/** * Kicks the selected user out of the system instantly by resetting the user's session. * This means, the user will be "logged out". * * @param $userId * @return bool */ private static function resetUserSession($userId) { $database = DatabaseFactory::getFactory()->getConnection(); $query = $database->prepare("UPDATE users SET session_id = :session_id WHERE user_id = :user_id LIMIT 1"); $query->execute(array(':session_id' => null, ':user_id' => $userId)); if ($query->rowCount() == 1) { Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_USER_SUCCESSFULLY_KICKED')); return true; } }
/** * Upgrades / downgrades the user's account. Currently it's just the field user_account_type in the database that * can be 1 or 2 (maybe "basic" or "premium"). Put some more complex stuff in here, maybe a pay-process or whatever * you like. * * @param $type * * @return bool */ public static function changeUserRole($type) { if (!$type) { return false; } // save new role to database if (self::saveRoleToDatabase($type)) { Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_TYPE_CHANGE_SUCCESSFUL')); return true; } else { Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_TYPE_CHANGE_FAILED')); return false; } }
/** * Removes the avatar image file from the filesystem * * @param integer $userId * @return bool */ public static function deleteAvatarImageFile($userId) { // Check if file exists if (!file_exists(Config::get('PATH_AVATARS') . $userId . ".jpg")) { Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_NO_FILE")); return false; } // Delete avatar file if (!unlink(Config::get('PATH_AVATARS') . $userId . ".jpg")) { Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED")); return false; } return true; }
/** * performs the login via cookie (for DEFAULT user account, FACEBOOK-accounts are handled differently) * TODO add throttling here ? * * @param $cookie string The cookie "remember_me" * * @return bool success state */ public static function loginWithCookie($cookie) { // do we have a cookie ? if (!$cookie) { Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID')); return false; } // before list(), check it can be split into 3 strings. if (count(explode(':', $cookie)) !== 3) { Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID')); return false; } // check cookie's contents, check if cookie contents belong together or token is empty list($user_id, $token, $hash) = explode(':', $cookie); // decrypt user id $user_id = Encryption::decrypt($user_id); if ($hash !== hash('sha256', $user_id . ':' . $token) || empty($token) || empty($user_id)) { Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID')); return false; } // get data of user that has this id and this token $result = UserModel::getUserDataByUserIdAndToken($user_id, $token); // if user with that id and exactly that cookie token exists in database if ($result) { // successfully logged in, so we write all necessary data into the session and set "user_logged_in" to true self::setSuccessfulLoginIntoSession($result->user_id, $result->user_name, $result->user_email, $result->user_account_type); // save timestamp of this login in the database line of that user self::saveTimestampOfLoginOfUser($result->user_name); // NOTE: we don't set another remember_me-cookie here as the current cookie should always // be invalid after a certain amount of time, so the user has to login with username/password // again from time to time. This is good and safe ! ;) Session::add('feedback_positive', Text::get('FEEDBACK_COOKIE_LOGIN_SUCCESSFUL')); return true; } else { Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID')); return false; } }
/** * Delete a specific note * @param int $note_id id of the note * @return bool feedback (was the note deleted properly ?) */ public static function deleteNote($note_id) { if (!$note_id) { return false; } $database = DatabaseFactory::getFactory()->getConnection(); $sql = "DELETE FROM notes WHERE note_id = :note_id AND user_id = :user_id LIMIT 1"; $query = $database->prepare($sql); $query->execute(array(':note_id' => $note_id, ':user_id' => Session::get('user_id'))); if ($query->rowCount() == 1) { return true; } // default return Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_DELETION_FAILED')); return false; }
/** * Edit the user's email * * @param $new_user_email * * @return bool success status */ public static function editUserEmail($new_user_email) { // email provided ? if (empty($new_user_email)) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_FIELD_EMPTY')); return false; } // check if new email is same like the old one if ($new_user_email == Session::get('user_email')) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE')); return false; } // user's email must be in valid email format, also checks the length // @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length // @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN')); return false; } // strip tags, just to be sure $new_user_email = substr(strip_tags($new_user_email), 0, 254); // check if user's email already exists if (self::doesEmailAlreadyExist($new_user_email)) { Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN')); return false; } // write to database, if successful ... // ... then write new email to session, Gravatar too (as this relies to the user's email address) if (self::saveNewEmailAddress(Session::get('user_id'), $new_user_email)) { Session::set('user_email', $new_user_email); Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($new_user_email)); Session::add('feedback_positive', Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL')); return true; } Session::add('feedback_negative', Text::get('FEEDBACK_UNKNOWN_ERROR')); return false; }
/** * Validates current and new passwords * * @param string $user_name * @param string $user_password_current * @param string $user_password_new * @param string $user_password_repeat * * @return bool */ public static function validatePasswordChange($user_name, $user_password_current, $user_password_new, $user_password_repeat) { $database = DatabaseFactory::getFactory()->getConnection(); $sql = "SELECT user_password_hash, user_failed_logins FROM users WHERE user_name = :user_name LIMIT 1;"; $query = $database->prepare($sql); $query->execute(array(':user_name' => $user_name)); $user = $query->fetch(); if ($query->rowCount() == 1) { $user_password_hash = $user->user_password_hash; } else { Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST')); return false; } if (!password_verify($user_password_current, $user_password_hash)) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_CURRENT_INCORRECT')); return false; } else { if (empty($user_password_new) || empty($user_password_repeat)) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY')); return false; } else { if ($user_password_new !== $user_password_repeat) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG')); return false; } else { if (strlen($user_password_new) < 6) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT')); return false; } else { if ($user_password_current == $user_password_new) { Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_NEW_SAME_AS_CURRENT')); return false; } } } } } return true; }
/** * checks the email/verification code combination and set the user's activation status to true in the database * * @param int $user_id user id * @param string $user_activation_verification_code verification token * * @return bool success status */ public static function verifyNewUser($user_id, $user_activation_verification_code) { $database = DatabaseFactory::getFactory()->getConnection(); $sql = "UPDATE users SET user_active = 1, user_activation_hash = NULL\n WHERE user_id = :user_id AND user_activation_hash = :user_activation_hash LIMIT 1"; $query = $database->prepare($sql); $query->execute(array(':user_id' => $user_id, ':user_activation_hash' => $user_activation_verification_code)); if ($query->rowCount() == 1) { Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL')); return true; } Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED')); return false; }