Ejemplo n.º 1
0
 public function log_in($uid, $remember_me, $login_source)
 {
     $user_type = Network::get_user_type(PA::$network_info->network_id, $uid);
     if ($user_type == DISABLED_MEMBER) {
         throw new PAException(USER_ACCESS_DENIED, 'Your account has been temporarily disabled by the administrator.');
     }
     $logged_user = new User();
     // load user
     $logged_user->load((int) $uid);
     $logged_user->set_last_login();
     PA::$login_user = $logged_user;
     register_session($logged_user->login_name, $logged_user->user_id, $logged_user->role, $logged_user->first_name, $logged_user->last_name, $logged_user->email, $logged_user->picture);
     if ($remember_me) {
         // set login cookie
         if ($this->login_cookie->is_new()) {
             $this->login_cookie->new_session($uid);
         }
         $cookie_value = $this->login_cookie->get_cookie();
         $cookie_expiry = time() + LoginCookie::$cookie_lifetime;
         // update tracking info
         $this->login_cookie->update_tracking_info($_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR']);
     } else {
         // clear login cookie
         $cookie_value = "";
         $cookie_expiry = 0;
     }
     // remember series ID, so we can destroy session on logout
     $_SESSION['login_series'] = $this->login_cookie->get_series();
     // remember login source, so we know if it's safe to let user change password, etc
     $_SESSION['login_source'] = $login_source;
     // set new cookie for next login!  (or delete cookie, if not remembering login)
     setcookie(PA_Login::$cookie_name, $cookie_value, $cookie_expiry, PA::$local_url, "." . PA::$domain_suffix);
 }
Ejemplo n.º 2
0
 public function getCurrentUser()
 {
     global $page_uid, $page_user, $login_uid, $login_name, $login_user;
     require_once "api/User/User.php";
     session_start();
     PA::$login_uid = NULL;
     PA::$login_user = NULL;
     $login_uid = NULL;
     $login_name = NULL;
     $login_user = NULL;
     $this->CurrUser = isset($_SESSION['user']) ? $_SESSION['user'] : null;
     // Check if an authToken variable in GET and use it if available
     $authToken = isset($_GET['authToken']) ? $_GET['authToken'] : null;
     if ($authToken) {
         try {
             $user = new User();
             $user = $this->getUserFromAuthToken($authToken);
             if ($user && $user->user_id) {
                 // User is valid so log_in the user
                 // 	Since we know that AuthToken was passed into the URL, we can assume this
                 // 	user was redirected here from a partner web site. We need to log in the user
                 // 	as if they logged in through the normal PeopleAggregator login form:
                 // (ie. set all session variables just as if dologin.php was called).
                 $referer = "external site";
                 if (isset($_SERVER['HTTP_REFERER'])) {
                     $referer = $_SERVER['HTTP_REFERER'];
                 }
                 $pal = new PA_Login();
                 $pal->log_in($user->user_id, false, $referer);
                 // Set authToken as a session variable so that it can be accessed anywhere
                 $_SESSION['authToken'] = $authToken;
             }
         } catch (Exception $e) {
             if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED, USER_TOKEN_INVALID, USER_TOKEN_EXPIRED))) {
                 throw $e;
             }
             // The currently logged-in user has been deleted; invalidate the session.
             session_destroy();
             session_start();
             $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL;
         }
     }
     if ($this->CurrUser) {
         try {
             $user = new User();
             $user->load((int) $this->CurrUser['id'], "user_id", TRUE);
         } catch (Exception $e) {
             if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) {
                 throw $e;
             }
             // The currently logged-in user has been deleted; invalidate the session.
             session_destroy();
             session_start();
             $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL;
         }
     }
     if (isset($user) && $user) {
         // if the user variable is set
         if ($user->user_id) {
             $login_name = $this->CurrUser['name'];
             PA::$login_user = $login_user = $user;
             PA::$login_uid = $login_uid = $user->user_id;
         }
         if (PA::$login_uid) {
             PA::$login_user->update_user_time_spent();
             User::track_status(PA::$login_uid);
         }
     }
     // If a user is specified on the query string as an ID (uid=123) or
     // login name (login=phil), validate the id/name and load the user
     // object.
     if (!empty($_GET['uid'])) {
         $page_uid = PA::$page_uid = (int) $_GET['uid'];
         $page_user = PA::$page_user = new User();
         PA::$page_user->load(PA::$page_uid);
     } else {
         if (!empty($_GET['login'])) {
             $page_user = PA::$page_user = new User();
             if (is_numeric($_GET['login'])) {
                 PA::$page_user->load((int) $_GET['login']);
             } else {
                 PA::$page_user->load($_GET['login']);
             }
             $page_uid = PA::$page_uid = PA::$page_user->user_id;
         } else {
             $page_uid = PA::$page_uid = $page_user = PA::$page_user = NULL;
         }
     }
     // Copy PA::$page_* into PA::$* if present, otherwise use PA::$login_*.
