Ejemplo n.º 1
0
 /**
  * Perform the necessary actions to send a password reset mail
  *
  * @param $user_name_or_email string Username or user's email
  *
  * @return bool success status
  */
 public static function requestPasswordReset($user_name_or_email)
 {
     if (empty($user_name_or_email)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_EMAIL_FIELD_EMPTY'));
         return false;
     }
     // check if that username exists
     $result = UserModel::getUserDataByUserNameOrEmail($user_name_or_email);
     if (!$result) {
         Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST'));
         return false;
     }
     // generate integer-timestamp (to see when exactly the user (or an attacker) requested the password reset mail)
     // generate random hash for email password reset verification (40 char string)
     $temporary_timestamp = time();
     $user_password_reset_hash = sha1(uniqid(mt_rand(), true));
     // set token (= a random hash string and a timestamp) into database ...
     $token_set = self::setPasswordResetDatabaseToken($result->user_name, $user_password_reset_hash, $temporary_timestamp);
     if (!$token_set) {
         return false;
     }
     // ... and send a mail to the user, containing a link with username and token hash string
     $mail_sent = self::sendPasswordResetMail($result->user_name, $user_password_reset_hash, $result->user_email);
     if ($mail_sent) {
         return true;
     }
     // default return
     return false;
 }
Ejemplo n.º 2
0
 /**
  * performs the login via cookie (for DEFAULT user account, FACEBOOK-accounts are handled differently)
  * TODO add throttling here ?
  *
  * @param $cookie string The cookie "remember_me"
  *
  * @return bool success state
  */
 public static function loginWithCookie($cookie)
 {
     if (!$cookie) {
         Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
         return false;
     }
     // check cookie's contents, check if cookie contents belong together or token is empty
     list($user_id, $token, $hash) = explode(':', $cookie);
     if ($hash !== hash('sha256', $user_id . ':' . $token) or empty($token)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
         return false;
     }
     // get data of user that has this id and this token
     $result = UserModel::getUserDataByUserIdAndToken($user_id, $token);
     if ($result) {
         // successfully logged in, so we write all necessary data into the session and set "user_logged_in" to true
         self::setSuccessfulLoginIntoSession($result->user_id, $result->user_name, $result->user_email, $result->user_account_type);
         // save timestamp of this login in the database line of that user
         self::saveTimestampOfLoginOfUser($result->user_name);
         Session::add('feedback_positive', Text::get('FEEDBACK_COOKIE_LOGIN_SUCCESSFUL'));
         return true;
     } else {
         Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
         return false;
     }
 }
Ejemplo n.º 3
0
 /**
  * Edit the user's email
  *
  * @param $new_user_email
  *
  * @return bool success status
  */
 public static function editUserEmail($new_user_email)
 {
     // email provided ?
     if (empty($new_user_email)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_FIELD_EMPTY'));
         return false;
     }
     // check if new email is same like the old one
     if ($new_user_email == Session::get('user_email')) {
         Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE'));
         return false;
     }
     // user's email must be in valid email format, also checks the length
     // @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length
     // @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address
     if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN'));
         return false;
     }
     // strip tags, just to be sure
     $new_user_email = substr(strip_tags($new_user_email), 0, 254);
     // check if user's email already exists
     if (UserModel::doesEmailAlreadyExist($new_user_email)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
         return false;
     }
     // write to database, if successful ...
     // ... then write new email to session, Gravatar too (as this relies to the user's email address)
     if (UserModel::saveNewEmailAddress(Session::get('user_id'), $new_user_email)) {
         Session::set('user_email', $new_user_email);
         Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($new_user_email));
         Session::add('feedback_positive', Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL'));
         return true;
     }
     Session::add('feedback_negative', Text::get('FEEDBACK_UNKNOWN_ERROR'));
     return false;
 }