Esempio n. 1
0
 /**
  * Sets up the session for the currently logged-in user, trying to re-establish a session for "remember-me" users who have been logged out,
  * or creates a guest user object if no one is logged in.
  */
 public function setup()
 {
     try {
         // Initialize RememberMe
         $storage = new \Birke\Rememberme\Storage\PDO($this->app->remember_me_table);
         $storage->setConnection(\Illuminate\Database\Capsule\Manager::connection()->getPdo());
         $this->app->remember_me = new \Birke\Rememberme\Authenticator($storage);
         // Change cookie path
         $cookie = $this->app->remember_me->getCookie();
         $cookie->setPath("/");
         $this->app->remember_me->setCookie($cookie);
         // Determine if we are already logged in (user exists in the session variable)
         if (isset($_SESSION["userfrosting"]["user_id"]) && $_SESSION["userfrosting"]["user_id"] != null) {
             // Load the user.  If they don't exist any more, throw an exception.
             if (!($this->app->user = User::find($_SESSION["userfrosting"]["user_id"]))) {
                 throw new AccountInvalidException();
             }
             //error_log("Current user id is " . $this->app->user->id);
             // Check, if the Rememberme cookie exists and is still valid.
             // If not, we log out the current session
             if (!empty($_COOKIE[$this->app->remember_me->getCookieName()]) && !$this->app->remember_me->cookieIsValid()) {
                 //error_log("Session expired. logging out...");
                 $this->app->remember_me->clearCookie();
                 throw new AuthExpiredException();
             }
             // If not, try to login via RememberMe cookie
         } else {
             // If we can present the correct tokens from the cookie, log the user in
             // Get the user id
             $name = $this->app->remember_me->getCookieName();
             $user_id = $this->app->remember_me->login();
             if ($user_id) {
                 //error_log("Logging in via remember me for $user_id");
                 // Load the user
                 $this->app->user = \UserFrosting\UserLoader::fetch($user_id);
                 // Update in session
                 $_SESSION["userfrosting"]["user_id"] = $user_id;
                 // There is a chance that an attacker has stolen the login token, so we store
                 // the fact that the user was logged in via RememberMe (instead of login form)
                 $_SESSION['remembered_by_cookie'] = true;
             } else {
                 // If $rememberMe returned false, check if the token was invalid
                 if ($this->app->remember_me->loginTokenWasInvalid()) {
                     //error_log("Cookie was stolen!");
                     throw new AuthCompromisedException();
                 } else {
                     // $rememberMe returned false because of invalid/missing Rememberme cookie - create a dummy "guest" user
                     $this->app->user = new User([], $this->app->config('user_id_guest'));
                 }
             }
         }
         // Now we have an authenticated user, setup their environment
         $this->app->setupAuthenticatedEnvironment();
     } catch (\PDOException $e) {
         // If we can't connect to the DB, then we can't create an authenticated user.  That's ok if we're in installation mode.
         error_log("Unable to authenticate user, falling back to guest user.");
         error_log($e->getTraceAsString());
     }
 }
Esempio n. 2
0
$table_votes_pbidea = new \UserFrosting\DatabaseTable($app->config('db')['db_prefix'] . "votes_pbidea");
\UserFrosting\Database::setTable("user", $table_user);
\UserFrosting\Database::setTable("group", $table_group);
\UserFrosting\Database::setTable("group_user", $table_group_user);
\UserFrosting\Database::setTable("configuration", $table_configuration);
\UserFrosting\Database::setTable("authorize_user", $table_authorize_user);
\UserFrosting\Database::setTable("authorize_group", $table_authorize_group);
\UserFrosting\Database::setTable("bud", $table_bud);
\UserFrosting\Database::setTable("votes_bud", $table_votes_bud);
\UserFrosting\Database::setTable("coleg", $table_coleg);
\UserFrosting\Database::setTable("votes_coleg", $table_votes_coleg);
\UserFrosting\Database::setTable("osi", $table_osi);
\UserFrosting\Database::setTable("votes_osi", $table_votes_osi);
\UserFrosting\Database::setTable("pbidea", $table_pbidea);
// Initialize static loader classes
\UserFrosting\UserLoader::init($table_user);
\UserFrosting\GroupLoader::init($table_group);
\UserFrosting\BudLoader::init($table_bud);
\UserFrosting\ColegLoader::init($table_coleg);
\UserFrosting\OsiLoader::init($table_osi);
\UserFrosting\PBideaLoader::init($table_pbidea);
/* Load UserFrosting site settings */
// Default settings