     if (PA::$page_uid) {
         $uid = PA::$uid = PA::$page_uid;
         $user = PA::$user = PA::$page_user;
     } else {
         $uid = PA::$uid = PA::$login_uid;
         $user = PA::$user = PA::$login_user;
     }
     session_commit();
 }
Ejemplo n.º 3
0
 function handle_request()
 {
     $json = new Services_JSON();
     try {
         global $_PA, $HTTP_RAW_POST_DATA;
         if (!@$_PA->enable_widgetization_server) {
             $this->fail("Widget server is not enabled; you must set \$_PA->enable_widgetization_server = TRUE in local_config.php.");
         }
         if ($_SERVER['REQUEST_METHOD'] != 'POST') {
             $this->fail("This URL handles POST requests only");
         }
         if ($_SERVER['CONTENT_TYPE'] != 'application/x-javascript') {
             $this->fail("Content-Type of application/x-javascript required");
         }
         // Parse input
         $request = $json->decode($HTTP_RAW_POST_DATA);
         if ($request == NULL) {
             $this->fail("Null request");
         }
         if (@$_PA->log_widget_requests) {
             Logger::log("WidgetServer::handle_request(): request={$HTTP_RAW_POST_DATA}", LOGGER_ACTION);
         }
         $this->global = $request->global;
         // This should probably be in config.inc.  For the moment
         // we figure out the network based on the URL, as with the
         // rest of the system.
         PA::$network_info = get_network_info();
         $lang = "english";
         if (!empty($this->global->language)) {
             switch ($this->global->language) {
                 case 'en':
                     break;
                 case 'fr':
                     $lang = "french";
                     break;
                 default:
                     $this->fail("Unknown language: {$this->global}->language");
             }
         }
         PA::load_language($lang);
         // Create items as required
         if (!empty($this->global->items)) {
             foreach ($this->global->items as $item) {
                 $item_params = array();
                 foreach ($item as $k => $v) {
                     $item_params[$k] = $v;
                 }
                 Item::sync($item_params);
                 // create or update row in 'items' database table
             }
         }
         // Set up globals - network, user etc
         if (!empty($this->global->user)) {
             $user_info = array("user_id" => $this->global->user->id, "login_name" => $this->global->user->login, "email" => $this->global->user->email, "first_name" => $this->global->user->first_name, "last_name" => $this->global->user->last_name, "url" => $this->global->user->url, "thumbnail_url" => $this->global->user->thumbnail_url);
             // load (and sync!) or create a shadow user for the current remote user
             PA::$login_user = new ShadowUser($this->global->user->namespace);
             if (!PA::$login_user->load($user_info)) {
                 // we haven't seen this remote user before - create account
                 PA::$login_user = ShadowUser::create($this->global->user->namespace, $user_info, PA::$network_info);
                 //FIXME: need to define what remote urls mean.  in this case "url" should be used instead of /users/$login_name when generating internal urls, so it should go in a global profile block rather than something specific to the remote site.
                 PA::$login_user->set_profile_field($this->global->user->namespace, "url", $this->global->user->url);
             }
             PA::$login_uid = PA::$login_user->user_id;
         }
         // Render modules
         $modules = array();
         foreach ($request->modules as $req_module) {
             $module = array();
             $module['id'] = $req_module->id;
             $module['name'] = $name = $req_module->name;
             $params = array();
             foreach ($req_module->params as $k => $v) {
                 $params[$k] = $v;
             }
             // clean up URLs that may have the port 80 specified
             // this would lead to cross server AJAX problems in safari etc
             // although we are actually on the same server
             // domain.tld:80/file/ and domain.tld/file/
             foreach (array('get_url', 'ajax_url', 'post_url') as $i => $url) {
                 $req_module->{$url} = preg_replace('|:80/*|', '/', $req_module->{$url});
             }
             // dispatch module
             ob_start();
             $module['html'] = $this->render_module($req_module->method, $req_module->name, $req_module->args, $params, $req_module->get_url, $req_module->ajax_url, $req_module->post_url, $req_module->param_prefix);
             // prefix for input parameters and textareas
             $errors = ob_get_contents();
             ob_end_clean();
             if (!empty($errors)) {
                 $module['errors'] = $errors;
             }
             $modules[] = $module;
         }
         $response = array('modules' => $modules);
         header("Content-Type: application/x-javascript");
         echo $json->encode($response);
     } catch (WidgetException $e) {
         echo $json->encode(array("error" => $e->getMessage()));
     }
 }
Ejemplo n.º 4
0
$login_uid = PA::$login_uid = @$_SESSION['user']['id'];
$login_name = @$_SESSION['user']['name'];
if (!$login_uid) {
    $login_user = PA::$login_user = NULL;
} else {
    $login_user = PA::$login_user = new User();
    try {
        PA::$login_user->load((int) $login_uid, 'user_id', TRUE);
    } catch (CNException $e) {
        if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) {
            throw $e;
        }
        // The currently logged-in user has been deleted; invalidate the session.
