function check_cookie()
{
global $cookie_name, $cookie_seed;
// Get Slim current session
$feather = \Slim\Slim::getInstance();
$now = time();
// Get FeatherBB cookie
$cookie_raw = $feather->getCookie($cookie_name);
// Check if cookie exists and is valid (getCookie method returns false if the data has been tampered locally so it can't decrypt the cookie);
if (isset($cookie_raw)) {
$cookie = json_decode($cookie_raw, true);
$checksum = hash_hmac('sha1', $cookie['user_id'] . $cookie['expires'], $cookie_seed . '_checksum');
// If cookie has a non-guest user, hasn't expired and is legit
if ($cookie['user_id'] > 1 && $cookie['expires'] > $now && $checksum == $cookie['checksum']) {
// Get user info from db
$select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
$where_check_cookie = array('u.id' => intval($cookie['user_id']));
$result = \DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o')->where($where_check_cookie)->find_result_set();
foreach ($result as $feather->user) {
}
// Another security check, to prevent identity fraud by changing the user id in the cookie) (might be useless considering the strength of encryption)
if (isset($feather->user->id) && hash_hmac('sha1', $feather->user->password, $cookie_seed . '_password_hash') === $cookie['password_hash']) {
$expires = $cookie['expires'] > $now + $feather->config['o_timeout_visit'] ? $now + 1209600 : $now + $feather->config['o_timeout_visit'];
$feather->user->is_guest = false;
$feather->user->is_admmod = $feather->user->g_id == FEATHER_ADMIN || $feather->user->g_moderator == '1';
feather_setcookie($feather->user->id, $feather->user->password, $expires);
set_preferences();
return true;
}
}
}
// If there is no cookie, or cookie is guest or expired, let's reconnect.
$expires = $now + 31536000;
// The cookie expires after a year
feather_setcookie(1, feather_hash(uniqid(rand(), true)), $expires);
return set_default_user();
}
// IN THE WORK.
//----------------------------------------------------------------------
require_once "user.php";
require_once "db_utils.php";
require_once "ma_constants.php";
require_once "ma_client.php";
require_once "util.php";
require_once "user-preferences.php";
$user = geni_loadUser();
if (!isset($user) || is_null($user) || !$user->isActive()) {
exit;
}
if (array_key_exists('user_urn', $_REQUEST)) {
$user_urn = $_REQUEST['user_urn'];
unset($_REQUEST['user_urn']);
set_preferences($user_urn, $_REQUEST);
} else {
print "Error: No user URN specified.";
error_log("Error: No user URN specified.");
}
function set_preferences($user_urn, $preferences)
{
global $possible_prefs;
$conn = portal_conn();
$db_user_urn = $conn->quote($user_urn, "text");
$success_string = "";
foreach ($preferences as $pref_name => $pref_value) {
if (array_key_exists($pref_name, $possible_prefs)) {
if (in_array($pref_value, $possible_prefs[$pref_name])) {
$pref_name = $conn->quote($pref_name, "text");
$pref_value = $conn->quote($pref_value, "text");
