/** * Require a user to be logged in. Redirects to /login if a session is not found. * @param int $rank * @return int|bool */ protected function _requireLogin($rank = \Model\User::RANK_CLIENT) { $f3 = \Base::instance(); if ($id = $f3->get("user.id")) { if ($f3->get("user.rank") >= $rank) { return $id; } else { $f3->error(403); $f3->unload(); return false; } } else { if ($f3->get("site.demo") && is_numeric($f3->get("site.demo"))) { $user = new \Model\User(); $user->load($f3->get("site.demo")); if ($user->id) { $session = new \Model\Session($user->id); $session->setCurrent(); $f3->reroute("/"); return; } else { $f3->set("error", "Auto-login failed, demo user was not found."); } } if (empty($_GET)) { $f3->reroute("/login?to=" . urlencode($f3->get("PATH"))); } else { $f3->reroute("/login?to=" . urlencode($f3->get("PATH")) . urlencode("?" . http_build_query($_GET))); } $f3->unload(); return false; } }
/** * Load currently logged in user, if any * @return mixed */ public function loadCurrent() { $f3 = \Base::instance(); // Load current session $session = new \Model\Session(); $session->loadCurrent(); // Load user if ($session->user_id) { $this->load(array("id = ? AND deleted_date IS NULL", $session->user_id)); if ($this->id) { $f3->set("user", $this->cast()); $f3->set("user_obj", $this); // Change default language if user has selected one if ($this->exists("language") && $this->language) { $f3->set("LANGUAGE", $this->language); } } } return $this; }
public function logout($f3) { $session = new \Model\Session(); $session->loadCurrent(); $session->delete(); $f3->reroute("/"); }
/** * Allows a user to authenticate and creates a new session. * * @param string $email User's email address * @param string $password User's password * * @return session * * @throws Exception */ public function login($email, $password, $isPersistent = false) { if ($this->isAuthenticated()) { // User is already authenticated throw new \Exception('already_authenticated'); } // Validate email address Model\User::validateEmail($email); // Validate password Model\User::validatePassword($password); // Get user with provided email address $user = $this->database->getUserByEmail($email); if (!$user) { // User does not exist throw new \Exception('email_password_incorrect'); } if (!$user->isActivated()) { // Account is not yet activated throw new \Exception("account_not_activated"); } if (!$user->verifyPassword($password)) { // Provided password doesn't match the user's password throw new \Exception('email_password_incorrect'); } // Create a new session $session = Model\Session::createSession($user->getId(), $isPersistent); // Add session to database $this->database->addSession($session); // Set the user's session cookie $this->setSessionCookie($session->getUuid(), $session->getExpiryDate()); // Set authenticated user $this->setAuthenticatedUser($user); $this->addLog("user.login"); }