function check_session($login_required = TRUE, $redirect_function = NULL)
{
$msg = __("Sorry - you are not logged in or you have been logged out due to inactivity. Please, log in again.");
session_start();
// clear old cookies from earlier CoreSystem versions
foreach (array("pa_username", "pa_password") as $name) {
if (isset($_COOKIE[$name])) {
setcookie($name, "", 0, "/");
}
}
if (empty($_SESSION['user'])) {
// no current session; see if we can auto-login from a cookie
try {
PA_Login::process_cookie();
} catch (CNException $e) {
// log, but otherwise silently drop it on the floow
Logger::log("Exception occurred processing login cookie: " . $e->getTraceAsString());
}
}
$not_logged_in = FALSE;
if (empty($_SESSION['user'])) {
$not_logged_in = TRUE;
$msg = 'error=1';
} else {
if ($login_required === "password" && $_SESSION['login_source'] != "password") {
$not_logged_in = TRUE;
$msg = 'msg=' . urlencode("For your security, you must enter your password to access this page.");
}
}
if ($not_logged_in) {
// redirect to login page if login is required
if ($login_required) {
if ($redirect_function) {
return $redirect_function();
}
header("Location: " . PA::$url . "/cnuser_login.php?" . $msg . "&return=" . urlencode($_SERVER['REDIRECT_URL'] . '?' . $_SERVER['REDIRECT_QUERY_STRING']));
}
return 0;
} else {
ob_start();
$time = gmdate('D, d M Y H:i:s') . 'GMT';
header("Last-Modified: {$time}");
header("Expires: {$time}");
header("Pragma: no-cache");
return 1;
}
}
private function _process_cookie($cookie)
{
if (PA_Login::$once_only) {
PA_Login::$once_only = 0;
} else {
die("PA_Login::process_cookie() called more than once in a page - this is not allowed.");
}
// parse and validate cookie
$user_id = $this->login_cookie->parse_cookie($cookie);
if (empty($user_id)) {
PA_Login::_unset_cookie();
return;
// invalid
}
// success - log in
PA_Login::log_in($user_id, true, "cookie");
}
public function getCurrentUser()
{
global $page_uid, $page_user, $login_uid, $login_name, $login_user;
require_once "api/User/User.php";
session_start();
PA::$login_uid = NULL;
PA::$login_user = NULL;
$login_uid = NULL;
$login_name = NULL;
$login_user = NULL;
$this->CurrUser = isset($_SESSION['user']) ? $_SESSION['user'] : null;
// Check if an authToken variable in GET and use it if available
$authToken = isset($_GET['authToken']) ? $_GET['authToken'] : null;
if ($authToken) {
try {
$user = new User();
$user = $this->getUserFromAuthToken($authToken);
if ($user && $user->user_id) {
// User is valid so log_in the user
// Since we know that AuthToken was passed into the URL, we can assume this
// user was redirected here from a partner web site. We need to log in the user
// as if they logged in through the normal PeopleAggregator login form:
// (ie. set all session variables just as if dologin.php was called).
$referer = "external site";
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
}
$pal = new PA_Login();
$pal->log_in($user->user_id, false, $referer);
// Set authToken as a session variable so that it can be accessed anywhere
$_SESSION['authToken'] = $authToken;
}
} catch (Exception $e) {
if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED, USER_TOKEN_INVALID, USER_TOKEN_EXPIRED))) {
throw $e;
}
// The currently logged-in user has been deleted; invalidate the session.
session_destroy();
session_start();
$login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL;
}
}
if ($this->CurrUser) {
try {
$user = new User();
$user->load((int) $this->CurrUser['id'], "user_id", TRUE);
} catch (Exception $e) {
if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) {
throw $e;
}
// The currently logged-in user has been deleted; invalidate the session.
session_destroy();
session_start();
$login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL;
}
}
if (isset($user) && $user) {
// if the user variable is set
if ($user->user_id) {
$login_name = $this->CurrUser['name'];
PA::$login_user = $login_user = $user;
PA::$login_uid = $login_uid = $user->user_id;
}
if (PA::$login_uid) {
PA::$login_user->update_user_time_spent();
User::track_status(PA::$login_uid);
}
}
// If a user is specified on the query string as an ID (uid=123) or
// login name (login=phil), validate the id/name and load the user
// object.
if (!empty($_GET['uid'])) {
$page_uid = PA::$page_uid = (int) $_GET['uid'];
$page_user = PA::$page_user = new User();
PA::$page_user->load(PA::$page_uid);
} else {
if (!empty($_GET['login'])) {
$page_user = PA::$page_user = new User();
if (is_numeric($_GET['login'])) {
PA::$page_user->load((int) $_GET['login']);
} else {
PA::$page_user->load($_GET['login']);
}
$page_uid = PA::$page_uid = PA::$page_user->user_id;
} else {
$page_uid = PA::$page_uid = $page_user = PA::$page_user = NULL;
}
}
// Copy PA::$page_* into PA::$* if present, otherwise use PA::$login_*.
