public function login(StatTracker $app) { $response = null; if (wp_validate_auth_cookie('', 'logged_in')) { if ($app['session']->get("agent") === null) { $user = wp_get_current_user(); // Allow a plugin to grant/deny this user. See wiki for details $user = apply_filters(ST_USER_AUTH_FILTER, $user); if (!$user instanceof \WP_User) { if (is_string($user)) { $response = AuthResponse::registrationRequired($user); } else { $response = AuthResponse::registrationRequired("Access was denied. Please contact @" . ADMIN_AGENT); } $this->logger->info(sprintf("Registration required for %s", $email_address)); } else { $agent = Agent::lookupAgentName($user->user_email); if (!$agent->isValid()) { $name = apply_filters(ST_AGENT_NAME_FILTER, $user->user_login); $this->logger->info(sprintf("Adding new agent %s", $name)); $agent->name = $name; // Insert them into the DB $stmt = $app->db()->prepare("INSERT INTO Agent (email, agent) VALUES (?, ?) ON DUPLICATE KEY UPDATE agent = ?;"); $stmt->execute(array($user->user_email, $name, $name)); $stmt->closeCursor(); // Generate an API token $this->generateAPIToken($agent); $agent = Agent::lookupAgentName($user->user_email); if (!$agent->isValid()) { $this->logger->error(sprintf("%s still not a valid agent", $agent->name)); return AuthResponse::error("An unrecoverable error has occured"); } } $app['session']->set("agent", $agent); $response = AuthResponse::okay($agent); $this->logger->info(sprintf("%s authenticated successfully", $agent->name)); } } else { $agent = $app['session']->get("agent"); if (Agent::lookupAgentByToken($agent->getToken())->isValid()) { $response = AuthResponse::okay($agent); } else { $this->logger->info(sprintf("Invalid token for %s. Logging out", $agent->name)); return $this->logout($app); } } return $response; } else { $app['session']->set("agent", null); $response = AuthResponse::authenticationRequired($this); } return $response; }
/** * Updates the agent's stats. * * @param array $data associative array where key is stat and value is the value for the stat. */ public function updateStats($data, $allow_lower) { // Get lowest submission date $stmt = StatTracker::db()->prepare("SELECT COALESCE(MIN(date), CAST(NOW() AS Date)) `min_date` FROM Data WHERE agent = ?"); try { $stmt->execute(array($this->name)); extract($stmt->fetch()); $ts = date("Y-m-d 00:00:00"); $dt = $data['date'] == null ? date("Y-m-d") : $data['date']; $select_stmt = StatTracker::db()->prepare("SELECT value `current_value` FROM Data WHERE agent = ? AND date = ? AND stat = ?"); $insert_stmt = StatTracker::db()->prepare("INSERT INTO Data (agent, date, timepoint, stat, value) VALUES (?, ?, DATEDIFF(?, ?) + 1, ?, ?) ON DUPLICATE KEY UPDATE value = VALUES(value);"); StatTracker::db()->beginTransaction(); foreach ($data as $stat => $value) { if ($stat == "date") { continue; } $value = filter_var($data[$stat], FILTER_SANITIZE_NUMBER_INT); $value = !is_numeric($value) ? 0 : $value; if ($allow_lower) { $insert_stmt->execute(array($this->name, $dt, $dt, $min_date, $stat, $value)); } else { $select_stmt->execute(array($this->name, $dt, $stat)); extract($select_stmt->fetch()); $select_stmt->closeCursor(); if ($current_value <= $value) { $insert_stmt->execute(array($this->name, $dt, $dt, $min_date, $stat, $value)); } else { StatTracker::db()->rollback(); return sprintf("Stats cannot be updated. %s is lower than %s for %s.", number_format($value), number_format($current_value), StatTracker::getStats()[$stat]->name); } } } StatTracker::db()->commit(); return true; } catch (Exception $e) { throw $e; } finally { $select_stmt->closeCursor(); $insert_stmt->closeCursor(); } }
/** * Generates an authorization code for the given email address. If the email address is not * already in the database, it will be inserted. If it already exists, the authorization code * will be updated. * * @param string $email_address the email address retrieved from authentication * @param bool $newIfExists Whether or not to issue a new auth code if one already exists * * @return void */ private function generateAuthCode($email_address, $newIfExists = false) { $length = 6; $code = md5($email_address); $code = str_shuffle($code); $start = rand(0, strlen($code) - $length - 1); $code = substr($code, $start, $length); $num_rows = 0; if (!$newIfExists) { $stmt = StatTracker::db()->prepare("SELECT agent FROM Agent WHERE email = ?;"); $stmt->execute(array($email_address)); $num_rows = $stmt->rowCount(); $stmt->closeCursor(); } if ($num_rows != 1 || $newIfExists) { try { $stmt = StatTracker::db()->prepare("INSERT INTO Agent (`email`, `auth_code`) VALUES (?, ?) ON DUPLICATE KEY UPDATE auth_code = VALUES(auth_code);"); $stmt->execute(array($email_address, $code)); $stmt->closeCursor(); } catch (PDOException $e) { // Failing to insert an auth code will cause a generic registration email to be sent to the user. error_log($e); } } }
/** * Generates an authorization code for the given email address. If the email address is not * already in the database, it will be inserted. If it already exists, the authorization code * will be updated. * * @param string $email_address the email address retrieved from authentication * @param bool $newIfExists Whether or not to issue a new auth code if one already exists * * @return void */ private function createNewAgent($email_address, $agent_name) { try { $stmt = StatTracker::db()->prepare("INSERT INTO Agent (`email`, `agent`) VALUES (?, ?) ON DUPLICATE KEY UPDATE agent = VALUES(agent);"); $stmt->execute(array($email_address, $agent_name)); $stmt->closeCursor(); } catch (PDOException $e) { // Failing to insert an auth code will cause a generic registration email to be sent to the user. error_log($e); } }