/** * Sets up the session for the currently logged-in user, trying to re-establish a session for "remember-me" users who have been logged out, * or creates a guest user object if no one is logged in. */ public function setup() { try { // Initialize RememberMe $storage = new \Birke\Rememberme\Storage\PDO($this->app->remember_me_table); $storage->setConnection(\Illuminate\Database\Capsule\Manager::connection()->getPdo()); $this->app->remember_me = new \Birke\Rememberme\Authenticator($storage); // Change cookie path $cookie = $this->app->remember_me->getCookie(); $cookie->setPath("/"); $this->app->remember_me->setCookie($cookie); // Determine if we are already logged in (user exists in the session variable) if (isset($_SESSION["userfrosting"]["user_id"]) && $_SESSION["userfrosting"]["user_id"] != null) { // Load the user. If they don't exist any more, throw an exception. if (!($this->app->user = User::find($_SESSION["userfrosting"]["user_id"]))) { throw new AccountInvalidException(); } //error_log("Current user id is " . $this->app->user->id); // Check, if the Rememberme cookie exists and is still valid. // If not, we log out the current session if (!empty($_COOKIE[$this->app->remember_me->getCookieName()]) && !$this->app->remember_me->cookieIsValid()) { //error_log("Session expired. logging out..."); $this->app->remember_me->clearCookie(); throw new AuthExpiredException(); } // If not, try to login via RememberMe cookie } else { // If we can present the correct tokens from the cookie, log the user in // Get the user id $name = $this->app->remember_me->getCookieName(); $user_id = $this->app->remember_me->login(); if ($user_id) { //error_log("Logging in via remember me for $user_id"); // Load the user $this->app->user = \UserFrosting\UserLoader::fetch($user_id); // Update in session $_SESSION["userfrosting"]["user_id"] = $user_id; // There is a chance that an attacker has stolen the login token, so we store // the fact that the user was logged in via RememberMe (instead of login form) $_SESSION['remembered_by_cookie'] = true; } else { // If $rememberMe returned false, check if the token was invalid if ($this->app->remember_me->loginTokenWasInvalid()) { //error_log("Cookie was stolen!"); throw new AuthCompromisedException(); } else { // $rememberMe returned false because of invalid/missing Rememberme cookie - create a dummy "guest" user $this->app->user = new User([], $this->app->config('user_id_guest')); } } } // Now we have an authenticated user, setup their environment $this->app->setupAuthenticatedEnvironment(); } catch (\PDOException $e) { // If we can't connect to the DB, then we can't create an authenticated user. That's ok if we're in installation mode. error_log("Unable to authenticate user, falling back to guest user."); error_log($e->getTraceAsString()); } }
$table_votes_pbidea = new \UserFrosting\DatabaseTable($app->config('db')['db_prefix'] . "votes_pbidea"); \UserFrosting\Database::setTable("user", $table_user); \UserFrosting\Database::setTable("group", $table_group); \UserFrosting\Database::setTable("group_user", $table_group_user); \UserFrosting\Database::setTable("configuration", $table_configuration); \UserFrosting\Database::setTable("authorize_user", $table_authorize_user); \UserFrosting\Database::setTable("authorize_group", $table_authorize_group); \UserFrosting\Database::setTable("bud", $table_bud); \UserFrosting\Database::setTable("votes_bud", $table_votes_bud); \UserFrosting\Database::setTable("coleg", $table_coleg); \UserFrosting\Database::setTable("votes_coleg", $table_votes_coleg); \UserFrosting\Database::setTable("osi", $table_osi); \UserFrosting\Database::setTable("votes_osi", $table_votes_osi); \UserFrosting\Database::setTable("pbidea", $table_pbidea); // Initialize static loader classes \UserFrosting\UserLoader::init($table_user); \UserFrosting\GroupLoader::init($table_group); \UserFrosting\BudLoader::init($table_bud); \UserFrosting\ColegLoader::init($table_coleg); \UserFrosting\OsiLoader::init($table_osi); \UserFrosting\PBideaLoader::init($table_pbidea); /* Load UserFrosting site settings */ // Default settings $setting_values = ['userfrosting' => ['site_title' => 'UserFrosting', 'admin_email' => '*****@*****.