public function g() { session_start(); $data = array(); $loginClass = new Login(); $id = $loginClass->isLogged(); if ($id) { $notif = new Notifications(); $notif->newNotification(2, 0); } else { $this->redirect(''); } }
/** * Logs in with the data provided in $_POST, coming from the login form * @param $usuario_nombre_usuario * @param $usuario_contrasena * @param $usuario_recuerdame */ private function loginWithPostData($usuario_nombre_usuario, $usuario_contrasena, $usuario_recuerdame) { if (empty($usuario_nombre_usuario)) { $this->errors[] = MESSAGE_USERNAME_EMPTY; } else { if (empty($usuario_contrasena)) { $this->errors[] = MESSAGE_PASSWORD_EMPTY; // if POST data (from login form) contains non-empty usuario_nombre_usuario and non-empty usuario_contrasena } else { // user can login with his username or his email address. // if user has not typed a valid email address, we try to identify him with his usuario_nombre_usuario if (!filter_var($usuario_nombre_usuario, FILTER_VALIDATE_EMAIL)) { // database query, getting all the info of the selected user $result_row = $this->getUserData(trim($usuario_nombre_usuario)); // if user has typed a valid email address, we try to identify him with his usuario_email } else { if ($this->databaseConnection()) { // database query, getting all the info of the selected user $query_user = $this->db_connection->prepare('SELECT * FROM wm_usuarios WHERE usuario_email = :usuario_email'); $query_user->bindValue(':usuario_email', trim($usuario_nombre_usuario), PDO::PARAM_STR); $query_user->execute(); // get result row (as an object) $result_row = $query_user->fetchObject(); } } // if this user not exists if (!isset($result_row->usuario_id)) { // was MESSAGE_USER_DOES_NOT_EXIST before, but has changed to MESSAGE_LOGIN_FAILED // to prevent potential attackers showing if the user exists $this->errors[] = MESSAGE_LOGIN_FAILED; } else { if ($result_row->usuario_login_fails >= 3 && $result_row->usuario_last_failed_login > time() - 30) { $this->errors[] = MESSAGE_PASSWORD_WRONG_3_TIMES; // using PHP 5.5's password_verify() function to check if the provided passwords fits to the hash of that user's password } else { if (!password_verify($usuario_contrasena, $result_row->usuario_contrasena)) { // increment the failed login counter for that user $sth = $this->db_connection->prepare('UPDATE wm_usuarios ' . 'SET usuario_login_fails = usuario_login_fails+1, usuario_last_failed_login = :usuario_last_failed_login ' . 'WHERE usuario_nombre_usuario = :usuario_nombre_usuario OR usuario_email = :usuario_nombre_usuario'); $sth->execute(array(':usuario_nombre_usuario' => $usuario_nombre_usuario, ':usuario_last_failed_login' => time())); $this->errors[] = MESSAGE_PASSWORD_WRONG; // has the user activated their account with the verification email } else { if ($result_row->usuario_active_ahora != 1) { $this->errors[] = MESSAGE_ACCOUNT_NOT_ACTIVATED; } else { // write user data into PHP SESSION [a file on your server] $_SESSION['usuario_id'] = $result_row->usuario_id; $_SESSION['usuario_nombre_usuario'] = $result_row->usuario_nombre_usuario; $_SESSION['usuario_email'] = $result_row->usuario_email; $_SESSION['user_logged_in'] = 1; // declare user id, set the login status to true $this->usuario_id = $result_row->usuario_id; $this->usuario_nombre_usuario = $result_row->usuario_nombre_usuario; $this->usuario_email = $result_row->usuario_email; $notifications = new Notifications(); echo $this->usuario_id; $notifications->newNotification($this->usuario_id, "Login", "Te has loggeado con éxito!", date('Y-m-d')); $this->user_is_logged_in = true; // reset the failed login counter for that user $sth = $this->db_connection->prepare('UPDATE wm_usuarios ' . 'SET usuario_login_fails = 0, usuario_last_failed_login = NULL ' . 'WHERE usuario_id = :usuario_id AND usuario_login_fails != 0'); $sth->execute(array(':usuario_id' => $result_row->usuario_id)); // if user has check the "remember me" checkbox, then generate token and write cookie if (isset($usuario_recuerdame)) { $this->newRememberMeCookie(); } else { // Reset remember-me token $this->deleteRememberMeCookie(); } // OPTIONAL: recalculate the user's password hash // DELETE this if-block if you like, it only exists to recalculate wm_usuarios's hashes when you provide a cost factor, // by default the script will use a cost factor of 10 and never change it. // check if the have defined a cost factor in config/hashing.php if (defined('HASH_COST_FACTOR')) { // check if the hash needs to be rehashed if (password_needs_rehash($result_row->usuario_contrasena, PASSWORD_DEFAULT, array('cost' => HASH_COST_FACTOR))) { // calculate new hash with new cost factor $usuario_contrasena = password_hash($usuario_contrasena, PASSWORD_DEFAULT, array('cost' => HASH_COST_FACTOR)); // TODO: this should be put into another method !? $query_update = $this->db_connection->prepare('UPDATE wm_usuarios SET usuario_contrasena = :usuario_contrasena WHERE usuario_id = :usuario_id'); $query_update->bindValue(':usuario_contrasena', $usuario_contrasena, PDO::PARAM_STR); $query_update->bindValue(':usuario_id', $result_row->usuario_id, PDO::PARAM_INT); $query_update->execute(); if ($query_update->rowCount() == 0) { // writing new hash was successful. you should now output this to the user ;) } else { // writing new hash was NOT successful. you should now output this to the user ;) } } } } } } } } } }
public function newConcertPOST($verification_code) { $notifications = new Notifications(); $login = new ModelLogin(); if ($this->checkConcertExists($verification_code)) { $query_new_concierto = DB::connect()->prepare("UPDATE `uqfhhbcn_whymusic`.`wm_concierto` SET `concierto_estado` = 'aceptado' WHERE `wm_concierto`.`concierto_verification` =:concierto_verification;"); $query_new_concierto->bindValue(':concierto_verification', $verification_code, PDO::PARAM_STR); $query_new_concierto->execute(); if ($query_new_concierto) { echo "El concierto se ha creado con exito"; $notifications->newNotification($login->getUserId(), "Concierto", "El concierto se ha creado con exito!", date('Y-m-d')); ROUTER::redirect_to_action("demo/index", 2); } else { echo "Algo ha salido mal, vuelve a intentar lo más tarde"; } } else { echo "El código de verificación no existe"; } }