/** * surfer has been authenticated * * This function copies user attributes in session storage area. * * Following named attributes from the provided array are copied in session storage area: * - $fields['id'] - id of the logged surfer * - $fields['nick_name'] - nick name of the logged surfer * - $fields['email'] - email address * - $fields['editor'] - preferred on-line editor * - $fields['capability'] - 'A'ssociate or 'M'ember or 'S'ubscriber or '?' * - $fields['phone_number'] - phone number (international format) * * We also remember the IP address of the authenticating workstation, * and the root path of the instance that has validated the surfer. * * @param array session attributes * @param boolean TRUE to remind date of last login in user record */ public static function set($fields, $update_flag = FALSE) { global $context; // save session attributes $_SESSION['surfer_id'] = isset($fields['id']) ? $fields['id'] : ''; $_SESSION['surfer_language'] = isset($fields['language']) ? $fields['language'] : 'none'; if (isset($fields['full_name']) && $fields['full_name']) { $_SESSION['surfer_name'] = $fields['full_name']; } elseif (isset($fields['nick_name']) && $fields['nick_name']) { $_SESSION['surfer_name'] = $fields['nick_name']; } else { $_SESSION['surfer_name'] = ''; } $_SESSION['surfer_email_address'] = isset($fields['email']) ? $fields['email'] : ''; $_SESSION['surfer_phone_number'] = isset($fields['phone_number']) ? $fields['phone_number'] : ''; // provide a default capability only to recorded users if (!$_SESSION['surfer_id']) { $default_capability = ''; } elseif (isset($context['users_with_approved_members']) && $context['users_with_approved_members'] == 'Y') { $default_capability = 'S'; } elseif (isset($context['users_with_email_validation']) && $context['users_with_email_validation'] == 'Y') { $default_capability = 'S'; } else { $default_capability = 'M'; } $_SESSION['surfer_capability'] = isset($fields['capability']) ? $fields['capability'] : $default_capability; // editor preference if (isset($fields['editor'])) { $_SESSION['surfer_editor'] = $fields['editor']; } if (!isset($_SESSION['surfer_editor']) || !$_SESSION['surfer_editor']) { $_SESSION['surfer_editor'] = $context['users_default_editor']; } // interface preference if (isset($fields['interface']) && $fields['interface'] == 'C') { $_SESSION['surfer_interface'] = 'C'; } else { $_SESSION['surfer_interface'] = 'I'; } // remember the address of the authenticating workstation if (isset($_SERVER['REMOTE_ADDR'])) { $_SESSION['workstation_id'] = $_SERVER['REMOTE_ADDR']; } // remember the authenticating instance if (isset($context['url_to_root']) && $context['url_to_root']) { $_SESSION['server_id'] = $context['url_to_root']; } // the surfer has been authenticated, do not challenge him anymore $_SESSION['surfer_is_not_a_robot'] = TRUE; // update user record if (isset($fields['id'])) { // clear tentatives of authentication $query = array(); $query[] = 'authenticate_failures=0'; // remember the date of login if ($update_flag) { $query[] = "login_date='" . gmstrftime('%Y-%m-%d %H:%M:%S') . "'"; $query[] = "login_address='" . $_SERVER['REMOTE_ADDR'] . "'"; } // do the update $query = "UPDATE " . SQL::table_name('users') . " SET " . implode(', ', $query) . " WHERE id = " . $fields['id']; SQL::query($query, FALSE, $context['users_connection']); } // set a semi-permanent cookie for user identification if (isset($fields['handle']) && $fields['handle'] && isset($context['users_with_permanent_authentication']) && $context['users_with_permanent_authentication'] == 'Y') { // time of authentication $now = (string) time(); // token is made of: user id, time of login, gmt offset, salt --salt combines date of login with secret handle $token = $fields['id'] . '|' . $now . '|' . Surfer::get_gmt_offset() . '|' . md5($now . '|' . $fields['handle']); // attempt to set this cookie while answering the current request Surfer::set_cookie('screening', $token); // we will do it again on next transaction, to take care of redirections, if any $_SESSION['surfer_token'] = $token; } }