/** * Kicks the selected user out of the system instantly by resetting the user's session. * This means, the user will be "logged out". * * @param $userId * @return bool */ private static function resetUserSession($userId) { $database = DatabaseFactory::getFactory()->getConnection(); $query = $database->prepare("UPDATE users SET session_id = :session_id WHERE user_id = :user_id LIMIT 1"); $query->execute(array(':session_id' => null, ':user_id' => $userId)); if ($query->rowCount() == 1) { Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_USER_SUCCESSFULLY_KICKED')); return true; } }
/** * Writes the new account type marker to the database and to the session * * @param $type * * @return bool */ public static function saveRoleToDatabase($type) { // if $type is not 1 or 2 if (!in_array($type, [1, 2])) { return false; } $database = DatabaseFactory::getFactory()->getConnection(); $query = $database->prepare("UPDATE users SET user_account_type = :new_type WHERE user_id = :user_id LIMIT 1"); $query->execute(array(':new_type' => $type, ':user_id' => Session::get('user_id'))); if ($query->rowCount() == 1) { // set account type in session Session::set('user_account_type', $type); return true; } return false; }
/** * Delete a user's avatar * * @param int $userId * @return bool success */ public static function deleteAvatar($userId) { if (!ctype_digit($userId)) { Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED")); return false; } // try to delete image, but still go on regardless of file deletion result self::deleteAvatarImageFile($userId); $database = DatabaseFactory::getFactory()->getConnection(); $sth = $database->prepare("UPDATE users SET user_has_avatar = 0 WHERE user_id = :user_id LIMIT 1"); $sth->bindValue(":user_id", (int) $userId, \PDO::PARAM_INT); $sth->execute(); if ($sth->rowCount() == 1) { Session::set('user_avatar_file', self::getPublicUserAvatarFilePathByUserId($userId)); Session::add("feedback_positive", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_SUCCESSFUL")); return true; } else { Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED")); return false; } }
/** * Deletes the cookie * It's necessary to split deleteCookie() and logout() as cookies are deleted without logging out too! * Sets the remember-me-cookie to ten years ago (3600sec * 24 hours * 365 days * 10). * that's obviously the best practice to kill a cookie @see http://stackoverflow.com/a/686166/1114320 * * @param string $user_id */ public static function deleteCookie($user_id = null) { // is $user_id was set, then clear remember_me token in database if (isset($user_id)) { $database = DatabaseFactory::getFactory()->getConnection(); $sql = "UPDATE users SET user_remember_me_token = :user_remember_me_token WHERE user_id = :user_id LIMIT 1"; $sth = $database->prepare($sql); $sth->execute(array(':user_remember_me_token' => NULL, ':user_id' => $user_id)); } // delete remember_me cookie in browser setcookie('remember_me', false, time() - 3600 * 24 * 3650, Config::get('COOKIE_PATH'), Config::get('COOKIE_DOMAIN'), Config::get('COOKIE_SECURE'), Config::get('COOKIE_HTTP')); }
/** * Delete a specific note * @param int $note_id id of the note * @return bool feedback (was the note deleted properly ?) */ public static function deleteNote($note_id) { if (!$note_id) { return false; } $database = DatabaseFactory::getFactory()->getConnection(); $sql = "DELETE FROM notes WHERE note_id = :note_id AND user_id = :user_id LIMIT 1"; $query = $database->prepare($sql); $query->execute(array(':note_id' => $note_id, ':user_id' => Session::get('user_id'))); if ($query->rowCount() == 1) { return true; } // default return Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_DELETION_FAILED')); return false; }
/** * Gets the user's data by user's id and a token (used by login-via-cookie process) * * @param $user_id * @param $token * * @return mixed Returns false if user does not exist, returns object with user's data when user exists */ public static function getUserDataByUserIdAndToken($user_id, $token) { $database = DatabaseFactory::getFactory()->getConnection(); // get real token from database (and all other data) $query = $database->prepare("SELECT user_id, user_name, user_email, user_password_hash, user_active,\n user_account_type, user_has_avatar, user_failed_logins, user_last_failed_login\n FROM users\n WHERE user_id = :user_id\n AND user_remember_me_token = :user_remember_me_token\n AND user_remember_me_token IS NOT NULL\n AND user_provider_type = :provider_type LIMIT 1"); $query->execute(array(':user_id' => $user_id, ':user_remember_me_token' => $token, ':provider_type' => 'DEFAULT')); // return one row (we only have one result or nothing) return $query->fetch(); }
/** * Validates current and new passwords * * @param string $user_name * @param string $user_password_current * @param string $user_password_new * @param string $user_password_repeat * * @return bool */ public static function validatePasswordChange($user_name, $user_password_current, $user_password_new, $user_password_repeat) { $database = DatabaseFactory::getFactory()->getConnection(); $sql = "SELECT user_password_hash, user_failed_logins FROM users WHERE user_name = :user_name LIMIT 1;"; $query = $database->prepare($sql); $query->execute(array(':user_name' => $user_name)); $user = $query->fetch(); if ($query->rowCount() == 1) { $user_password_hash = $user->user_password_hash; } else { Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST')); return false; } if (!password_verify($user_password_current, $user_password_hash)) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_CURRENT_INCORRECT')); return false; } else { if (empty($user_password_new) || empty($user_password_repeat)) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY')); return false; } else { if ($user_password_new !== $user_password_repeat) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG')); return false; } else { if (strlen($user_password_new) < 6) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT')); return false; } else { if ($user_password_current == $user_password_new) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_NEW_SAME_AS_CURRENT')); return false; } } } } } return true; }
/** * checks the email/verification code combination and set the user's activation status to true in the database * * @param int $user_id user id * @param string $user_activation_verification_code verification token * * @return bool success status */ public static function verifyNewUser($user_id, $user_activation_verification_code) { $database = DatabaseFactory::getFactory()->getConnection(); $sql = "UPDATE users SET user_active = 1, user_activation_hash = NULL\n WHERE user_id = :user_id AND user_activation_hash = :user_activation_hash LIMIT 1"; $query = $database->prepare($sql); $query->execute(array(':user_id' => $user_id, ':user_activation_hash' => $user_activation_verification_code)); if ($query->rowCount() == 1) { Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL')); return true; } Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED')); return false; }