/**
* @see IUserAuthentication::verifyAndUpdateCurrentUser()
*/
public function verifyAndUpdateCurrentUser(User $currentUser)
{
$db = DbConnection::getInstance();
$fromTable = $this->_website->getConfig('db_prefix') . '_user';
if (!isset($_SESSION[SESSION_PARAM_USERID]) || !$_SESSION[SESSION_PARAM_USERID]) {
// 'remember me' token
$rememberMe = CookieHelper::getCookieValue('user');
if ($rememberMe != null) {
$columns = 'id, passwort_salt, nick, email, lang';
$whereCondition = 'status = 1 AND tokenid = \'%s\'';
$result = $db->querySelect($columns, $fromTable, $whereCondition, $rememberMe);
$rememberedUser = $result->fetch_array();
$result->free();
if (isset($rememberedUser['id'])) {
$currentToken = SecurityUtil::generateSessionToken($rememberedUser['id'], $rememberedUser['passwort_salt']);
if ($currentToken === $rememberMe) {
$this->_login($rememberedUser, $db, $fromTable, $currentUser);
return;
} else {
CookieHelper::destroyCookie('user');
// invalid old token since most probably user agent changed
$columns = array('tokenid' => '');
$whereCondition = 'id = %d';
$parameter = $rememberedUser['id'];
$db->queryUpdate($columns, $fromTable, $whereCondition, $parameter);
}
} else {
CookieHelper::destroyCookie('user');
}
// user is neither in session nor with cookie logged on
} else {
return;
}
}
// get user data
$userid = isset($_SESSION[SESSION_PARAM_USERID]) ? $_SESSION[SESSION_PARAM_USERID] : 0;
if (!$userid) {
return;
}
$columns = 'id, nick, email, lang, premium_balance, picture';
$whereCondition = 'status = 1 AND id = %d';
$result = $db->querySelect($columns, $fromTable, $whereCondition, $userid);
if ($result->num_rows) {
$userdata = $result->fetch_array();
$this->_login($userdata, $db, $fromTable, $currentUser);
} else {
// user might got disabled in the meanwhile
$this->logoutUser($currentUser);
}
$result->free();
}
