public static function isApiKeyAvailable($api_key)
{
$b = false;
$sql = "SELECT u ";
$sql .= "FROM " . self::TABLE_NAME . " u ";
$sql .= "WHERE u.apikey = '{$api_key}'";
$result = DbResource::getEntityManager()->createQuery($sql)->getOneOrNullResult();
if ($result === null) {
$b = true;
}
return $b;
}
/**
* checks for session concurrency
*
* This is done as the following:
* UserA logs in with his session id('123') and it will be stored in the database.
* Then, UserB logs in also using the same email and password of UserA from another PC,
* and also store the session id('456') in the database
*
* Now, Whenever UserA performs any action,
* You then check the session_id() against the last one stored in the database('456'),
* If they don't match then log both of them out.
*
* @access public
* @static static method
* @return bool
* @see Session::updateSessionId()
* @see http://stackoverflow.com/questions/6126285/php-stop-concurrent-user-logins
*/
public static function isConcurrentSessionExists()
{
$b = false;
if (session_status() === PHP_SESSION_ACTIVE) {
$session_id = session_id();
$userName = Session::getDecoded(Session::SESSION_USER_NAME);
// \Slim\Slim::getInstance()->log->debug("\$session_id : " . $session_id);
// \Slim\Slim::getInstance()->log->debug("\$userName : "******"SELECT u FROM " . UserModel::TABLE_NAME . " u WHERE u.username = '******'";
$result = DbResource::getEntityManager()->createQuery($dql)->getResult();
// return one row (we only have one result or nothing)
$user = array_shift($result);
if ($user) {
//if(!empty($result)){ // Questo statement è un bug nel codice originale di PANIQUE (lasciare qui il commento)
$userSessionId = $user->getSessionid();
}
// \Slim\Slim::getInstance()->log->debug("\$userSessionId : " . $userSessionId);
if ($userSessionId && $session_id !== $userSessionId) {
$b = true;
}
}
}
// \Slim\Slim::getInstance()->log->debug("isConcurrentSessionExists: " . $b);
return $b;
}
/**
* checks the email/verification code combination and set the user's activation status to true in the database
*
* @param string $user_name
* @param string $ua_verification_code verification token
*
* @return bool success status
*/
public static function verifyNewUser($user_name, $ua_verification_code)
{
$dql = "UPDATE " . User::TABLE_NAME . " u SET u.active = 1, u.activationhash = NULL WHERE u.username = '******' AND u.activationhash = '" . $ua_verification_code . "'";
$numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
if ($numUpdated == 1) {
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL'));
return true;
}
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED'));
return false;
}
/**
* Deletes the cookie
* It's necessary to split deleteCookie() and logout() as cookies are deleted without logging out too!
* Sets the remember-me-cookie to ten years ago (3600sec * 24 hours * 365 days * 10).
* that's obviously the best practice to kill a cookie @see http://stackoverflow.com/a/686166/1114320
*/
public static function deleteCookie($user_name = null)
{
// is $user_name was set, then clear remember_me token in database
if ($user_name) {
$user_name = Filter::html_entity_invert($user_name);
$user = UserModel::getByUsername($user_name);
$user->setRemembermetoken(NULL);
$em = DbResource::getEntityManager();
$em->persist($user);
$em->flush();
}
// delete remember_me cookie in browser
setcookie(self::COOKIE_REMEMBER_ME, false, time() - 3600 * 24 * 3650, Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http'));
}
public static function writeNewFbUserToDatabase($fb_graph_user, $accessToken)
{
if ($fb_graph_user) {
$fb_id = $fb_graph_user->getId();
$email = $fb_graph_user->getEmail();
$display = $fb_graph_user->getName();
$first_name = $fb_graph_user->getFirstName();
$middle_name = $fb_graph_user->getMiddleName();
$last_name = $fb_graph_user->getLastName();
$pic_url = $fb_graph_user->getPicture()->getUrl();
$now = new \DateTime();
$now->setTimestamp(time());
$ip = IubarFattureApp::getInstance()->request->getIp();
$fbUser = new Userexternal();
$fbUser->setId($fb_id);
$fbUser->setDisplay($display);
$fbUser->setEmail($email);
$fbUser->setFirstName($first_name);
$fbUser->setMiddleName($middle_name);
$fbUser->setLastName($last_name);
$fbUser->setPictureUrl($pic_url);
$fbUser->setCreationtime($now);
$fbUser->setCreationip($ip);
$fbUser->setAccesstoken($accessToken);
// TODO: insieme ad accessToken devo
// $fbUser->setAccesstokenexpireat()
// $fbUser->setAccesstokenscope()
$fbUser->setProvidertype(UserModel::PROVIDER_TYPE_FB);
try {
$em = DbResource::getEntityManager();
$em->persist($fbUser);
$em->flush();
return true;
} catch (Exception $e) {
return false;
}
}
}
/**
* Writes new email address to database
*
* @param $user_name string
* @param $new_user_email string new email address
*
* @return bool
*/
public static function saveNewEmailAddress($user_name, $new_user_email)
{
$dql = "UPDATE " . self::TABLE_NAME . " u SET u.email = '" . $new_user_email . "' WHERE u.username = '******'";
$numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
if ($numUpdated == 1) {
return true;
}
return false;
}
/**
* Delete a user's avatar
*
* @param int $userName
* @return bool success
*/
public static function deleteAvatar($userName)
{
if (!$userName) {
//TODO: aggiungere altri eventuali controlli
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
return false;
}
// try to delete image, but still go on regardless of file deletion result
self::deleteAvatarImageFile($userName);
$dql = "UPDATE " . UserModel::TABLE_NAME . " u SET u.hasavatar = 0 WHERE u.username = '******'";
$numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
if ($numUpdated == 1) {
Session::set(Session::SESSION_USER_AVATAR_FILE, self::getPublicUserAvatarFilePathByUserName($userName));
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_SUCCESSFUL"));
return true;
} else {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
return false;
}
}
/**
* Writes the new password to the database
*
* @param string $user_name
* @param string $user_password_hash
*
* @return bool
*/
public static function saveChangedPassword($user_name, $user_password_hash)
{
$dql = "UPDATE " . UserModel::TABLE_NAME . " u SET";
$dql .= " u.pwdhash = '" . $user_password_hash . "'";
$dql .= " WHERE u.username = '******'";
$dql .= " AND u.providertype = '" . UserModel::PROVIDER_TYPE_DEFAULT . "'";
$numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
// if one result exists, return true, else false. Could be written even shorter btw.
return $numUpdated == 1 ? true : false;
}