/** * @see wcf\system\user\authentication\IUserAuthentication::loginAutomatically() */ public function loginAutomatically($persistent = false, $userClassname = 'wcf\data\user\User') { if (!$persistent) return null; $user = null; if (isset($_COOKIE[COOKIE_PREFIX.'userID']) && isset($_COOKIE[COOKIE_PREFIX.'password'])) { if (!($user = $this->getUserAutomatically(intval($_COOKIE[COOKIE_PREFIX.'userID']), $_COOKIE[COOKIE_PREFIX.'password'], $userClassname))) { $user = null; // reset cookie HeaderUtil::setCookie('userID', ''); HeaderUtil::setCookie('password', ''); } } return $user; }
/** * @see \wcf\action\IAction::execute() */ public function execute() { AbstractSecureAction::execute(); // do logout WCF::getSession()->delete(); // remove cookies if (isset($_COOKIE[COOKIE_PREFIX . 'userID'])) { HeaderUtil::setCookie('userID', 0); } if (isset($_COOKIE[COOKIE_PREFIX . 'password'])) { HeaderUtil::setCookie('password', ''); } $this->executed(); // forward to index page HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(), WCF::getLanguage()->get('wcf.user.logout.redirect')); exit; }
/** * @see \wcf\system\session\ACPSessionFactory::init() */ protected function init() { $usesCookies = true; if (isset($_COOKIE[COOKIE_PREFIX . 'cookieHash'])) { if ($_COOKIE[COOKIE_PREFIX . 'cookieHash'] != SessionHandler::getInstance()->sessionID) { $usesCookies = false; } } else { $usesCookies = false; } if (!$usesCookies) { // cookie support will be enabled upon next request HeaderUtil::setCookie('cookieHash', SessionHandler::getInstance()->sessionID); } else { // enable cookie support SessionHandler::getInstance()->enableCookies(); } parent::init(); }
/** * logout * * @return Boolean return true when logout success. */ public function logout() { //ref wcf\action\LogoutAction::execute() // do logout WCF::getSession()->delete(); // remove cookies if (isset($_COOKIE[COOKIE_PREFIX . 'userID'])) { HeaderUtil::setCookie('userID', 0); } if (isset($_COOKIE[COOKIE_PREFIX . 'password'])) { HeaderUtil::setCookie('password', ''); } return true; }
/** * @see \wcf\form\IForm::save() */ public function save() { parent::save(); $success = array(); $updateParameters = array(); // quit if (WCF::getSession()->getPermission('user.profile.canQuit')) { if (!WCF::getUser()->quitStarted && $this->quit == 1) { $updateParameters['quitStarted'] = TIME_NOW; $this->quitStarted = TIME_NOW; $success[] = 'wcf.user.quit.success'; } else { if (WCF::getUser()->quitStarted && $this->cancelQuit == 1) { $updateParameters['quitStarted'] = 0; $this->quitStarted = 0; $success[] = 'wcf.user.quit.cancel.success'; } } } // user name if (WCF::getSession()->getPermission('user.profile.canRename') && $this->username != WCF::getUser()->username) { if (mb_strtolower($this->username) != mb_strtolower(WCF::getUser()->username)) { $updateParameters['lastUsernameChange'] = TIME_NOW; $updateParameters['oldUsername'] = WCF::getUser()->username; } $updateParameters['username'] = $this->username; $success[] = 'wcf.user.changeUsername.success'; } // email if (WCF::getSession()->getPermission('user.profile.canChangeEmail') && $this->email != WCF::getUser()->email && $this->email != WCF::getUser()->newEmail) { if (REGISTER_ACTIVATION_METHOD == 0 || REGISTER_ACTIVATION_METHOD == 2 || mb_strtolower($this->email) == mb_strtolower(WCF::getUser()->email)) { // update email $updateParameters['email'] = $this->email; $success[] = 'wcf.user.changeEmail.success'; } else { if (REGISTER_ACTIVATION_METHOD == 1) { // get reactivation code $activationCode = UserRegistrationUtil::getActivationCode(); // save as new email $updateParameters['reactivationCode'] = $activationCode; $updateParameters['newEmail'] = $this->email; $messageData = array('username' => WCF::getUser()->username, 'userID' => WCF::getUser()->userID, 'activationCode' => $activationCode); $mail = new Mail(array(WCF::getUser()->username => $this->email), WCF::getLanguage()->getDynamicVariable('wcf.user.changeEmail.needReactivation.mail.subject'), WCF::getLanguage()->getDynamicVariable('wcf.user.changeEmail.needReactivation.mail', $messageData)); $mail->send(); $success[] = 'wcf.user.changeEmail.needReactivation'; } } } // password if (!WCF::getUser()->authData) { if (!empty($this->newPassword) || !empty($this->confirmNewPassword)) { $updateParameters['password'] = $this->newPassword; $success[] = 'wcf.user.changePassword.success'; } } // 3rdParty if (GITHUB_PUBLIC_KEY !== '' && GITHUB_PRIVATE_KEY !== '') { if ($this->githubConnect && WCF::getSession()->getVar('__githubToken')) { $updateParameters['authData'] = 'github:' . WCF::getSession()->getVar('__githubToken'); $success[] = 'wcf.user.3rdparty.github.connect.success'; WCF::getSession()->unregister('__githubToken'); WCF::getSession()->unregister('__githubUsername'); } } if ($this->githubDisconnect && StringUtil::startsWith(WCF::getUser()->authData, 'github:')) { $updateParameters['authData'] = ''; $success[] = 'wcf.user.3rdparty.github.disconnect.success'; } if (TWITTER_PUBLIC_KEY !== '' && TWITTER_PRIVATE_KEY !