Ejemplo n.º 1
0
 /**
  * Delete the current user's avatar
  */
 public function deleteAvatar_action()
 {
     AvatarModel::deleteAvatar(Session::get("user_id"));
     Redirect::to('user/editAvatar');
 }
Ejemplo n.º 2
0
 /**
  * The real login process: The user's data is written into the session.
  * Cheesy name, maybe rename. Also maybe refactoring this, using an array.
  *
  * @param $user_id
  * @param $user_name
  * @param $user_email
  * @param $user_account_type
  */
 public static function setSuccessfulLoginIntoSession($user_id, $user_name, $user_email, $user_account_type)
 {
     Session::init();
     // remove old and regenerate session ID.
     // It's important to regenerate session on sensitive actions,
     // and to avoid fixated session.
     // e.g. when a user logs in
     session_regenerate_id(true);
     $_SESSION = array();
     Session::set('user_id', $user_id);
     Session::set('user_name', $user_name);
     Session::set('user_email', $user_email);
     Session::set('user_account_type', $user_account_type);
     Session::set('user_provider_type', 'DEFAULT');
     // get and set avatars
     Session::set('user_avatar_file', AvatarModel::getPublicUserAvatarFilePathByUserId($user_id));
     Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($user_email));
     // finally, set user as logged-in
     Session::set('user_logged_in', true);
     // update session id in database
     Session::updateSessionId($user_id, session_id());
     // set session cookie setting manually,
     // Why? because you need to explicitly set session expiry, path, domain, secure, and HTTP.
     // @see https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet#Cookies
     setcookie(session_name(), session_id(), time() + Config::get('SESSION_RUNTIME'), Config::get('COOKIE_PATH'), Config::get('COOKIE_DOMAIN'), Config::get('COOKIE_SECURE'), Config::get('COOKIE_HTTP'));
 }
Ejemplo n.º 3
0
 /**
  * Edit the user's email
  *
  * @param $new_user_email
  *
  * @return bool success status
  */
 public static function editUserEmail($new_user_email)
 {
     // email provided ?
     if (empty($new_user_email)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_FIELD_EMPTY'));
         return false;
     }
     // check if new email is same like the old one
     if ($new_user_email == Session::get('user_email')) {
         Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE'));
         return false;
     }
     // user's email must be in valid email format, also checks the length
     // @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length
     // @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address
     if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN'));
         return false;
     }
     // strip tags, just to be sure
     $new_user_email = substr(strip_tags($new_user_email), 0, 254);
     // check if user's email already exists
     if (self::doesEmailAlreadyExist($new_user_email)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
         return false;
     }
     // write to database, if successful ...
     // ... then write new email to session, Gravatar too (as this relies to the user's email address)
     if (self::saveNewEmailAddress(Session::get('user_id'), $new_user_email)) {
         Session::set('user_email', $new_user_email);
         Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($new_user_email));
         Session::add('feedback_positive', Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL'));
         return true;
     }
     Session::add('feedback_negative', Text::get('FEEDBACK_UNKNOWN_ERROR'));
     return false;
 }