/** * Sets the deletion and suspension values * * @param $suspensionInDays * @param $softDelete * @param $userId */ public static function setAccountSuspensionAndDeletionStatus($suspensionInDays, $softDelete, $userId) { // Prevent to suspend or delete own account. // If admin suspend or delete own account will not be able to do any action. if ($userId == Session::get('user_id')) { Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_CANT_DELETE_SUSPEND_OWN')); return false; } if ($suspensionInDays > 0) { $suspensionTime = time() + $suspensionInDays * 60 * 60 * 24; } else { $suspensionTime = null; } // FYI "on" is what a checkbox delivers by default when submitted. Didn't know that for a long time :) if ($softDelete == "on") { $delete = 1; } else { $delete = 0; } // write the above info to the database self::writeDeleteAndSuspensionInfoToDatabase($userId, $suspensionTime, $delete); // if suspension or deletion should happen, then also kick user out of the application instantly by resetting // the user's session :) if ($suspensionTime != null || ($delete = 1)) { self::resetUserSession($userId); } }
/** * Checks if the entered captcha is the same like the one from the rendered image which has been saved in session * @param $captcha string The captcha characters * @return bool success of captcha check */ public static function checkCaptcha($captcha) { if ($captcha == Session::get('captcha')) { return true; } return false; }
/** * Create an avatar picture (and checks all necessary things too) * TODO decouple * TODO total rebuild */ public static function createAvatar() { // check avatar folder writing rights, check if upload fits all rules if (self::isAvatarFolderWritable() && self::validateImageFile()) { // create a jpg file in the avatar folder, write marker to database $target_file_path = Config::get('PATH_AVATARS') . Session::get('user_id'); self::resizeAvatarImage($_FILES['avatar_file']['tmp_name'], $target_file_path, Config::get('AVATAR_SIZE'), Config::get('AVATAR_SIZE')); self::writeAvatarToDatabase(Session::get('user_id')); Session::set('user_avatar_file', self::getPublicUserAvatarFilePathByUserId(Session::get('user_id'))); Session::add('feedback_positive', Text::get('FEEDBACK_AVATAR_UPLOAD_SUCCESSFUL')); } }
/** * Writes the new account type marker to the database and to the session * * @param $type * * @return bool */ public static function saveRoleToDatabase($type) { // if $type is not 1 or 2 if (!in_array($type, [1, 2])) { return false; } $database = DatabaseFactory::getFactory()->getConnection(); $query = $database->prepare("UPDATE users SET user_account_type = :new_type WHERE user_id = :user_id LIMIT 1"); $query->execute(array(':new_type' => $type, ':user_id' => Session::get('user_id'))); if ($query->rowCount() == 1) { // set account type in session Session::set('user_account_type', $type); return true; } return false; }
/** * Log out process: delete cookie, delete session */ public static function logout() { $user_id = Session::get('user_id'); self::deleteCookie($user_id); Session::destroy(); Session::updateSessionId($user_id); }
/** * Password Change Action * Submit form, if retured positive redirect to index, otherwise show the changePassword page again */ public function changePassword_action() { $result = PasswordResetModel::changePassword(Session::get('user_name'), Request::post('user_password_current'), Request::post('user_password_new'), Request::post('user_password_repeat')); if ($result) { Redirect::to('user/index'); } else { Redirect::to('user/changePassword'); } }
<?php use Huge\Core\Session; // get the feedback (they are arrays, to make multiple positive/negative messages possible) $feedback_positive = Session::get('feedback_positive'); $feedback_negative = Session::get('feedback_negative'); // echo out positive messages if (isset($feedback_positive)) { foreach ($feedback_positive as $feedback) { echo '<div class="feedback success">' . $feedback . '</div>'; } } // echo out negative messages if (isset($feedback_negative)) { foreach ($feedback_negative as $feedback) { echo '<div class="feedback error">' . $feedback . '</div>'; } }
</li> <li <?php if (View::checkForActiveController($filename, "login")) { echo ' class="active" '; } ?> > <a href="<?php echo Config::get('URL'); ?> login/logout">Logout</a> </li> </ul> </li> <?php if (Session::get("user_account_type") == 7) { ?> <li <?php if (View::checkForActiveController($filename, "admin")) { echo ' class="active" '; } ?> > <a href="<?php echo Config::get('URL'); ?> admin/">Admin</a> </li> <?php } ?>
/** * Delete a specific note * @param int $note_id id of the note * @return bool feedback (was the note deleted properly ?) */ public static function deleteNote($note_id) { if (!$note_id) { return false; } $database = DatabaseFactory::getFactory()->getConnection(); $sql = "DELETE FROM notes WHERE note_id = :note_id AND user_id = :user_id LIMIT 1"; $query = $database->prepare($sql); $query->execute(array(':note_id' => $note_id, ':user_id' => Session::get('user_id'))); if ($query->rowCount() == 1) { return true; } // default return Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_DELETION_FAILED')); return false; }
/** * Edit the user's email * * @param $new_user_email * * @return bool success status */ public static function editUserEmail($new_user_email) { // email provided ? if (empty($new_user_email)) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_FIELD_EMPTY')); return false; } // check if new email is same like the old one if ($new_user_email == Session::get('user_email')) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE')); return false; } // user's email must be in valid email format, also checks the length // @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length // @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN')); return false; } // strip tags, just to be sure $new_user_email = substr(strip_tags($new_user_email), 0, 254); // check if user's email already exists if (self::doesEmailAlreadyExist($new_user_email)) { Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN')); return false; } // write to database, if successful ... // ... then write new email to session, Gravatar too (as this relies to the user's email address) if (self::saveNewEmailAddress(Session::get('user_id'), $new_user_email)) { Session::set('user_email', $new_user_email); Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($new_user_email)); Session::add('feedback_positive', Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL')); return true; } Session::add('feedback_negative', Text::get('FEEDBACK_UNKNOWN_ERROR')); return false; }
</p> <p> Please note: This whole process has been renamed from AccountType (v3.0) to UserRole (v3.1). </p> <h2>Currently your account type is: <?php echo Session::get('user_account_type'); ?> </h2> <!-- basic implementation for two account types: type 1 and type 2 --> <form action="<?php echo Config::get('URL'); ?> user/changeUserRole_action" method="post"> <?php if (Session::get('user_account_type') == 1) { ?> <input type="submit" name="user_account_upgrade" value="Upgrade my account (to Premium User)" /> <?php } else { if (Session::get('user_account_type') == 2) { ?> <input type="submit" name="user_account_downgrade" value="Downgrade my account (to Basic User)" /> <?php } } ?> </form> </div> </div>