== '') { if ($this->twitterConnect && WCF::getSession()->getVar('__twitterData')) { $twitterData = WCF::getSession()->getVar('__twitterData'); $updateParameters['authData'] = 'twitter:' . $twitterData['user_id']; $success[] = 'wcf.user.3rdparty.twitter.connect.success'; WCF::getSession()->unregister('__twitterData'); WCF::getSession()->unregister('__twitterUsername'); } } if ($this->twitterDisconnect && StringUtil::startsWith(WCF::getUser()->authData, 'twitter:')) { $updateParameters['authData'] = ''; $success[] = 'wcf.user.3rdparty.twitter.disconnect.success'; } if (FACEBOOK_PUBLIC_KEY !== '' && FACEBOOK_PRIVATE_KEY !== '') { if ($this->facebookConnect && WCF::getSession()->getVar('__facebookData')) { $facebookData = WCF::getSession()->getVar('__facebookData'); $updateParameters['authData'] = 'facebook:' . $facebookData['id']; $success[] = 'wcf.user.3rdparty.facebook.connect.success'; WCF::getSession()->unregister('__facebookData'); WCF::getSession()->unregister('__facebookUsername'); } } if ($this->facebookDisconnect && StringUtil::startsWith(WCF::getUser()->authData, 'facebook:')) { $updateParameters['authData'] = ''; $success[] = 'wcf.user.3rdparty.facebook.disconnect.success'; } if (GOOGLE_PUBLIC_KEY !== '' && GOOGLE_PRIVATE_KEY !== '') { if ($this->googleConnect && WCF::getSession()->getVar('__googleData')) { $googleData = WCF::getSession()->getVar('__googleData'); $updateParameters['authData'] = 'google:' . $googleData['id']; $success[] = 'wcf.user.3rdparty.google.connect.success'; WCF::getSession()->unregister('__googleData'); WCF::getSession()->unregister('__googleUsername'); } } if ($this->googleDisconnect && StringUtil::startsWith(WCF::getUser()->authData, 'google:')) { $updateParameters['authData'] = ''; $success[] = 'wcf.user.3rdparty.google.disconnect.success'; } $data = array(); if (!empty($updateParameters) || !empty($this->additionalFields)) { $data['data'] = array_merge($this->additionalFields, $updateParameters); } $this->objectAction = new UserAction(array(WCF::getUser()), 'update', $data); $this->objectAction->executeAction(); // update cookie if (isset($_COOKIE[COOKIE_PREFIX . 'password']) && isset($updateParameters['password'])) { // reload user $user = new User(WCF::getUser()->userID); HeaderUtil::setCookie('password', PasswordUtil::getSaltedHash($updateParameters['password'], $user->password), TIME_NOW + 365 * 24 * 3600); } $this->saved(); $success = array_merge($success, WCF::getTPL()->get('success') ?: array()); // show success message WCF::getTPL()->assign('success', $success); // reset password $this->password = ''; $this->newPassword = $this->confirmNewPassword = ''; }
/** * Changes the user stored in the session, this method is different from changeUser() because it * attempts to re-use sessions unless there are other virtual sessions for the same user (userID != 0). * In reverse, logging out attempts to re-use the current session or spawns a new session depending * on other virtual sessions. * * @param \wcf\data\user\User $user */ protected function changeUserVirtual(User $user) { $sessionTable = call_user_func(array($this->sessionClassName, 'getDatabaseTableName')); switch ($user->userID) { // // user -> guest (logout) // case 0: // delete virtual session if ($this->virtualSession) { $virtualSessionEditor = new SessionVirtualEditor($this->virtualSession); $virtualSessionEditor->delete(); } // there are still other virtual sessions, create a new session if (SessionVirtual::countVirtualSessions($this->session->sessionID)) { // save session $sessionData = array('sessionID' => StringUtil::getRandomID(), 'userID' => $user->userID, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => !empty($_SERVER['REQUEST_METHOD']) ? substr($_SERVER['REQUEST_METHOD'], 0, 7) : ''); $this->session = call_user_func(array($this->sessionEditorClassName, 'create'), $sessionData); HeaderUtil::setCookie('cookieHash', $this->session->sessionID); } else { // this was the last virtual session, re-use current session // update session $sessionEditor = new $this->sessionEditorClassName($this->session); $sessionEditor->update(array('userID' => $user->userID)); } break; // // guest -> user (login) // // // guest -> user (login) // default: // find existing session for this user $session = call_user_func(array($this->sessionClassName, 'getSessionByUserID'), $user->userID); // no session exists, re-use current session if ($session === null) { // update session $sessionEditor = new $this->sessionEditorClassName($this->session); try { $this->register('__changeSessionID', true); $sessionEditor->update(array('userID' => $user->userID)); } catch (DatabaseException $e) { // MySQL error 23000 = unique key // do not check against the message itself, some weird systems localize them if ($e->getCode() == 23000) { // delete guest session $sessionEditor = new $this->sessionEditorClassName($this->session); $sessionEditor->delete(); // inherit existing session $this->session = $session; } else { // not our business throw $e; } } } else { // delete guest session $sessionEditor = new $this->sessionEditorClassName($this->session); $sessionEditor->delete(); // inherit existing session $this->session = $session; // inherit security token $variables = @unserialize($this->session->sessionVariables); if (is_array($variables) && !empty($variables['__SECURITY_TOKEN'])) { $this->register('__SECURITY_TOKEN', $variables['__SECURITY_TOKEN']); } HeaderUtil::setCookie('cookieHash', $this->session->sessionID); } break; } $this->user = $user; $this->loadVirtualSession(true); }