$setting_values = ['userfrosting' => ['site_title' => 'UserFrosting', 'admin_email' => '*****@*****.**', 'email_login' => '1', 'can_register' => '1', 'enable_captcha' => '1', 'require_activation' => '1', 'resend_activation_threshold' => '0', 'reset_password_timeout' => '10800', 'default_locale' => 'en_US', 'minify_css' => '0', 'minify_js' => '0', 'version' => '0.3.0', 'author' => 'Alex Weissman', 'show_terms_on_register' => '1', 'site_location' => 'The State of Indiana']];
$setting_descriptions = ['userfrosting' => ["site_title" => "The title of the site.  By default, displayed in the title tag, as well as the upper left corner of every user page.", "admin_email" => "The administrative email for the site.  Automated emails, such as activation emails and password reset links, will come from this address.", "email_login" => "Specify whether users can login via email address or username instead of just username.", "can_register" => "Specify whether public registration of new accounts is enabled.  Enable if you have a service that users can sign up for, disable if you only want accounts to be created by you or an admin.", "enable_captcha" => "Specify whether new users must complete a captcha code when registering for an account.", "require_activation" => "Specify whether email activation is required for newly registered accounts.  Accounts created on the admin side never need to be activated.", "resend_activation_threshold" => "The time, in seconds, that a user must wait before requesting that the activation email be resent.", "reset_password_timeout" => "The time, in seconds, before a user's password reminder email expires.", "default_locale" => "The default language for newly registered users.", "minify_css" => "Specify whether to use concatenated, minified CSS (production) or raw CSS includes (dev).", "minify_js" => "Specify whether to use concatenated, minified JS (production) or raw JS includes (dev).", "version" => "The current version of UserFrosting.", "author" => "The author of the site.  Will be used in the site's author meta tag.", "show_terms_on_register" => "Specify whether or not to show terms and conditions when registering.", "site_location" => "The nation or state in which legal jurisdiction for this site falls."]];
// Load site settings
$app->site = new \UserFrosting\SiteSettings($setting_values, $setting_descriptions);
// Store to DB if not consistent
if (!$app->site->isConsistent()) {
    $app->site->store();
}
Esempio n. 3
0
class_alias("UserFrosting\\MySqlDatabase", "UserFrosting\\Database");
class_alias("UserFrosting\\MySqlUser", "UserFrosting\\User");
class_alias("UserFrosting\\MySqlUserLoader", "UserFrosting\\UserLoader");
class_alias("UserFrosting\\MySqlAuthLoader", "UserFrosting\\AuthLoader");
class_alias("UserFrosting\\MySqlGroup", "UserFrosting\\Group");
class_alias("UserFrosting\\MySqlGroupLoader", "UserFrosting\\GroupLoader");
class_alias("UserFrosting\\MySqlSiteSettings", "UserFrosting\\SiteSettings");
// Set enumerative values
defined("GROUP_NOT_DEFAULT") or define("GROUP_NOT_DEFAULT", 0);
defined("GROUP_DEFAULT") or define("GROUP_DEFAULT", 1);
defined("GROUP_DEFAULT_PRIMARY") or define("GROUP_DEFAULT_PRIMARY", 2);
// Pass Slim app to database
\UserFrosting\Database::$app = $app;
// Initialize static loader classes
\UserFrosting\GroupLoader::init();
\UserFrosting\UserLoader::init();
/* Load UserFrosting site settings */
$app->site = new \UserFrosting\SiteSettings();
$app->hook('settings.register', function () use($app) {
    // Register core site settings
    $app->site->register('userfrosting', 'site_title', "Site Title");
    $app->site->register('userfrosting', 'author', "Site Author");
    $app->site->register('userfrosting', 'admin_email', "Account Management Email");
    $app->site->register('userfrosting', 'default_locale', "Locale for New Users", "select", $app->site->getLocales());
    $app->site->register('userfrosting', 'can_register', "Public Registration", "toggle", [0 => "Off", 1 => "On"]);
    $app->site->register('userfrosting', 'enable_captcha', "Registration Captcha", "toggle", [0 => "Off", 1 => "On"]);
    $app->site->register('userfrosting', 'require_activation', "Require Account Activation", "toggle", [0 => "Off", 1 => "On"]);
    $app->site->register('userfrosting', 'email_login', "Email Login", "toggle", [0 => "Off", 1 => "On"]);
    $app->site->register('userfrosting', 'resend_activation_threshold', "Resend Activation Email Cooloff (s)");
    $app->site->register('userfrosting', 'reset_password_timeout', "Password Recovery Timeout (s)");
    $app->site->register('userfrosting', 'minify_css', "Minify CSS", "toggle", [0 => "Off", 1 => "On"]);
 /**
  * Check if the specified user (by user_id) is in a particular group.
  *
  * @param int $user_id the id of the user.
  * @param int $group_id the id of the group. 
  * @return bool true if the user is in the group, false otherwise.
  */
 static function in_group($user_id, $group_id)
 {
     $user = \UserFrosting\UserLoader::fetch($user_id);
     $groups = $user->getGroups();
     return isset($groups[$group_id]);
 }