function check_cookie() { global $cookie_name, $cookie_seed; // Get Slim current session $feather = \Slim\Slim::getInstance(); $now = time(); // Get FeatherBB cookie $cookie_raw = $feather->getCookie($cookie_name); // Check if cookie exists and is valid (getCookie method returns false if the data has been tampered locally so it can't decrypt the cookie); if (isset($cookie_raw)) { $cookie = json_decode($cookie_raw, true); $checksum = hash_hmac('sha1', $cookie['user_id'] . $cookie['expires'], $cookie_seed . '_checksum'); // If cookie has a non-guest user, hasn't expired and is legit if ($cookie['user_id'] > 1 && $cookie['expires'] > $now && $checksum == $cookie['checksum']) { // Get user info from db $select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle'); $where_check_cookie = array('u.id' => intval($cookie['user_id'])); $result = \DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o')->where($where_check_cookie)->find_result_set(); foreach ($result as $feather->user) { } // Another security check, to prevent identity fraud by changing the user id in the cookie) (might be useless considering the strength of encryption) if (isset($feather->user->id) && hash_hmac('sha1', $feather->user->password, $cookie_seed . '_password_hash') === $cookie['password_hash']) { $expires = $cookie['expires'] > $now + $feather->config['o_timeout_visit'] ? $now + 1209600 : $now + $feather->config['o_timeout_visit']; $feather->user->is_guest = false; $feather->user->is_admmod = $feather->user->g_id == FEATHER_ADMIN || $feather->user->g_moderator == '1'; feather_setcookie($feather->user->id, $feather->user->password, $expires); set_preferences(); return true; } } } // If there is no cookie, or cookie is guest or expired, let's reconnect. $expires = $now + 31536000; // The cookie expires after a year feather_setcookie(1, feather_hash(uniqid(rand(), true)), $expires); return set_default_user(); }
// IN THE WORK. //---------------------------------------------------------------------- require_once "user.php"; require_once "db_utils.php"; require_once "ma_constants.php"; require_once "ma_client.php"; require_once "util.php"; require_once "user-preferences.php"; $user = geni_loadUser(); if (!isset($user) || is_null($user) || !$user->isActive()) { exit; } if (array_key_exists('user_urn', $_REQUEST)) { $user_urn = $_REQUEST['user_urn']; unset($_REQUEST['user_urn']); set_preferences($user_urn, $_REQUEST); } else { print "Error: No user URN specified."; error_log("Error: No user URN specified."); } function set_preferences($user_urn, $preferences) { global $possible_prefs; $conn = portal_conn(); $db_user_urn = $conn->quote($user_urn, "text"); $success_string = ""; foreach ($preferences as $pref_name => $pref_value) { if (array_key_exists($pref_name, $possible_prefs)) { if (in_array($pref_value, $possible_prefs[$pref_name])) { $pref_name = $conn->quote($pref_name, "text"); $pref_value = $conn->quote($pref_value, "text");