/** * Initializes the user, setting them up as a member or guest, and * checking for automatic logins. * * @param RPG_Model $model Instance of a user model. * @param RPG_Session $session Instance of session class. * @param RPG_Input $input Instance of input class. */ public function __construct($model = null, $session = null, $input = null) { if ($model === null) { $model = RPG::model('user'); } if ($session === null) { $session = RPG::session(); } if ($input === null) { $input = RPG::input(); } $this->_model = $model; $this->_session = $session; $this->_input = $input; // try to see if we're logged in according to the session if ($this->isLoggedIn()) { // setup registered user $this->setupMember(); } else { if (!$this->_attemptAutoLogin()) { // if auto-login failed, we're a guest $this->setupGuest(); } } }
/** * Logs the user out of the system. * * GET Parameters * - hash: string * - returnto: string */ public function doLogout() { $user = RPG::user(); $hash = RPG::input()->get('hash', 'string'); if ($hash === sha1($user->id . sha1($user->salt) . sha1($user->name) . sha1(RPG::config('cookieSalt')))) { $user->clearAutoLogin(); RPG::session()->regenerateId(); RPG::session()->loggedIn = false; RPG::session()->userId = 0; $user->setupGuest(); RPG::session()->setFlash('frontend_message', 'Logged out successfully.'); } else { RPG::session()->setFlash('frontend_error', 'Invalid logout hash.'); } $returnTo = urldecode(RPG::input()->get('returnto', 'string')); $query = array(); if (strpos($returnTo, '?') !== false) { list($path, $queryString) = explode('?', $returnTo); parse_str($queryString, $query); } else { $path = $returnTo; } RPG::view()->redirect($path, $query); }
/** * Validates the form token given in a request. * * @param string $formKey Unique form key. * @return bool * @throws RPG_Exception_Token in case of error. */ public function checkFormToken($formKey) { // pick the token from the request $userToken = RPG::input()->post('csrf_token', 'string'); // token wasn't there? if (empty($userToken)) { throw new RPG_Exception_Token(RPG_Exception_Token::MISSING); } // token wasn't set server-side? if (!isset($_SESSION['_csrf'][$formKey])) { throw new RPG_Exception_Token(RPG_Exception_Token::INVALID); } list($time, $token) = explode('|', $_SESSION['_csrf'][$formKey]); // token expired? if (intval($time) < RPG_NOW - self::FORM_TOKEN_MAX_AGE) { throw new RPG_Exception_Token(RPG_Exception_Token::EXPIRED); } // check to make sure tokens match if ($userToken !== $token) { throw new RPG_Exception_Token(RPG_Exception_Token::INVALID); } // remove existing token and return success. unset($_SESSION['_csrf'][$formKey]); return true; }
$this->escape(RPG::user()->name); ?> </strong></a> <a href="<?php echo $this->url('auth/logout', array('hash' => RPG::user()->logouthash, 'returnto' => RPG::input()->getPath(true))); ?> ">Logout</a> <?php } else { ?> <form action="<?php echo $this->url('auth/login'); ?> " method="post"> <input type="hidden" name="returnto" value="<?php $this->escape(RPG::input()->getPath(true)); ?> " /> <input type="hidden" name="csrf_token" value="<?php $this->escape(RPG::session()->getFormToken('core_login')); ?> " /> <input type="text" name="username" id="login_username" size="12" value="Username" title="Username" /> <input type="password" name="password" id="login_password" size="12" value="Password" title="Password" /> <!--<label for="login_remember">Remember Me </label>--><input type="checkbox" name="remember" id="login_remember" value="1" title="Remember me" /> <input type="submit" value="Log in" /> </form> <!-- <a href="<?php echo $this->url('auth/register'); ?> ">Register</a> -->
/** * Prints your standard "Hello, world!" to the browser. */ public function doWorld() { echo 'path: ', RPG::input()->getPath(), '?', $_SERVER['QUERY_STRING']; }
/** * Processes the current request, handing it off to the proper * controller and action. */ public function processRequest() { $path = RPG::input()->getPath(); $parts = $this->getUrlParts($path); $controller = $this->_getController($parts['controller']); $action = $this->_getActionName($parts['action']); $this->_parameters = $parts['params']; if (!method_exists($controller, $action)) { array_unshift($parts['params'], $this->_action); $action = 'do404'; $this->_action = '404'; //throw new RPG_Exception('Action "' . $action . '" does not exist.'); } call_user_func_array(array($controller, $action), $parts['params']); }