**', 'email_login' => '1', 'can_register' => '1', 'enable_captcha' => '1', 'require_activation' => '1', 'resend_activation_threshold' => '0', 'reset_password_timeout' => '10800', 'default_locale' => 'en_US', 'minify_css' => '0', 'minify_js' => '0', 'version' => '0.3.0', 'author' => 'Alex Weissman', 'show_terms_on_register' => '1', 'site_location' => 'The State of Indiana']]; $setting_descriptions = ['userfrosting' => ["site_title" => "The title of the site. By default, displayed in the title tag, as well as the upper left corner of every user page.", "admin_email" => "The administrative email for the site. Automated emails, such as activation emails and password reset links, will come from this address.", "email_login" => "Specify whether users can login via email address or username instead of just username.", "can_register" => "Specify whether public registration of new accounts is enabled. Enable if you have a service that users can sign up for, disable if you only want accounts to be created by you or an admin.", "enable_captcha" => "Specify whether new users must complete a captcha code when registering for an account.", "require_activation" => "Specify whether email activation is required for newly registered accounts. Accounts created on the admin side never need to be activated.", "resend_activation_threshold" => "The time, in seconds, that a user must wait before requesting that the activation email be resent.", "reset_password_timeout" => "The time, in seconds, before a user's password reminder email expires.", "default_locale" => "The default language for newly registered users.", "minify_css" => "Specify whether to use concatenated, minified CSS (production) or raw CSS includes (dev).", "minify_js" => "Specify whether to use concatenated, minified JS (production) or raw JS includes (dev).", "version" => "The current version of UserFrosting.", "author" => "The author of the site. Will be used in the site's author meta tag.", "show_terms_on_register" => "Specify whether or not to show terms and conditions when registering.", "site_location" => "The nation or state in which legal jurisdiction for this site falls."]]; // Load site settings $app->site = new \UserFrosting\SiteSettings($setting_values, $setting_descriptions); // Store to DB if not consistent if (!$app->site->isConsistent()) { $app->site->store(); }
class_alias("UserFrosting\\MySqlDatabase", "UserFrosting\\Database"); class_alias("UserFrosting\\MySqlUser", "UserFrosting\\User"); class_alias("UserFrosting\\MySqlUserLoader", "UserFrosting\\UserLoader"); class_alias("UserFrosting\\MySqlAuthLoader", "UserFrosting\\AuthLoader"); class_alias("UserFrosting\\MySqlGroup", "UserFrosting\\Group"); class_alias("UserFrosting\\MySqlGroupLoader", "UserFrosting\\GroupLoader"); class_alias("UserFrosting\\MySqlSiteSettings", "UserFrosting\\SiteSettings"); // Set enumerative values defined("GROUP_NOT_DEFAULT") or define("GROUP_NOT_DEFAULT", 0); defined("GROUP_DEFAULT") or define("GROUP_DEFAULT", 1); defined("GROUP_DEFAULT_PRIMARY") or define("GROUP_DEFAULT_PRIMARY", 2); // Pass Slim app to database \UserFrosting\Database::$app = $app; // Initialize static loader classes \UserFrosting\GroupLoader::init(); \UserFrosting\UserLoader::init(); /* Load UserFrosting site settings */ $app->site = new \UserFrosting\SiteSettings(); $app->hook('settings.register', function () use($app) { // Register core site settings $app->site->register('userfrosting', 'site_title', "Site Title"); $app->site->register('userfrosting', 'author', "Site Author"); $app->site->register('userfrosting', 'admin_email', "Account Management Email"); $app->site->register('userfrosting', 'default_locale', "Locale for New Users", "select", $app->site->getLocales()); $app->site->register('userfrosting', 'can_register', "Public Registration", "toggle", [0 => "Off", 1 => "On"]); $app->site->register('userfrosting', 'enable_captcha', "Registration Captcha", "toggle", [0 => "Off", 1 => "On"]); $app->site->register('userfrosting', 'require_activation', "Require Account Activation", "toggle", [0 => "Off", 1 => "On"]); $app->site->register('userfrosting', 'email_login', "Email Login", "toggle", [0 => "Off", 1 => "On"]); $app->site->register('userfrosting', 'resend_activation_threshold', "Resend Activation Email Cooloff (s)"); $app->site->register('userfrosting', 'reset_password_timeout', "Password Recovery Timeout (s)"); $app->site->register('userfrosting', 'minify_css', "Minify CSS", "toggle", [0 => "Off", 1 => "On"]);
/** * Check if the specified user (by user_id) is in a particular group. * * @param int $user_id the id of the user. * @param int $group_id the id of the group. * @return bool true if the user is in the group, false otherwise. */ static function in_group($user_id, $group_id) { $user = \UserFrosting\UserLoader::fetch($user_id); $groups = $user->getGroups(); return isset($groups[$group_id]); }