예제 #1
0
 /**
  * This static method returns a valid CurrentUser object if there is one
  * in the cookie that is not timed out. The session-ID is updated if
  * necessary. The CurrentUser will be removed from the session, if it is
  * timed out. If there is no valid CurrentUser in the cookie or the
  * cookie is timed out, null will be returned. If the cookie is correct,
  * but there is no user found in the user table, false will be returned.
  * On success, a valid CurrentUser object is returned
  *
  * @static
  * @param PMF_Configuration $config
  *
  * @return null|PMF_User_CurrentUser
  */
 public static function getFromCookie(PMF_Configuration $config)
 {
     if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
         return null;
     }
     // create a new CurrentUser object
     $user = new PMF_User_CurrentUser($config);
     $user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
     if (-1 === $user->getUserId()) {
         return null;
     }
     // sessionId and cookie information needs to be updated
     if ($user->sessionIdIsTimedOut()) {
         $user->updateSessionId();
         $user->setRememberMe(sha1(session_id()));
     }
     // user is now logged in
     $user->_loggedIn = true;
     // save current user to session and return the instance
     $user->saveToSession();
     return $user;
 }
 /**
  * This static method returns a valid CurrentUser object if there is one
  * in the cookie that is not timed out. The session-ID is updated then.
  * The CurrentUser will be removed from the session, if it is
  * timed out. If there is no valid CurrentUser in the cookie or the
  * cookie is timed out, null will be returned. If the cookie is correct,
  * but there is no user found in the user table, false will be returned.
  * On success, a valid CurrentUser object is returned
  *
  * @static
  *
  * @param PMF_Configuration $config
  *
  * @return null|PMF_User_CurrentUser
  */
 public static function getFromCookie(PMF_Configuration $config)
 {
     if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
         return null;
     }
     // create a new CurrentUser object
     $user = new PMF_User_CurrentUser($config);
     $user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
     if (-1 === $user->getUserId()) {
         return null;
     }
     // sessionId needs to be updated
     $user->updateSessionId(true);
     // user is now logged in
     $user->_loggedIn = true;
     // save current user to session and return the instance
     $user->saveToSession();
     // add CSRF token to session
     $user->saveCrsfTokenToSession();
     return $user;
 }
예제 #3
0
 /**
  * This static method returns a valid CurrentUser object if
  * there is one in the session that is not timed out.
  * If the the optional parameter ip_check is true, the current
  * user must have the same ip which is stored in the user table
  * The session-ID is updated if necessary. The CurrentUser
  * will be removed from the session, if it is timed out. If
  * there is no valid CurrentUser in the session or the session
  * is timed out, null will be returned. If the session data is
  * correct, but there is no user found in the user table, false
  * will be returned. On success, a valid CurrentUser object is
  * returned.
  *
  * @param  boolean $ip_check Check th IP address
  * @return mixed
  */
 public static function getFromSession($ip_check = false)
 {
     // there is no valid user object in session
     if (!isset($_SESSION[PMF_SESSION_CURRENT_USER]) || !isset($_SESSION[PMF_SESSION_ID_TIMESTAMP])) {
         return null;
     }
     // create a new CurrentUser object
     $user = new PMF_User_CurrentUser();
     $user->getUserById($_SESSION[PMF_SESSION_CURRENT_USER]);
     // user object is timed out
     if ($user->sessionIsTimedOut()) {
         $user->deleteFromSession();
         return null;
     }
     // session-id not found in user table
     $session_info = $user->getSessionInfo();
     $session_id = isset($session_info['session_id']) ? $session_info['session_id'] : '';
     if ($session_id == '' || $session_id != session_id()) {
         return false;
     }
     // check ip
     if ($ip_check and $session_info['ip'] != $_SERVER['REMOTE_ADDR']) {
         return false;
     }
     // session-id needs to be updated
     if ($user->sessionIdIsTimedOut()) {
         $user->updateSessionId();
     }
     // user is now logged in
     $user->logged_in = true;
     // save current user to session and return the instance
     $user->saveToSession();
     return $user;
 }