        session_destroy();
        session_start();
        $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL;
    }
    // update tracking stuff
    if (PA::$login_uid) {
        PA::$login_user->update_user_time_spent();
        User::track_status(PA::$login_uid);
    }
}
// If a user is specified on the query string as an ID (uid=123) or
// login name (login=phil), validate the id/name and load the user
// object.
if (!empty($_GET['uid'])) {
    $page_uid = PA::$page_uid = (int) $_GET['uid'];
    $page_user = PA::$page_user = new User();
    PA::$page_user->load(PA::$page_uid);
} elseif (!empty($_GET['login'])) {
Ejemplo n.º 5
0
                 }
                 $redirect_url = PA_ROUTE_GROUP . "/gid={$gid}&action=join&GInvID={$group_invitation_id}";
             } else {
                 //else redirect registered user to its page.
                 $redirect_url = PA_ROUTE_USER_PRIVATE . '/' . "msg_id=7014";
             }
             // end of if group invitation is valid
         } else {
             $redirect_url = PA_ROUTE_USER_PRIVATE . '/' . "msg_id=7014";
         }
     }
     header("Location: " . PA::$url . $redirect_url);
     exit;
 } else {
     register_session($newuser->login_name, $newuser->user_id, $newuser->role, $newuser->first_name, $newuser->last_name, $newuser->email, $newuser->picture);
     PA::$login_user = $newuser;
     PA::$login_uid = $newuser->user_id;
     if (isset($_GET['gid'])) {
         //if gid is available, redirect to group home page
         header("Location: " . PA::$url . PA_ROUTE_GROUP . "/gid=" . $_GET['gid']);
         exit;
     }
     if (isset($_GET['aid'])) {
         //if gid is available, redirect to group home page
         header("Location: " . PA::$url . "/network_announcement.php?aid=" . $_GET['aid']);
         exit;
     }
     if (isset($user->user_id)) {
         //if uid is set, then look for action
         if (isset($_GET['action']) && $_GET['action'] == 'user') {
             //redirect user to user's private page
Ejemplo n.º 6
0
 function handle_request()
 {
     $json = new Services_JSON();
     try {
         global $HTTP_RAW_POST_DATA;
         if (!@PA::$config->enable_widgetization_server) {
             $this->fail("Widget server is not enabled; you must set \\PA::{$config->enable_widgetization_server} = TRUE in local_config.php.");
         }
         if ($_SERVER['REQUEST_METHOD'] != 'POST') {
             $this->fail("This URL handles POST requests only");
         }
         if ($_SERVER['CONTENT_TYPE'] != 'application/x-javascript') {
             $this->fail("Content-Type of application/x-javascript required");
         }
         // Parse input
         $request = $json->decode($HTTP_RAW_POST_DATA);
         if ($request == NULL) {
             $this->fail("Null request");
         }
         $this->global = $request->global;
         // Set up globals - network, user etc
         if (!empty($this->global->user)) {
             PA::$login_user = new ShadowUser($this->global->namespace);
             // see if we can load it already
             if (!PA::$login_user->load($this->global->user->user_id)) {
                 // wasn't here before, so we create a shadow account
                 PA::$login_user = ShadowUser::create($this->global->namespace, $this->global->user, PA::$network_info);
             }
             PA::$login_uid = PA::$login_user->user_id;
         }
         // This should probably be in config.inc.  For the moment
         // we figure out the network based on the URL, as with the
         // rest of the system.
         PA::$network_info = get_network_info();
         // Render modules
         $modules = array();
         foreach ($request->modules as $req_module) {
             $module = array();
             $module['id'] = $req_module->id;
             $module['name'] = $name = $req_module->name;
             $params = array();
             foreach ($req_module->params as $k => $v) {
                 $params[$k] = $v;
             }
             // dispatch module
             ob_start();
             $module['html'] = $this->render_module($req_module->method, $req_module->name, $req_module->args, $params, $req_module->post_url, $req_module->param_prefix);
             // prefix for input parameters and textareas
             $errors = ob_get_contents();
             ob_end_clean();
             if (!empty($errors)) {
                 $module['errors'] = $errors;
             }
             $modules[] = $module;
         }
         $response = array('modules' => $modules);
         header("Content-Type: application/x-javascript");
         echo $json->encode($response);
     } catch (WidgetException $e) {
         echo $json->encode(array("error" => $e->getMessage()));
     }
 }