function check_session($login_required = TRUE, $redirect_function = NULL) { $msg = __("Sorry - you are not logged in or you have been logged out due to inactivity. Please, log in again."); session_start(); // clear old cookies from earlier CoreSystem versions foreach (array("pa_username", "pa_password") as $name) { if (isset($_COOKIE[$name])) { setcookie($name, "", 0, "/"); } } if (empty($_SESSION['user'])) { // no current session; see if we can auto-login from a cookie try { PA_Login::process_cookie(); } catch (CNException $e) { // log, but otherwise silently drop it on the floow Logger::log("Exception occurred processing login cookie: " . $e->getTraceAsString()); } } $not_logged_in = FALSE; if (empty($_SESSION['user'])) { $not_logged_in = TRUE; $msg = 'error=1'; } else { if ($login_required === "password" && $_SESSION['login_source'] != "password") { $not_logged_in = TRUE; $msg = 'msg=' . urlencode("For your security, you must enter your password to access this page."); } } if ($not_logged_in) { // redirect to login page if login is required if ($login_required) { if ($redirect_function) { return $redirect_function(); } header("Location: " . PA::$url . "/cnuser_login.php?" . $msg . "&return=" . urlencode($_SERVER['REDIRECT_URL'] . '?' . $_SERVER['REDIRECT_QUERY_STRING'])); } return 0; } else { ob_start(); $time = gmdate('D, d M Y H:i:s') . 'GMT'; header("Last-Modified: {$time}"); header("Expires: {$time}"); header("Pragma: no-cache"); return 1; } }
private function _process_cookie($cookie) { if (PA_Login::$once_only) { PA_Login::$once_only = 0; } else { die("PA_Login::process_cookie() called more than once in a page - this is not allowed."); } // parse and validate cookie $user_id = $this->login_cookie->parse_cookie($cookie); if (empty($user_id)) { PA_Login::_unset_cookie(); return; // invalid } // success - log in PA_Login::log_in($user_id, true, "cookie"); }
public function getCurrentUser() { global $page_uid, $page_user, $login_uid, $login_name, $login_user; require_once "api/User/User.php"; session_start(); PA::$login_uid = NULL; PA::$login_user = NULL; $login_uid = NULL; $login_name = NULL; $login_user = NULL; $this->CurrUser = isset($_SESSION['user']) ? $_SESSION['user'] : null; // Check if an authToken variable in GET and use it if available $authToken = isset($_GET['authToken']) ? $_GET['authToken'] : null; if ($authToken) { try { $user = new User(); $user = $this->getUserFromAuthToken($authToken); if ($user && $user->user_id) { // User is valid so log_in the user // Since we know that AuthToken was passed into the URL, we can assume this // user was redirected here from a partner web site. We need to log in the user // as if they logged in through the normal PeopleAggregator login form: // (ie. set all session variables just as if dologin.php was called). $referer = "external site"; if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; } $pal = new PA_Login(); $pal->log_in($user->user_id, false, $referer); // Set authToken as a session variable so that it can be accessed anywhere $_SESSION['authToken'] = $authToken; } } catch (Exception $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED, USER_TOKEN_INVALID, USER_TOKEN_EXPIRED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } } if ($this->CurrUser) { try { $user = new User(); $user->load((int) $this->CurrUser['id'], "user_id", TRUE); } catch (Exception $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } } if (isset($user) && $user) { // if the user variable is set if ($user->user_id) { $login_name = $this->CurrUser['name']; PA::$login_user = $login_user = $user; PA::$login_uid = $login_uid = $user->user_id; } if (PA::$login_uid) { PA::$login_user->update_user_time_spent(); User::track_status(PA::$login_uid); } } // If a user is specified on the query string as an ID (uid=123) or // login name (login=phil), validate the id/name and load the user // object. if (!empty($_GET['uid'])) { $page_uid = PA::$page_uid = (int) $_GET['uid']; $page_user = PA::$page_user = new User(); PA::$page_user->load(PA::$page_uid); } else { if (!empty($_GET['login'])) { $page_user = PA::$page_user = new User(); if (is_numeric($_GET['login'])) { PA::$page_user->load((int) $_GET['login']); } else { PA::$page_user->load($_GET['login']); } $page_uid = PA::$page_uid = PA::$page_user->user_id; } else { $page_uid = PA::$page_uid = $page_user = PA::$page_user = NULL; } } // Copy PA::$page_* into PA::$* if present, otherwise use PA::$login_*. if (PA::$page_uid) { $uid = PA::$uid = PA::$page_uid; $user = PA::$user = PA::$page_user; } else { $uid = PA::$uid = PA::$login_uid; $user = PA::$user = PA::$login_user; } session_commit(); }
