/** * Get Auth result * * @param \Phire\Table\UserTypes $type * @return string */ public function getAuthResult($type) { $result = null; if (!$this->isValid()) { $result = $this->getResultMessage(); } else { $user = $this->getUser(); $session = Table\UserSessions::findBy(array('user_id' => $user['id'])); if (!$type->multiple_sessions && isset($session->id)) { $result = 'Multiple sessions are not allowed. Someone is already logged on from ' . $session->ip . '.'; } else { if (!$type->mobile_access && \Pop\Web\Mobile::isMobileDevice()) { $result = 'Mobile access is not allowed.'; } else { if (!$user['verified']) { $result = 'The user is not verified.'; } else { if ($type->id != $user['type_id']) { $userType = Table\UserTypes::findById($user['type_id']); if (isset($userType->id) && !$userType->global_access) { $result = 'The user is not allowed in this area.'; } } } } } } return $result; }
/** * Remove content navigation * * @param array $post * @return void */ public function remove(array $post) { if (isset($post['remove_sessions'])) { foreach ($post['remove_sessions'] as $id) { $session = Table\UserSessions::findById($id); if (isset($session->id)) { $session->delete(); } } } }
/** * Method to use a JSON request to reset a user's last session action * * @return void */ public function session() { $session = new Model\UserSession(); // Update user session last action if (isset($session->user->sess_id)) { $userSession = Table\UserSessions::findById($session->user->sess_id); if (isset($userSession->id) && $userSession->user_id == $session->user->id) { $userSession->last = date('Y-m-d H:i:s'); $userSession->save(); } } }
/** * Login method * * @param string $username * @param \Phire\Table\UserTypes $type * @param boolean $success * @return void */ public function login($username, $type, $success = true) { $user = Table\Users::findBy(array('username' => $username)); $sess = Session::getInstance(); $typeUri = strtolower($type->type) != 'user' ? '/' . strtolower($type->type) : APP_URI; // If login success if ($success && isset($user->id)) { // Create and save new session database entry if ($type->track_sessions) { Table\UserSessions::clearSessions($user->id); $session = new Table\UserSessions(array('user_id' => $user->id, 'ip' => $_SERVER['REMOTE_ADDR'], 'ua' => $_SERVER['HTTP_USER_AGENT'], 'start' => date('Y-m-d H:i:s'))); $session->save(); $sessionId = $session->id; $otherSession = Table\UserSessions::findBy(array('user_id' => $user->id)); if (isset($otherSession->rows[0])) { foreach ($otherSession->rows as $other) { if ($other->id != $sessionId) { $sess->sessionError = $this->i18n->__('Another user is currently logged in as %1 from %2.', array('<strong>' . $username . '</strong>', $other->ip)); } } } } else { $sessionId = null; } $type = Table\UserTypes::findById($user->type_id); $role = Table\UserRoles::findById($user->role_id); // Get user login data $lastLogin = null; $lastUa = null; $lastIp = null; $lastLoginString = '(N/A)'; $timestamp = time(); $ua = $_SERVER['HTTP_USER_AGENT']; $ip = $_SERVER['REMOTE_ADDR']; if ($type->reset_password) { if ($type->reset_password_interval == '1st') { if ($user->logins == '') { $sess->reset_pwd = true; } } else { $interval = 86400; $resetAry = explode(' ', $type->reset_password_interval); if ($resetAry[1] == 'Months') { $interval = 2628000; } else { if ($resetAry[1] == 'Years') { $interval = 31536000; } } $interval = $resetAry[0] * $interval; if ($user->logins != '') { $lastL = key(unserialize($user->logins)); if (time() - $lastL > $interval) { $sess->reset_pwd = true; } } } } if ($user->logins == '') { $logins = array($timestamp => array('ua' => $ua, 'ip' => $ip)); } else { $logins = unserialize($user->logins); $last = end($logins); $lastLogin = date('Y-m-d H:i:s', key($logins)); $lastIp = $last['ip']; $lastUa = $last['ua']; $logins[$timestamp] = array('ua' => $ua, 'ip' => $ip); $lastLoginString = date('D M j, Y g:i A', strtotime($lastLogin)) . ' (' . ('' !== $lastIp ? $lastIp : 'N/A') . ')'; } // Create new session object $sess->user = new \ArrayObject(array('id' => $user->id, 'site_ids' => unserialize($user->site_ids), 'type_id' => $user->type_id, 'type' => $type->type, 'typeUri' => $typeUri, 'global_access' => $type->global_access, 'role_id' => isset($role->id) ? $role->id : 0, 'role' => isset($role->id) ? $role->name : null, 'username' => $username, 'email' => $user->email, 'last_login' => $lastLogin, 'last_ua' => $lastUa, 'last_ip' => $lastIp, 'sess_id' => $sessionId, 'last' => $lastLoginString, 'last_action' => date('Y-m-d H:i:s')), \ArrayObject::ARRAY_AS_PROPS); // Store timestamp and login data $user->logins = serialize($logins); $user->failed_attempts = 0; $user->save(); // If set, log the login if ($type->log_emails != '') { $this->log($type, $user); } // Else, log failed attempt } else { if (isset($user->id)) { $user->failed_attempts++; $user->save(); } } }
/** * Logout method * * @param boolean $redirect * @return void */ public function logout($redirect = true) { // Destroy the session database entry if (null !== $this->sess->user->sess_id) { $session = Table\UserSessions::findById($this->sess->user->sess_id); if (isset($session->id)) { $session->delete(); } } // Destroy the session object. unset($this->sess->user); // Delete the phire cookie $path = BASE_PATH . APP_URI; if ($path == '') { $path = '/'; } $cookie = Cookie::getInstance(array('path' => $path)); $cookie->delete('phire'); if ($redirect) { $uri = $this->basePath == '' ? '/' : $this->basePath; \Pop\Http\Response::redirect($uri); } }