/**
* DEPRECATED This should only be called once, to load into $app['currentUser']. So $USER_CURRENT & $USER_CURRENT_LOADED shouldn't be needed.
* At some point in future, remove this function and put the logic into code that just writes to $app['currentUser'] only.
*
* @return UserAccountModel|null
*/
function userGetCurrent()
{
global $USER_CURRENT, $USER_CURRENT_LOADED, $WEBSESSION;
if (!$USER_CURRENT_LOADED) {
if ($WEBSESSION->has('userID') && $WEBSESSION->get('userID') > 0) {
$uar = new UserAccountRepository();
$USER_CURRENT = $uar->loadByID($WEBSESSION->get('userID'));
if ($USER_CURRENT && $USER_CURRENT->getIsClosedBySysAdmin()) {
$USER_CURRENT = null;
}
} else {
if (isset($_COOKIE['userID']) && isset($_COOKIE['userKey'])) {
$uarmr = new UserAccountRememberMeRepository();
$uarm = $uarmr->loadByUserAccountIDAndAccessKey($_COOKIE['userID'], $_COOKIE['userKey']);
if ($uarm) {
$uar = new UserAccountRepository();
$USER_CURRENT = $uar->loadByID($uarm->getUserAccountId());
if ($USER_CURRENT && $USER_CURRENT->getIsClosedBySysAdmin()) {
$USER_CURRENT = null;
}
if ($USER_CURRENT) {
userLogIn($USER_CURRENT);
}
}
}
}
$USER_CURRENT_LOADED = true;
}
return $USER_CURRENT;
}
<?php
// resume or start a new session
session_start();
//Check for login form data
if (isset($_POST['username'])) {
include 'functions/log_in_function.php';
userLogIn();
}
$page_title = "Log In";
include 'header.php';
if (isset($_POST['new_username'])) {
$errors = array();
if (empty($_POST['new_username'])) {
$errors[] = "You did not enter a username!";
} else {
$new_username = $_POST['new_username'];
}
if ($_POST['new_password'] != $_POST['confirm_password']) {
$errors[] = "Your passwords do not match!";
} else {
if (empty($_POST['new_password'])) {
$errors[] = "You did not enter a password!";
} else {
$new_password = md5($_POST['new_password']);
}
}
if (empty($_POST['first_name'])) {
$errors[] = "You did not enter a first name!";
} else {
$first_name = $_POST['first_name'];
<div class="mainNav">
<div class="navImage">
<a href="index.php"><img id="logo" class="headerImage" src="Images/LogoBlack5.png"/></a>
</div>
<div class="navLinks">
<?php
//Sets the links for all of the nav bar. Accounts is not included because accounts is added later.
$PageListName = array("HOME", "PRODUCTS", "TUTORIALS", "ABOUT US");
$PageURL = array("index.php", "products.php?filter=none", "tutorial.php", "aboutUs.php");
//Displays all of the links in the Nav bar except the account and shopping cart.
for ($i = 0; $i < count($PageListName); $i++) {
echo "<a href='" . $PageURL[$i] . "'>" . $PageListName[$i] . "</a>";
}
if (isDatabaseConnected()) {
if (isset($_POST['accountLogIn'])) {
userLogIn($link);
//Tries to log the user in. Location: PHPScipts/formSubmits.php
} else {
if (isset($_POST['accountRegister'])) {
//Checks to see if the user is registering.
userRegister($link);
//Tries to register the user. Location: PHPScripts/formSubmits.php
}
}
}
if (isLoggedIn()) {
//Checks to see if the user is currently logged in. Location: PHPScripts/helperFunctions.php
//Displays the Account button so the user can go to their account.
echo "<a href='userAccount.php'>ACCOUNT</a>";
} else {
//If there is no user signed in. Display the Sign In button so they can sign in.
$user = userGetLoggedIn();
$params = array();
if (isset($_POST["pass1"]) && isset($_POST["pass2"]) && isset($_POST["password"]) && $_POST["pass1"] == $_POST["pass2"] && md5(stringEncode($_POST["password"])) == $user["password"]) {
$params["password"] = $_POST["pass1"];
}
if (isset($_POST["nickname"]) && $_POST["nickname"] != stringDecode($user["nickname"])) {
$params["nickname"] = $_POST["nickname"];
}
if (isset($_POST["email"]) && $_POST["email"] != stringDecode($user["email"])) {
$params["email"] = $_POST["email"];
}
userSetParams($user["id"], $params);
header("location: index.php?profile");
}
if (isset($_GET["login"])) {
$res = userLogIn($_POST["login"], $_POST["password"], isset($_POST["remember"]));
handleErrors($res);
header("location: index.php");
}
if (isset($_GET["logout"])) {
userLogOut();
header("location: index.php");
}
if (isset($_GET["cap"])) {
$x1 = rand(2, 50);
$x2 = rand(1, $x1 - 1);
$rnd = rand(0, 3);
if ($rnd == 0) {
$operation = " - ";
} elseif ($rnd == 1) {
$operation = " * ";
function login(Request $request, Application $app)
{
$form = $app['form.factory']->create(new LogInUserForm());
$this->processThingsToDoAfterGetUser($request, $app);
if ('POST' == $request->getMethod()) {
$form->bind($request);
if ($form->isValid()) {
$data = $form->getData();
$userRepository = new UserAccountRepository();
$user = null;
// We are deliberately very forgiving about people putting the wrong thing in the wrong field.
if ($data['email']) {
$user = $userRepository->loadByUserNameOrEmail($data['email']);
}
if (!$user && $data['username']) {
$user = $userRepository->loadByUserNameOrEmail($data['username']);
}
if ($user) {
if ($user->checkPassword($data['password'])) {
if ($user->getIsClosedBySysAdmin()) {
$form->addError(new FormError('There was a problem with this account and it has been closed: ' . $user->getClosedBySysAdminReason()));
$app['monolog']->addError("Login attempt - account " . $user->getId() . ' - closed.');
} else {
userLogIn($user);
$this->actionThingsToDoAfterGetUser($app, $user);
if ($data['rememberme']) {
$uarmr = new UserAccountRememberMeRepository();
$uarm = $uarmr->create($user);
$uarm->sendCookies();
}
return $app->redirect("/");
}
} else {
$app['monolog']->addError("Login attempt - account " . $user->getId() . ' - password wrong.');
$form->addError(new FormError('User and password not recognised'));
}
} else {
$app['monolog']->addError("Login attempt - unknown account");
$form->addError(new FormError('User and password not recognised'));
}
}
}
$this->parameters['form'] = $form->createView();
return $app['twig']->render('index/user/login.html.twig', $this->parameters);
}
