public function getLoginCallbackFromJs() { $this->app->log->debug(get_class($this) . '->getLoginCallbackFromJs()'); $login_successful = false; if (Session::getDecoded(Session::FACEBOOK_ACCESS_TOKEN)) { $login_successful = FacebookModel::loginWithAccesstoken(); } else { $login_successful = FacebookModel::loginFromJs(); } $this->redirectAfterLogin($login_successful); }
/** * Create an avatar picture (and checks all necessary things too) * TODO decouple * TODO total rebuild */ public static function createAvatar() { // check avatar folder writing rights, check if upload fits all rules if (self::isAvatarFolderWritable() and self::validateImageFile()) { // create a jpg file in the avatar folder, write marker to database $user_name = Session::get(Session::SESSION_USER_NAME); $target_file_path = Config::get('avatar.path') . $this->getIdForImage($user_name); self::resizeAvatarImage($_FILES['avatar_file']['tmp_name'], $target_file_path, Config::get('avatar.size'), Config::get('avatar.size')); self::writeAvatarToDatabase(Session::getDecoded(Session::SESSION_USER_NAME)); Session::set(Session::SESSION_USER_AVATAR_FILE, self::getPublicUserAvatarFilePathByUserName(Session::get(Session::SESSION_USER_NAME))); Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_AVATAR_UPLOAD_SUCCESSFUL')); } }
/** * checks for session concurrency * * This is done as the following: * UserA logs in with his session id('123') and it will be stored in the database. * Then, UserB logs in also using the same email and password of UserA from another PC, * and also store the session id('456') in the database * * Now, Whenever UserA performs any action, * You then check the session_id() against the last one stored in the database('456'), * If they don't match then log both of them out. * * @access public * @static static method * @return bool * @see Session::updateSessionId() * @see http://stackoverflow.com/questions/6126285/php-stop-concurrent-user-logins */ public static function isConcurrentSessionExists() { $b = false; if (session_status() === PHP_SESSION_ACTIVE) { $session_id = session_id(); $userName = Session::getDecoded(Session::SESSION_USER_NAME); // \Slim\Slim::getInstance()->log->debug("\$session_id : " . $session_id); // \Slim\Slim::getInstance()->log->debug("\$userName : "******"SELECT u FROM " . UserModel::TABLE_NAME . " u WHERE u.username = '******'"; $result = DbResource::getEntityManager()->createQuery($dql)->getResult(); // return one row (we only have one result or nothing) $user = array_shift($result); if ($user) { //if(!empty($result)){ // Questo statement è un bug nel codice originale di PANIQUE (lasciare qui il commento) $userSessionId = $user->getSessionid(); } // \Slim\Slim::getInstance()->log->debug("\$userSessionId : " . $userSessionId); if ($userSessionId && $session_id !== $userSessionId) { $b = true; } } } // \Slim\Slim::getInstance()->log->debug("isConcurrentSessionExists: " . $b); return $b; }
/** * Log out process: delete cookie, delete session */ public static function logout() { $user_name = Session::getDecoded(Session::SESSION_USER_NAME); $user_provider = Session::get(Session::SESSION_USER_PROVIDER_TYPE); if ($user_provider == UserModel::PROVIDER_TYPE_FB) { // Facebook // Session::set(Session::FACEBOOK_ID, null); // Session::set(Session::FACEBOOK_ACCESS_TOKEN, null); // Session::set(Session::FACEBOOK_DISPLAY_NAME, null); // Session::set(Session::FACEBOOK_PICTURE, null); } else { if ($user_provider == UserModel::PROVIDER_TYPE_GO) { // Session::set(Session::GOOGLE_ID, null); // Session::set(Session::GOOGLE_BEARER_TOKEN, null); // Session::set(Session::GOOGLE_DISPLAY_NAME, null); // Session::set(Session::GOOGLE_PICTURE, null); } else { self::deleteCookie($user_name); // solo per provider 'DEFAULT' } } Session::destroy(); Session::updateSessionId($user_name, null); // if(false){ // Il seguente blocco è inutile (vedi statement successivi) // Session::set(Session::SESSION_FEEDBACK_NEGATIVE, null); // Session::set(Session::SESSION_FEEDBACK_POSITIVE, null); // Session::set(Session::SESSION_USER_NAME, null); // Session::set(Session::SESSION_USER_EMAIL, null); // Session::set(Session::SESSION_USER_ACCOUNT_TYPE, null); // Session::set(Session::SESSION_USER_PROVIDER_TYPE, null); // Session::set(Session::SESSION_USER_AVATAR_FILE, null); // Session::set(Session::SESSION_USER_GRAVATAR_IMAGE_URL, null); // Session::set(Session::SESSION_USER_LOGGED_IN, null); // } return true; }
public static function loginWithAccessToken() { $access_token_string = Session::getDecoded(Session::FACEBOOK_ACCESS_TOKEN); $accessToken = new AccessToken($access_token_string); return self::loginWithAccessToken2($accessToken); }
/** * Edit the user's email * * @param $new_user_email * * @return bool success status */ public static function editUserEmail($new_user_email) { // email provided ? if (empty($new_user_email)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_FIELD_EMPTY')); return false; } // check if new email is same like the old one if ($new_user_email == Session::getDecoded(Session::SESSION_USER_EMAIL)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE')); return false; } // user's email must be in valid email format, also checks the length // @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length // @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN')); return false; } // strip tags, just to be sure $new_user_email = substr(strip_tags($new_user_email), 0, 254); // check if user's email already exists if (self::doesEmailAlreadyExist($new_user_email)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN')); return false; } // write to database, if successful ... // ... then write new email to session, Gravatar too (as this relies to the user's email address) if (self::saveNewEmailAddress(Session::getDecoded(Session::SESSION_USER_NAME), $new_user_email)) { Session::set(Session::SESSION_USER_EMAIL, $new_user_email); Session::set(Session::SESSION_USER_GRAVATAR_IMAGE_URL, AvatarModel::getGravatarLinkByEmail($new_user_email)); Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL')); return true; } Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_UNKNOWN_ERROR')); return false; }