Esempio n. 1
0
 /**
  * Gets the user's avatar file path
  * @param string $userName
  * @return string avatar picture path
  */
 public static function getPublicUserAvatarFilePathByUserName($userName)
 {
     $user = UserModel::getByUsername($userName);
     if ($user && $user->getHasavatar()) {
         return Config::get('app.baseurl') . Config::get('avatar.path.public') . $this->getIdForImage($user_name) . '.jpg';
     }
     return Config::get('app.baseurl') . Config::get('avatar.path.public') . Config::get('avatar.default');
 }
Esempio n. 2
0
 /**
  * Handles the entire registration process for DEFAULT users (not for people who register with
  * 3rd party services, like facebook) and creates a new user in the database if everything is fine
  *
  * @return boolean Gives back the success status of the registration
  */
 public static function registerNewUser($user_name, $user_email, $user_email_repeat, $user_password_new, $user_password_repeat, $captcha, $provider_type)
 {
     $user_password_hash = null;
     $user_activation_hash = null;
     \Slim\Slim::getInstance()->log->debug("This is registerNewUser()");
     if (self::isDefaultProvider($provider_type)) {
         // stop registration flow if registrationInputValidation() returns false (= anything breaks the input check rules)
         $validation_result = self::registrationInputValidation($user_name, $user_password_new, $user_password_repeat, $user_email, $user_email_repeat, $captcha);
         if (!$validation_result) {
             \Slim\Slim::getInstance()->log->debug("ERROR: registrationInputValidation() failed");
             return false;
         }
         \Slim\Slim::getInstance()->log->debug("OK: registrationInputValidation() returns true");
         // crypt the password with the PHP 5.5's password_hash() function, results in a 60 character hash string.
         // @see php.net/manual/en/function.password-hash.php for more, especially for potential options
         $user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT);
         \Slim\Slim::getInstance()->log->debug("\$user_password_hash: " . $user_password_hash);
         if (\Slim\Slim::getInstance()->config('auth.email.verification.enabled')) {
             // generate random hash for email verification (40 char string)
             $user_activation_hash = sha1(uniqid(mt_rand(), true));
         }
     }
     // check if username already exists
     if (User::getByUsername($user_name) !== null) {
         \Slim\Slim::getInstance()->log->debug("Error: Username non disponibile");
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USERNAME_ALREADY_TAKEN'));
         return false;
     }
     \Slim\Slim::getInstance()->log->debug("OK: username doesn't exists");
     // check if email already exists
     if (User::getByEmail($user_email) !== null) {
         \Slim\Slim::getInstance()->log->debug('Email in uso');
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
         return false;
     }
     \Slim\Slim::getInstance()->log->debug("OK: email doesn't exists");
     // write user data to database
     if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, $user_activation_hash, $provider_type)) {
         \Slim\Slim::getInstance()->log->debug('Registrazione fallita');
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED'));
         return false;
     }
     \Slim\Slim::getInstance()->log->debug("OK: writeNewUserToDatabase() returns true");
     $user = User::getByEmail($user_email);
     // get user_id of the user that has been created
     if (!$user) {
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_UNKNOWN_ERROR'));
         return false;
     }
     if (self::isDefaultProvider($provider_type) && \Slim\Slim::getInstance()->config('auth.email.verification.enabled')) {
         // send verification email
         if (self::sendVerificationEmail($user_name, $user_email, $user_activation_hash)) {
             \Slim\Slim::getInstance()->log->debug("OK: verification email sent to " . $user_email);
             Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED'));
             return true;
         }
         \Slim\Slim::getInstance()->log->debug("ERROR: sending verification email to " . $user_email . " failed");
         // if verification email sending failed: instantly delete the user
         self::rollbackRegistrationByUsername($user_name);
         \Slim\Slim::getInstance()->log->debug("NOTICE: rollbackRegistrationByUsername()");
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_FAILED'));
         return false;
     } else {
         if (self::sendWelcomeEmail($user_name, $user_email)) {
             return true;
         }
         \Slim\Slim::getInstance()->log->debug("ERROR: sending welcome email to " . $user_email . " failed");
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_WELCOME_MAIL_SENDING_FAILED'));
         return false;
     }
     return false;
 }
Esempio n. 3
0
 /**
  * Deletes the cookie
  * It's necessary to split deleteCookie() and logout() as cookies are deleted without logging out too!
  * Sets the remember-me-cookie to ten years ago (3600sec * 24 hours * 365 days * 10).
  * that's obviously the best practice to kill a cookie @see http://stackoverflow.com/a/686166/1114320
  */
 public static function deleteCookie($user_name = null)
 {
     // is $user_name was set, then clear remember_me token in database
     if ($user_name) {
         $user_name = Filter::html_entity_invert($user_name);
         $user = UserModel::getByUsername($user_name);
         $user->setRemembermetoken(NULL);
         $em = DbResource::getEntityManager();
         $em->persist($user);
         $em->flush();
     }
     // delete remember_me cookie in browser
     setcookie(self::COOKIE_REMEMBER_ME, false, time() - 3600 * 24 * 3650, Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http'));
 }
Esempio n. 4
0
 private static function getUserOrRegister($fb_graph_user)
 {
     $fb_id = $fb_graph_user->getId();
     $user = UserModel::getByUsername($fb_id);
     if (!$user) {
         $continue = self::registerOrMergeNewUserDefault($fb_graph_user);
         if ($continue) {
             // After the creation I fetch the user from the db
             $user = UserModel::getByUsername($fb_id);
         }
     }
     return $user;
 }
Esempio n. 5
0
 /**
  * Validates current and new passwords
  *
  * @param string $user_name
  * @param string $user_password_current
  * @param string $user_password_new
  * @param string $user_password_repeat
  *
  * @return bool
  */
 public static function validatePasswordChange($user_name, $user_password_current, $user_password_new, $user_password_repeat)
 {
     $user = UserModel::getByUsername($user_name);
     if ($user) {
         $user_password_hash = $user->getPwdhash();
     } else {
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_DOES_NOT_EXIST'));
         return false;
     }
     if (!password_verify($user_password_current, $user_password_hash)) {
         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_CURRENT_INCORRECT'));
         return false;
     } else {
         if (empty($user_password_new) || empty($user_password_repeat)) {
             Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY'));
             return false;
         } else {
             if ($user_password_new !== $user_password_repeat) {
                 Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG'));
                 return false;
             } else {
                 if (strlen($user_password_new) < 6) {
                     Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
                     return false;
                 } else {
                     if ($user_password_current == $user_password_new) {
                         Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_NEW_SAME_AS_CURRENT'));
                         return false;
                     }
                 }
             }
         }
     }
     return true;
 }