/**
* @see IUserAuthentication::verifyAndUpdateCurrentUser()
*/
public function verifyAndUpdateCurrentUser(User $currentUser)
{
$db = DbConnection::getInstance();
$fromTable = $this->_website->getConfig('db_prefix') . '_user';
if (!isset($_SESSION[SESSION_PARAM_USERID]) || !$_SESSION[SESSION_PARAM_USERID]) {
// 'remember me' token
$rememberMe = CookieHelper::getCookieValue('user');
if ($rememberMe != null) {
$columns = 'id, passwort_salt, nick, email, lang';
$whereCondition = 'status = 1 AND tokenid = \'%s\'';
$result = $db->querySelect($columns, $fromTable, $whereCondition, $rememberMe);
$rememberedUser = $result->fetch_array();
$result->free();
if (isset($rememberedUser['id'])) {
$currentToken = SecurityUtil::generateSessionToken($rememberedUser['id'], $rememberedUser['passwort_salt']);
if ($currentToken === $rememberMe) {
$this->_login($rememberedUser, $db, $fromTable, $currentUser);
return;
} else {
CookieHelper::destroyCookie('user');
// invalid old token since most probably user agent changed
$columns = array('tokenid' => '');
$whereCondition = 'id = %d';
$parameter = $rememberedUser['id'];
$db->queryUpdate($columns, $fromTable, $whereCondition, $parameter);
}
} else {
CookieHelper::destroyCookie('user');
}
// user is neither in session nor with cookie logged on
} else {
return;
}
}
// get user data
$userid = isset($_SESSION[SESSION_PARAM_USERID]) ? $_SESSION[SESSION_PARAM_USERID] : 0;
if (!$userid) {
return;
}
$columns = 'id, nick, email, lang, premium_balance, picture';
$whereCondition = 'status = 1 AND id = %d';
$result = $db->querySelect($columns, $fromTable, $whereCondition, $userid);
if ($result->num_rows) {
$userdata = $result->fetch_array();
$this->_login($userdata, $db, $fromTable, $currentUser);
} else {
// user might got disabled in the meanwhile
$this->logoutUser($currentUser);
}
$result->free();
}
/**
* (non-PHPdoc)
* @see IActionController::executeAction()
*/
public function executeAction($parameters)
{
$loginMethodClass = $this->_websoccer->getConfig("login_method");
if (!class_exists($loginMethodClass)) {
throw new Exception("Login method class does not exist: " . $loginMethodClass);
}
$loginMethod = new $loginMethodClass($this->_websoccer, $this->_db);
// sign in with e-mail
if ($this->_websoccer->getConfig("login_type") == "email") {
$userId = $loginMethod->authenticateWithEmail($parameters["loginstr"], $parameters["loginpassword"]);
// sign in with user name
} else {
$userId = $loginMethod->authenticateWithUsername($parameters["loginstr"], $parameters["loginpassword"]);
}
// sign in failed
if (!$userId) {
sleep(SLEEP_SECONDS_ON_FAILURE);
throw new Exception($this->_i18n->getMessage("formlogin_invalid_data"));
}
SecurityUtil::loginFrontUserUsingApplicationSession($this->_websoccer, $userId);
// "remember me"
if (isset($parameters["rememberme"]) && $parameters["rememberme"] == 1) {
$fromTable = $this->_websoccer->getConfig("db_prefix") . "_user";
$whereCondition = "id = %d";
$parameter = $userId;
// get password salt
$result = $this->_db->querySelect("passwort_salt", $fromTable, $whereCondition, $parameter);
$saltinfo = $result->fetch_array();
$result->free();
$salt = $saltinfo["passwort_salt"];
if (!strlen($salt)) {
$salt = SecurityUtil::generatePasswordSalt();
}
$sessionToken = SecurityUtil::generateSessionToken($userId, $salt);
$columns = array("tokenid" => $sessionToken, "passwort_salt" => $salt);
$this->_db->queryUpdate($columns, $fromTable, $whereCondition, $parameter);
CookieHelper::createCookie("user", $sessionToken, REMEMBERME_COOKIE_LIFETIME_DAYS);
}
return strlen($this->_websoccer->getUser()->username) ? "office" : "enter-username";
}
