/**
* Initializes the user, setting them up as a member or guest, and
* checking for automatic logins.
*
* @param RPG_Model $model Instance of a user model.
* @param RPG_Session $session Instance of session class.
* @param RPG_Input $input Instance of input class.
*/
public function __construct($model = null, $session = null, $input = null)
{
if ($model === null) {
$model = RPG::model('user');
}
if ($session === null) {
$session = RPG::session();
}
if ($input === null) {
$input = RPG::input();
}
$this->_model = $model;
$this->_session = $session;
$this->_input = $input;
// try to see if we're logged in according to the session
if ($this->isLoggedIn()) {
// setup registered user
$this->setupMember();
} else {
if (!$this->_attemptAutoLogin()) {
// if auto-login failed, we're a guest
$this->setupGuest();
}
}
}
/**
* Logs the user out of the system.
*
* GET Parameters
* - hash: string
* - returnto: string
*/
public function doLogout()
{
$user = RPG::user();
$hash = RPG::input()->get('hash', 'string');
if ($hash === sha1($user->id . sha1($user->salt) . sha1($user->name) . sha1(RPG::config('cookieSalt')))) {
$user->clearAutoLogin();
RPG::session()->regenerateId();
RPG::session()->loggedIn = false;
RPG::session()->userId = 0;
$user->setupGuest();
RPG::session()->setFlash('frontend_message', 'Logged out successfully.');
} else {
RPG::session()->setFlash('frontend_error', 'Invalid logout hash.');
}
$returnTo = urldecode(RPG::input()->get('returnto', 'string'));
$query = array();
if (strpos($returnTo, '?') !== false) {
list($path, $queryString) = explode('?', $returnTo);
parse_str($queryString, $query);
} else {
$path = $returnTo;
}
RPG::view()->redirect($path, $query);
}
/**
* Validates the form token given in a request.
*
* @param string $formKey Unique form key.
* @return bool
* @throws RPG_Exception_Token in case of error.
*/
public function checkFormToken($formKey)
{
// pick the token from the request
$userToken = RPG::input()->post('csrf_token', 'string');
// token wasn't there?
if (empty($userToken)) {
throw new RPG_Exception_Token(RPG_Exception_Token::MISSING);
}
// token wasn't set server-side?
if (!isset($_SESSION['_csrf'][$formKey])) {
throw new RPG_Exception_Token(RPG_Exception_Token::INVALID);
}
list($time, $token) = explode('|', $_SESSION['_csrf'][$formKey]);
// token expired?
if (intval($time) < RPG_NOW - self::FORM_TOKEN_MAX_AGE) {
throw new RPG_Exception_Token(RPG_Exception_Token::EXPIRED);
}
// check to make sure tokens match
if ($userToken !== $token) {
throw new RPG_Exception_Token(RPG_Exception_Token::INVALID);
}
// remove existing token and return success.
unset($_SESSION['_csrf'][$formKey]);
return true;
}
$this->escape(RPG::user()->name);
?>
</strong></a>
<a href="<?php
echo $this->url('auth/logout', array('hash' => RPG::user()->logouthash, 'returnto' => RPG::input()->getPath(true)));
?>
">Logout</a>
<?php
} else {
?>
<form action="<?php
echo $this->url('auth/login');
?>
" method="post">
<input type="hidden" name="returnto" value="<?php
$this->escape(RPG::input()->getPath(true));
?>
" />
<input type="hidden" name="csrf_token" value="<?php
$this->escape(RPG::session()->getFormToken('core_login'));
?>
" />
<input type="text" name="username" id="login_username" size="12" value="Username" title="Username" />
<input type="password" name="password" id="login_password" size="12" value="Password" title="Password" />
<!--<label for="login_remember">Remember Me </label>--><input type="checkbox" name="remember" id="login_remember" value="1" title="Remember me" />
<input type="submit" value="Log in" />
</form>
<!-- <a href="<?php
echo $this->url('auth/register');
?>
">Register</a> -->
/**
* Prints your standard "Hello, world!" to the browser.
*/
public function doWorld()
{
echo 'path: ', RPG::input()->getPath(), '?', $_SERVER['QUERY_STRING'];
}
/**
* Processes the current request, handing it off to the proper
* controller and action.
*/
public function processRequest()
{
$path = RPG::input()->getPath();
$parts = $this->getUrlParts($path);
$controller = $this->_getController($parts['controller']);
$action = $this->_getActionName($parts['action']);
$this->_parameters = $parts['params'];
if (!method_exists($controller, $action)) {
array_unshift($parts['params'], $this->_action);
$action = 'do404';
$this->_action = '404';
//throw new RPG_Exception('Action "' . $action . '" does not exist.');
}
call_user_func_array(array($controller, $action), $parts['params']);
}
