private function _process_cookie($cookie)
{
if (PA_Login::$once_only) {
PA_Login::$once_only = 0;
} else {
die("PA_Login::process_cookie() called more than once in a page - this is not allowed.");
}
// parse and validate cookie
$user_id = $this->login_cookie->parse_cookie($cookie);
if (empty($user_id)) {
PA_Login::_unset_cookie();
return;
// invalid
}
// success - log in
PA_Login::log_in($user_id, true, "cookie");
}
public function getCurrentUser()
{
global $page_uid, $page_user, $login_uid, $login_name, $login_user;
require_once "api/User/User.php";
session_start();
PA::$login_uid = NULL;
PA::$login_user = NULL;
$login_uid = NULL;
$login_name = NULL;
$login_user = NULL;
$this->CurrUser = isset($_SESSION['user']) ? $_SESSION['user'] : null;
// Check if an authToken variable in GET and use it if available
$authToken = isset($_GET['authToken']) ? $_GET['authToken'] : null;
if ($authToken) {
try {
$user = new User();
$user = $this->getUserFromAuthToken($authToken);
if ($user && $user->user_id) {
// User is valid so log_in the user
// Since we know that AuthToken was passed into the URL, we can assume this
// user was redirected here from a partner web site. We need to log in the user
// as if they logged in through the normal PeopleAggregator login form:
// (ie. set all session variables just as if dologin.php was called).
$referer = "external site";
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
}
$pal = new PA_Login();
$pal->log_in($user->user_id, false, $referer);
// Set authToken as a session variable so that it can be accessed anywhere
$_SESSION['authToken'] = $authToken;
}
} catch (Exception $e) {
if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED, USER_TOKEN_INVALID, USER_TOKEN_EXPIRED))) {
throw $e;
}
// The currently logged-in user has been deleted; invalidate the session.
session_destroy();
session_start();
$login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL;
}
}
if ($this->CurrUser) {
try {
$user = new User();
$user->load((int) $this->CurrUser['id'], "user_id", TRUE);
} catch (Exception $e) {
if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) {
throw $e;
}
// The currently logged-in user has been deleted; invalidate the session.
session_destroy();
session_start();
$login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL;
}
}
if (isset($user) && $user) {
// if the user variable is set
if ($user->user_id) {
$login_name = $this->CurrUser['name'];
PA::$login_user = $login_user = $user;
PA::$login_uid = $login_uid = $user->user_id;
}
if (PA::$login_uid) {
PA::$login_user->update_user_time_spent();
User::track_status(PA::$login_uid);
}
}
// If a user is specified on the query string as an ID (uid=123) or
// login name (login=phil), validate the id/name and load the user
// object.
if (!empty($_GET['uid'])) {
$page_uid = PA::$page_uid = (int) $_GET['uid'];
$page_user = PA::$page_user = new User();
PA::$page_user->load(PA::$page_uid);
} else {
if (!empty($_GET['login'])) {
$page_user = PA::$page_user = new User();
if (is_numeric($_GET['login'])) {
PA::$page_user->load((int) $_GET['login']);
} else {
PA::$page_user->load($_GET['login']);
}
$page_uid = PA::$page_uid = PA::$page_user->user_id;
} else {
$page_uid = PA::$page_uid = $page_user = PA::$page_user = NULL;
}
}
// Copy PA::$page_* into PA::$* if present, otherwise use PA::$login_*.
if (PA::$page_uid) {
$uid = PA::$uid = PA::$page_uid;
$user = PA::$user = PA::$page_user;
} else {
$uid = PA::$uid = PA::$login_uid;
$user = PA::$user = PA::$login_user;
}
session_commit();
}
header("Location:{$location}");
exit;
}
// username and password supplied - attempt to authenticate
try {
$u = User::authenticate_user($username, $password);
} catch (CNException $e) {
$msg = "Error: {$e->message}";
$error = TRUE;
$u = FALSE;
}
if ($u > 0) {
// if authetication succeeded
$pal = new PA_Login();
$remember_me = isset($_POST['remember']) && $_POST['remember'] == 1;
$pal->log_in($u, $remember_me, "password");
// verify token
if (!empty($token)) {
// if token isn't empty
try {
$token_arr = authenticate_invitation_token($token);
} catch (CNException $e) {
$token_arr[1] = "{$e->message}";
}
}
// if token is empty
if (empty($token)) {
$location = PA::$after_login_page;
} else {
if ($token_arr[0] == TRUE && $token_arr[1] == $_SESSION['user']['email']) {
if ($invitation_id) {