* [description including history] * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * @author [creator, or "Original Author"] * @license http://bit.ly/aVWqRV PayAsYouGo License * @copyright Copyright (c) 2010 Broadband Mechanics * @package PeopleAggregator */ $login_required = TRUE; include_once "web/includes/page.php"; require_once "api/Theme/Template.php"; require_once "api/Login/PA_Login.class.php"; require_once "web/includes/classes/UrlHelper.class.php"; // if return url is set in the request then after logout redirect to the location else redirect to homepage. if (!empty($_REQUEST['return'])) { $return = $_REQUEST['return']; } else { // build rthe url via UrlHelper so we can respect the SSL directives $return = UrlHelper::url_for(PA::$url . '/' . FILE_LOGIN, array(), 'https'); } // destroy the login cookie PA_Login::log_out(); // invalidate the cache for user profile $file = PA::$theme_url . "/user_profile.tpl?uid=" . PA::$login_uid; CachedTemplate::invalidate_cache($file); // kill the session $_SESSION = array(); session_destroy(); session_start(); // and go home :) header("Location: {$return}"); exit;
$location .= "&return={$return_url}"; } header("Location:{$location}"); exit; } // username and password supplied - attempt to authenticate try { $u = User::authenticate_user($username, $password); } catch (CNException $e) { $msg = "Error: {$e->message}"; $error = TRUE; $u = FALSE; } if ($u > 0) { // if authetication succeeded $pal = new PA_Login(); $remember_me = isset($_POST['remember']) && $_POST['remember'] == 1; $pal->log_in($u, $remember_me, "password"); // verify token if (!empty($token)) { // if token isn't empty try { $token_arr = authenticate_invitation_token($token); } catch (CNException $e) { $token_arr[1] = "{$e->message}"; } } // if token is empty if (empty($token)) { $location = PA::$after_login_page; } else {
function peopleaggregator_logout($args) { session_start(); $token = $args['authToken']; $user = User::from_auth_token($token); if ($user) { PA::$login_uid = $user->user_id; // destroy the login cookie PA_Login::log_out(); } // invalidate the cache for user profile $file = PA::$theme_url . "/user_profile.tpl?uid=" . PA::$login_uid; CachedTemplate::invalidate_cache($file); // kill the session $_SESSION = array(); session_destroy(); session_start(); return array('success' => TRUE); }
function check_session($login_required = TRUE, $redirect_function = NULL) { $msg = __("Sorry - you are not logged in or you have been logged out due to inactivity. Please, log in again."); session_start(); // clear old cookies from earlier PA versions foreach (array("pa_username", "pa_password") as $name) { if (isset($_COOKIE[$name])) { setcookie($name, "", 0, "/"); } } if (empty($_SESSION['user'])) { // no current session; see if we can auto-login from a cookie try { PA_Login::process_cookie(); } catch (PAException $e) { // log, but otherwise silently drop it on the floow Logger::log("Exception occurred processing login cookie: " . $e->getTraceAsString()); } } $not_logged_in = FALSE; if (empty($_SESSION['user'])) { $not_logged_in = TRUE; $msg = 'error=1'; } else { if ($login_required === "password" && $_SESSION['login_source'] != "password") { $not_logged_in = TRUE; $msg = 'msg=' . urlencode("For your security, you must enter your password to access this page."); } } if ($not_logged_in) { // redirect to login page if login is required if ($login_required) { if ($redirect_function) { return $redirect_function(); } if (isset($_SERVER) && isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI']) && strrpos($_SERVER['REQUEST_URI'], "logout.php") != false) { $return = null; // Parag Jagdale - 10/14/10 // if return url is set in the request then after logout redirect to the location if (!empty($_REQUEST['return'])) { $return = $_REQUEST['return']; } else { $redirectQueryString = null; if (isset($_GET) && isset($_GET['redirect'])) { $redirectQueryString = $_GET['redirect']; } if (isset($redirectQueryString) && !empty($redirectQueryString)) { //TODO: check if there are security implications to sending this directly // to header(Location: ), or if there needs to be cleanup of the parameter $return = $redirectQueryString; } else { $return = CC_APPLICATION_URL . "/people/logout"; } } //echo strrpos($_SERVER['REQUEST_URI'],"logout.php") . $return; exit; if (isset($return) && !empty($return) && $return != false) { header("Location: {$return}"); exit; } } // Parag Jagdale - 10/14/10: end header("Location: " . PA::$url . "/login.php?" . $msg . "&return=" . urlencode($_SERVER['REDIRECT_URL'] . '?' . @$_SERVER['REDIRECT_QUERY_STRING'])); } return 0; } else { ob_start(); $time = gmdate('D, d M Y H:i:s') . 'GMT'; header("Last-Modified: {$time}"); header("Expires: {$time}"); header("Pragma: no-cache"); return 1; } }