/** * Logs out a user and resets the complete session * @author Clemens John <*****@*****.**> * @return boolean true if the logout was successfull */ public function user_logout() { if (!isset($_SESSION['user_id'])) { $messages[] = array("Sie können sich nicht ausloggen, wenn Sie nicht eingeloggt sind", 2); Message::setMessage($messages); return false; } else { //destroy current session //to correctly destroy a session look at http://php.net/manual/de/function.session-destroy.php $stmt = DB::getInstance()->prepare("UPDATE users SET session_id = ? WHERE id = ?"); $stmt->execute(array('', $_SESSION['user_id'])); //delete all Remember-Mes from the database (TODO: this could be improved by storing //the current session id along with the remember me and then delete only the remember me //coresponding to the current session. $user_remember_me_list = new UserRememberMeList($_SESSION['user_id']); $user_remember_me_list->delete(); unset($_SESSION); unset($_COOKIE); setcookie("remember_me", "", time() - 60 * 60 * 24 * 14); setcookie(session_name(), '', time() - 3600, '/'); if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); } session_destroy(); session_start(); $messages[] = array("Sie wurden ausgeloggt und ihre Benutzersession wurde gelöscht!", 1); Message::setMessage($messages); return true; } }
/** * Deletes a user and all of the objects he owns * @author Clemens John <*****@*****.**> */ public function delete() { //Delete routers $routerlist = new Routerlist(false, $this->getUserId()); $routerlist->delete(); //Delete api keys $api_key_list = new ApiKeyList($this->getUserId(), 'user'); $api_key_list->delete(); //Delete user remember mes $user_remember_me_list = new UserRememberMeList($this->getUserId()); $user_remember_me_list->delete(); //delete the user from the database try { $stmt = DB::getInstance()->prepare("DELETE FROM users WHERE id=?"); $stmt->execute(array($this->getUserId())); } catch (PDOException $e) { echo $e->getMessage(); return false; } return true; }