/**
* checks the email/verification code combination and set the user's activation status to true in the database
*
* @param string $user_name
* @param string $ua_verification_code verification token
*
* @return bool success status
*/
public static function verifyNewUser($user_name, $ua_verification_code)
{
$dql = "UPDATE " . User::TABLE_NAME . " u SET u.active = 1, u.activationhash = NULL WHERE u.username = '******' AND u.activationhash = '" . $ua_verification_code . "'";
$numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
if ($numUpdated == 1) {
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL'));
return true;
}
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED'));
return false;
}
/**
* performs the login via cookie (for DEFAULT user account, FACEBOOK-accounts are handled differently)
* TODO add throttling here ?
*
* @param $cookie string The cookie "remember_me"
*
* @return bool success state
*/
public static function loginWithCookie($cookie)
{
// do we have a cookie ?
if (!$cookie) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
// before list(), check it can be split into 3 strings.
if (count(explode(':', $cookie)) !== 3) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
// check cookie's contents, check if cookie contents belong together or token is empty
list($user_name, $token, $hash) = explode(':', $cookie);
// decrypt user user_name
$user_name = Encryption::decrypt($user_name);
if ($hash !== hash('sha256', $user_name . ':' . $token) or empty($token) or empty($user_name)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
// get data of user that has this id and this token
$user = UserModel::getUserDataByUserNameAndToken($user_name, $token);
// if user with that id and exactly that cookie token exists in database
if ($user) {
// successfully logged in, so we write all necessary data into the session and set "user_logged_in" to true
self::setSuccessfulLoginIntoSession($user->getUsername(), $user->getEmail(), $user->getAccounttype(), $user->getProvidertype());
// save timestamp of this login in the database line of that user
self::saveTimestampOfLoginOfUser($user->getUsername());
// NOTE: we don't set another remember_me-cookie here as the current cookie should always
// be invalid after a certain amount of time, so the user has to login with username/password
// again from time to time. This is good and safe ! ;)
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_COOKIE_LOGIN_SUCCESSFUL'));
return true;
} else {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
}
/**
* Removes the avatar image file from the filesystem
*
* @param string $userName
* @return bool
*/
public static function deleteAvatarImageFile($userName)
{
$avatarId = $this->getIdForImage($userName);
// Check if file exists
if (!file_exists(Config::get('avatar.path') . $avatarId . ".jpg")) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_NO_FILE"));
return false;
}
// Delete avatar file
if (!unlink(Config::get('avatar.path') . $avatarId . ".jpg")) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
return false;
}
return true;
}
private static function registerNewUserExternal($fb_graph_user, $accessToken)
{
$fb_id = $fb_graph_user->getId();
if (ExternalModel::getUserById($fb_id) !== null) {
IubarFattureApp::getInstance()->log->debug('Fb user\'s id aleady in use');
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_FB_ID_ALREADY_TAKEN'));
return false;
}
if (ExternalModel::getUserByEmail($fb_id, UserModel::PROVIDER_TYPE_FB) !== null) {
IubarFattureApp::getInstance()->log->debug('Fb user\'s id aleady in use');
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_FB_EMAIL_ALREADY_TAKEN'));
return false;
}
// write user data to database
if (!self::writeNewFbUserToDatabase($fb_graph_user, $accessToken)) {
IubarFattureApp::getInstance()->log->debug('Registrazione fallita');
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED'));
return false;
}
return true;
}
/**
* Validates current and new passwords
*
* @param string $user_name
* @param string $user_password_current
* @param string $user_password_new
* @param string $user_password_repeat
*
* @return bool
*/
public static function validatePasswordChange($user_name, $user_password_current, $user_password_new, $user_password_repeat)
{
$user = UserModel::getByUsername($user_name);
if ($user) {
$user_password_hash = $user->getPwdhash();
} else {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_DOES_NOT_EXIST'));
return false;
}
if (!password_verify($user_password_current, $user_password_hash)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_CURRENT_INCORRECT'));
return false;
} else {
if (empty($user_password_new) || empty($user_password_repeat)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY'));
return false;
} else {
if ($user_password_new !== $user_password_repeat) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG'));
return false;
} else {
if (strlen($user_password_new) < 6) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
return false;
} else {
if ($user_password_current == $user_password_new) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_NEW_SAME_AS_CURRENT'));
return false;
}
}
}
}
}
return true;
}
