public function initialize($env, $rq)
{
$this->env = $env;
$this->dao = $this->getDao();
if ($env != NULL and $env->events() != NULL) {
require_once "include/event/SessionEvent.class.php";
SessionEvent::register($env->events());
}
$id = NULL;
$cookie = FALSE;
$time = time();
if ($rq != NULL) {
$id = $rq->getSessionId();
}
// initialize guest mode
if ($id === "guest" and $this->env->features()->isFeatureEnabled("guest_mode")) {
$user = $this->env->settings()->setting("guest_user_id");
if (!$user) {
throw new ServiceException("INVALID_CONFIGURATION", "No guest user defined");
}
Logging::logDebug("Guest session: " . $user);
$this->session = array("user_id" => $user);
} else {
$cookie = ($this->useCookie and $this->env->cookies()->exists("session"));
if ($id == NULL and $cookie) {
$id = $this->env->cookies()->get("session");
}
// no session found
if ($id == NULL) {
return;
}
$expiration = $this->getLastValidSessionTime($time);
$sessionData = $this->dao->getSession($id, $this->env->configuration()->formatTimestampInternal($expiration));
if ($sessionData == NULL) {
$this->env->cookies()->remove("session");
$this->removeAllExpiredSessions();
return;
}
$this->session = $sessionData;
$this->data = $this->dao->getSessionData($id);
}
$this->id = $id;
// load user data
$this->user = $this->findSessionUser($this->session["user_id"]);
if (!$this->user) {
// user expired
$this->end();
$this->id = NULL;
return;
}
if ($this->env->features()->isFeatureEnabled('user_groups')) {
$this->userGroups = $this->env->configuration()->getUsersGroups($this->user["id"]);
}
// extend session time
$this->dao->updateSessionTime($this->id, $this->env->configuration()->formatTimestampInternal($time));
// check if cookie is for same id
if (!$cookie or strcmp($this->id, $this->env->cookies()->get("session")) != 0) {
$this->setCookie($time);
}
}
private function authenticate()
{
if (!$this->request->hasData("username") or !$this->request->hasData("password")) {
throw new ServiceException("INVALID_REQUEST", "Missing parameters");
}
$pw = base64_decode($this->request->data("password"));
$this->env->authentication()->login($this->request->data("username"), $pw);
$this->env->events()->onEvent(SessionEvent::login($this->env->request()->ip()));
$sessionInfo = $this->getSessionInfo();
if ($this->request->hasData("remember") and strcmp($this->request->data("remember"), "1") === 0) {
$this->env->authentication()->storeCookie();
}
$this->response()->success($sessionInfo);
}
public function login($username, $pw)
{
$user = $this->env->configuration()->findUser($username, $this->env->settings()->setting("email_login"), time());
if (!$user) {
syslog(LOG_NOTICE, "Failed Mollify login attempt from [" . $this->env->request()->ip() . "], user [" . $username . "]");
$this->env->events()->onEvent(SessionEvent::failedLogin($username, $this->env->request()->ip()));
throw new ServiceException("AUTHENTICATION_FAILED");
}
$auth = $this->env->configuration()->getUserAuth($user["id"]);
if (!$this->auth($user, $auth, $pw)) {
syslog(LOG_NOTICE, "Failed Mollify login attempt from [" . $this->env->request()->ip() . "], user [" . $username . "]");
$this->env->events()->onEvent(SessionEvent::failedLogin($username, $this->env->request()->ip()));
throw new ServiceException("AUTHENTICATION_FAILED");
}
$this->setAuth($user, $auth["type"]);
return $user;
}
public function __construct(SessionInterface $session, $oldId)
{
parent::__construct($session);
$this->oldId = $oldId;
}