if (PA::$page_uid) {
$uid = PA::$uid = PA::$page_uid;
$user = PA::$user = PA::$page_user;
} else {
$uid = PA::$uid = PA::$login_uid;
$user = PA::$user = PA::$login_user;
}
session_commit();
}
* [description including history]
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* @author [creator, or "Original Author"]
* @license http://bit.ly/aVWqRV PayAsYouGo License
* @copyright Copyright (c) 2010 Broadband Mechanics
* @package PeopleAggregator
*/
$login_required = TRUE;
include_once "web/includes/page.php";
require_once "api/Theme/Template.php";
require_once "api/Login/PA_Login.class.php";
require_once "web/includes/classes/UrlHelper.class.php";
// if return url is set in the request then after logout redirect to the location else redirect to homepage.
if (!empty($_REQUEST['return'])) {
$return = $_REQUEST['return'];
} else {
// build rthe url via UrlHelper so we can respect the SSL directives
$return = UrlHelper::url_for(PA::$url . '/' . FILE_LOGIN, array(), 'https');
}
// destroy the login cookie
PA_Login::log_out();
// invalidate the cache for user profile
$file = PA::$theme_url . "/user_profile.tpl?uid=" . PA::$login_uid;
CachedTemplate::invalidate_cache($file);
// kill the session
$_SESSION = array();
session_destroy();
session_start();
// and go home :)
header("Location: {$return}");
exit;
$location .= "&return={$return_url}";
}
header("Location:{$location}");
exit;
}
// username and password supplied - attempt to authenticate
try {
$u = User::authenticate_user($username, $password);
} catch (CNException $e) {
$msg = "Error: {$e->message}";
$error = TRUE;
$u = FALSE;
}
if ($u > 0) {
// if authetication succeeded
$pal = new PA_Login();
$remember_me = isset($_POST['remember']) && $_POST['remember'] == 1;
$pal->log_in($u, $remember_me, "password");
// verify token
if (!empty($token)) {
// if token isn't empty
try {
$token_arr = authenticate_invitation_token($token);
} catch (CNException $e) {
$token_arr[1] = "{$e->message}";
}
}
// if token is empty
if (empty($token)) {
$location = PA::$after_login_page;
} else {
function peopleaggregator_logout($args)
{
session_start();
$token = $args['authToken'];
$user = User::from_auth_token($token);
if ($user) {
PA::$login_uid = $user->user_id;
// destroy the login cookie
PA_Login::log_out();
}
// invalidate the cache for user profile
$file = PA::$theme_url . "/user_profile.tpl?uid=" . PA::$login_uid;
CachedTemplate::invalidate_cache($file);
// kill the session
$_SESSION = array();
session_destroy();
session_start();
return array('success' => TRUE);
}
function check_session($login_required = TRUE, $redirect_function = NULL)
{
$msg = __("Sorry - you are not logged in or you have been logged out due to inactivity. Please, log in again.");
session_start();
// clear old cookies from earlier PA versions
foreach (array("pa_username", "pa_password") as $name) {
if (isset($_COOKIE[$name])) {
setcookie($name, "", 0, "/");
}
}
if (empty($_SESSION['user'])) {
// no current session; see if we can auto-login from a cookie
try {
PA_Login::process_cookie();
} catch (PAException $e) {
// log, but otherwise silently drop it on the floow
Logger::log("Exception occurred processing login cookie: " . $e->getTraceAsString());
}
}
$not_logged_in = FALSE;
if (empty($_SESSION['user'])) {
$not_logged_in = TRUE;
$msg = 'error=1';
} else {
if ($login_required === "password" && $_SESSION['login_source'] != "password") {
$not_logged_in = TRUE;
$msg = 'msg=' . urlencode("For your security, you must enter your password to access this page.");
}
}
if ($not_logged_in) {
// redirect to login page if login is required
if ($login_required) {
if ($redirect_function) {
return $redirect_function();
}
if (isset($_SERVER) && isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI']) && strrpos($_SERVER['REQUEST_URI'], "logout.php") != false) {
$return = null;
// Parag Jagdale - 10/14/10
// if return url is set in the request then after logout redirect to the location
if (!empty($_REQUEST['return'])) {
$return = $_REQUEST['return'];
} else {
$redirectQueryString = null;
if (isset($_GET) && isset($_GET['redirect'])) {
$redirectQueryString = $_GET['redirect'];
}
if (isset($redirectQueryString) && !empty($redirectQueryString)) {
//TODO: check if there are security implications to sending this directly
// to header(Location: ), or if there needs to be cleanup of the parameter
$return = $redirectQueryString;
} else {
$return = CC_APPLICATION_URL . "/people/logout";
}
}
//echo strrpos($_SERVER['REQUEST_URI'],"logout.php") . $return; exit;
if (isset($return) && !empty($return) && $return != false) {
header("Location: {$return}");
exit;
}
}
// Parag Jagdale - 10/14/10: end
header("Location: " . PA::$url . "/login.php?" . $msg . "&return=" . urlencode($_SERVER['REDIRECT_URL'] . '?' . @$_SERVER['REDIRECT_QUERY_STRING']));
}
return 0;
} else {
ob_start();
$time = gmdate('D, d M Y H:i:s') . 'GMT';
header("Last-Modified: {$time}");
header("Expires: {$time}");
header("Pragma: no-cache");
return 1;
}
}
