/** * @see IUserAuthentication::verifyAndUpdateCurrentUser() */ public function verifyAndUpdateCurrentUser(User $currentUser) { $db = DbConnection::getInstance(); $fromTable = $this->_website->getConfig('db_prefix') . '_user'; if (!isset($_SESSION[SESSION_PARAM_USERID]) || !$_SESSION[SESSION_PARAM_USERID]) { // 'remember me' token $rememberMe = CookieHelper::getCookieValue('user'); if ($rememberMe != null) { $columns = 'id, passwort_salt, nick, email, lang'; $whereCondition = 'status = 1 AND tokenid = \'%s\''; $result = $db->querySelect($columns, $fromTable, $whereCondition, $rememberMe); $rememberedUser = $result->fetch_array(); $result->free(); if (isset($rememberedUser['id'])) { $currentToken = SecurityUtil::generateSessionToken($rememberedUser['id'], $rememberedUser['passwort_salt']); if ($currentToken === $rememberMe) { $this->_login($rememberedUser, $db, $fromTable, $currentUser); return; } else { CookieHelper::destroyCookie('user'); // invalid old token since most probably user agent changed $columns = array('tokenid' => ''); $whereCondition = 'id = %d'; $parameter = $rememberedUser['id']; $db->queryUpdate($columns, $fromTable, $whereCondition, $parameter); } } else { CookieHelper::destroyCookie('user'); } // user is neither in session nor with cookie logged on } else { return; } } // get user data $userid = isset($_SESSION[SESSION_PARAM_USERID]) ? $_SESSION[SESSION_PARAM_USERID] : 0; if (!$userid) { return; } $columns = 'id, nick, email, lang, premium_balance, picture'; $whereCondition = 'status = 1 AND id = %d'; $result = $db->querySelect($columns, $fromTable, $whereCondition, $userid); if ($result->num_rows) { $userdata = $result->fetch_array(); $this->_login($userdata, $db, $fromTable, $currentUser); } else { // user might got disabled in the meanwhile $this->logoutUser($currentUser); } $result->free(); }
/** * (non-PHPdoc) * @see IActionController::executeAction() */ public function executeAction($parameters) { $loginMethodClass = $this->_websoccer->getConfig("login_method"); if (!class_exists($loginMethodClass)) { throw new Exception("Login method class does not exist: " . $loginMethodClass); } $loginMethod = new $loginMethodClass($this->_websoccer, $this->_db); // sign in with e-mail if ($this->_websoccer->getConfig("login_type") == "email") { $userId = $loginMethod->authenticateWithEmail($parameters["loginstr"], $parameters["loginpassword"]); // sign in with user name } else { $userId = $loginMethod->authenticateWithUsername($parameters["loginstr"], $parameters["loginpassword"]); } // sign in failed if (!$userId) { sleep(SLEEP_SECONDS_ON_FAILURE); throw new Exception($this->_i18n->getMessage("formlogin_invalid_data")); } SecurityUtil::loginFrontUserUsingApplicationSession($this->_websoccer, $userId); // "remember me" if (isset($parameters["rememberme"]) && $parameters["rememberme"] == 1) { $fromTable = $this->_websoccer->getConfig("db_prefix") . "_user"; $whereCondition = "id = %d"; $parameter = $userId; // get password salt $result = $this->_db->querySelect("passwort_salt", $fromTable, $whereCondition, $parameter); $saltinfo = $result->fetch_array(); $result->free(); $salt = $saltinfo["passwort_salt"]; if (!strlen($salt)) { $salt = SecurityUtil::generatePasswordSalt(); } $sessionToken = SecurityUtil::generateSessionToken($userId, $salt); $columns = array("tokenid" => $sessionToken, "passwort_salt" => $salt); $this->_db->queryUpdate($columns, $fromTable, $whereCondition, $parameter); CookieHelper::createCookie("user", $sessionToken, REMEMBERME_COOKIE_LIFETIME_DAYS); } return strlen($this->_websoccer->getUser()->username) ? "office" : "enter-username"; }