public function login(StatTracker $app)
{
$response = null;
if (wp_validate_auth_cookie('', 'logged_in')) {
if ($app['session']->get("agent") === null) {
$user = wp_get_current_user();
// Allow a plugin to grant/deny this user. See wiki for details
$user = apply_filters(ST_USER_AUTH_FILTER, $user);
if (!$user instanceof \WP_User) {
if (is_string($user)) {
$response = AuthResponse::registrationRequired($user);
} else {
$response = AuthResponse::registrationRequired("Access was denied. Please contact @" . ADMIN_AGENT);
}
$this->logger->info(sprintf("Registration required for %s", $email_address));
} else {
$agent = Agent::lookupAgentName($user->user_email);
if (!$agent->isValid()) {
$name = apply_filters(ST_AGENT_NAME_FILTER, $user->user_login);
$this->logger->info(sprintf("Adding new agent %s", $name));
$agent->name = $name;
// Insert them into the DB
$stmt = $app->db()->prepare("INSERT INTO Agent (email, agent) VALUES (?, ?) ON DUPLICATE KEY UPDATE agent = ?;");
$stmt->execute(array($user->user_email, $name, $name));
$stmt->closeCursor();
// Generate an API token
$this->generateAPIToken($agent);
$agent = Agent::lookupAgentName($user->user_email);
if (!$agent->isValid()) {
$this->logger->error(sprintf("%s still not a valid agent", $agent->name));
return AuthResponse::error("An unrecoverable error has occured");
}
}
$app['session']->set("agent", $agent);
$response = AuthResponse::okay($agent);
$this->logger->info(sprintf("%s authenticated successfully", $agent->name));
}
} else {
$agent = $app['session']->get("agent");
if (Agent::lookupAgentByToken($agent->getToken())->isValid()) {
$response = AuthResponse::okay($agent);
} else {
$this->logger->info(sprintf("Invalid token for %s. Logging out", $agent->name));
return $this->logout($app);
}
}
return $response;
} else {
$app['session']->set("agent", null);
$response = AuthResponse::authenticationRequired($this);
}
return $response;
}
/**
* Updates the agent's stats.
*
* @param array $data associative array where key is stat and value is the value for the stat.
*/
public function updateStats($data, $allow_lower)
{
// Get lowest submission date
$stmt = StatTracker::db()->prepare("SELECT COALESCE(MIN(date), CAST(NOW() AS Date)) `min_date` FROM Data WHERE agent = ?");
try {
$stmt->execute(array($this->name));
extract($stmt->fetch());
$ts = date("Y-m-d 00:00:00");
$dt = $data['date'] == null ? date("Y-m-d") : $data['date'];
$select_stmt = StatTracker::db()->prepare("SELECT value `current_value` FROM Data WHERE agent = ? AND date = ? AND stat = ?");
$insert_stmt = StatTracker::db()->prepare("INSERT INTO Data (agent, date, timepoint, stat, value) VALUES (?, ?, DATEDIFF(?, ?) + 1, ?, ?) ON DUPLICATE KEY UPDATE value = VALUES(value);");
StatTracker::db()->beginTransaction();
foreach ($data as $stat => $value) {
if ($stat == "date") {
continue;
}
$value = filter_var($data[$stat], FILTER_SANITIZE_NUMBER_INT);
$value = !is_numeric($value) ? 0 : $value;
if ($allow_lower) {
$insert_stmt->execute(array($this->name, $dt, $dt, $min_date, $stat, $value));
} else {
$select_stmt->execute(array($this->name, $dt, $stat));
extract($select_stmt->fetch());
$select_stmt->closeCursor();
if ($current_value <= $value) {
$insert_stmt->execute(array($this->name, $dt, $dt, $min_date, $stat, $value));
} else {
StatTracker::db()->rollback();
return sprintf("Stats cannot be updated. %s is lower than %s for %s.", number_format($value), number_format($current_value), StatTracker::getStats()[$stat]->name);
}
}
}
StatTracker::db()->commit();
return true;
} catch (Exception $e) {
throw $e;
} finally {
$select_stmt->closeCursor();
$insert_stmt->closeCursor();
}
}
/**
* Generates an authorization code for the given email address. If the email address is not
* already in the database, it will be inserted. If it already exists, the authorization code
* will be updated.
*
* @param string $email_address the email address retrieved from authentication
* @param bool $newIfExists Whether or not to issue a new auth code if one already exists
*
* @return void
*/
private function generateAuthCode($email_address, $newIfExists = false)
{
$length = 6;
$code = md5($email_address);
$code = str_shuffle($code);
$start = rand(0, strlen($code) - $length - 1);
$code = substr($code, $start, $length);
$num_rows = 0;
if (!$newIfExists) {
$stmt = StatTracker::db()->prepare("SELECT agent FROM Agent WHERE email = ?;");
$stmt->execute(array($email_address));
$num_rows = $stmt->rowCount();
$stmt->closeCursor();
}
if ($num_rows != 1 || $newIfExists) {
try {
$stmt = StatTracker::db()->prepare("INSERT INTO Agent (`email`, `auth_code`) VALUES (?, ?) ON DUPLICATE KEY UPDATE auth_code = VALUES(auth_code);");
$stmt->execute(array($email_address, $code));
$stmt->closeCursor();
} catch (PDOException $e) {
// Failing to insert an auth code will cause a generic registration email to be sent to the user.
error_log($e);
}
}
}
/**
* Generates an authorization code for the given email address. If the email address is not
* already in the database, it will be inserted. If it already exists, the authorization code
* will be updated.
*
* @param string $email_address the email address retrieved from authentication
* @param bool $newIfExists Whether or not to issue a new auth code if one already exists
*
* @return void
*/
private function createNewAgent($email_address, $agent_name)
{
try {
$stmt = StatTracker::db()->prepare("INSERT INTO Agent (`email`, `agent`) VALUES (?, ?) ON DUPLICATE KEY UPDATE agent = VALUES(agent);");
$stmt->execute(array($email_address, $agent_name));
$stmt->closeCursor();
} catch (PDOException $e) {
// Failing to insert an auth code will cause a generic registration email to be sent to the user.
error_log($e);
}
}
