static function editUserEmail($new_user_email)
{
// email provided ?
if (empty($new_user_email)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_FIELD_EMPTY'));
return false;
}
// check if new email is same like the old one
if ($new_user_email == Session::getDecoded(Session::SESSION_USER_EMAIL)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE'));
return false;
}
// user's email must be in valid email format, also checks the length
// @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length
// @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address
if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN'));
return false;
}
// strip tags, just to be sure
$new_user_email = substr(strip_tags($new_user_email), 0, 254);
// check if user's email already exists
if (self::doesEmailAlreadyExist($new_user_email)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
return false;
}
// write to database, if successful ...
// ... then write new email to session, Gravatar too (as this relies to the user's email address)
if (self::saveNewEmailAddress(Session::getDecoded(Session::SESSION_USER_NAME), $new_user_email)) {
Session::set(Session::SESSION_USER_EMAIL, $new_user_email);
Session::set(Session::SESSION_USER_GRAVATAR_IMAGE_URL, AvatarModel::getGravatarLinkByEmail($new_user_email));
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL'));
return true;
}
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_UNKNOWN_ERROR'));
return false;
}
