/** * Write remember-me token into database and into cookie * Maybe splitting this into database and cookie part ? * * @param $user_name string */ public static function setRememberMeInDatabaseAndCookie($user_name) { $user = UserModel::getByUsername($user_name); // generate 64 char random string $random_token_string = hash('sha256', mt_rand()); // write that token into database $user->setRemembermetoken($random_token_string); $em = DbResource::getEntityManager(); $em->persist($user); $em->flush(); // generate cookie string that consists of user id, random string and combined hash of both // never expose the original user id, instead, encrypt it. $cookie_string_first_part = Encryption::encrypt($user_name) . ':' . $random_token_string; $cookie_string_hash = hash('sha256', $user_name . ':' . $random_token_string); $cookie_string = $cookie_string_first_part . ':' . $cookie_string_hash; // set cookie, and make it available only for the domain created on (to avoid XSS attacks, where the // attacker could steal your remember-me cookie string and would login itself). // If you are using HTTPS, then you should set the "secure" flag (the second one from right) to true, too. // @see http://www.php.net/manual/en/function.setcookie.php setcookie(self::COOKIE_REMEMBER_ME, $cookie_string, time() + Config::get('cookie.runtime'), Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http')); }
/** * Sends the verification email (to confirm the account). * The construction of the mail $body looks weird at first, but it's really just a simple string. * * @param string $user_name * @param string $user_email user's email * @param string $user_activation_hash user's mail verification hash string * * @return boolean gives back true if mail has been sent, gives back false if no mail could been sent */ private static function sendVerificationEmail($user_name, $user_email, $user_activation_hash) { $app = \Slim\Slim::getInstance(); $url = $app->config('app.baseurl') . '/' . Config::get('email.verification.url') . '/' . urlencode($user_activation_hash) . "?user_name=" . urlencode(Encryption::encrypt($user_name)); $subject = Config::get('email.verification.subject'); $body = Config::get('email.verification.content') . ' <a href="' . $url . '">' . $url . '</a>'; $mail = new \Iubar\Login\Core\EmailSender(); $mail->setTo($user_email); $mail->setSubject($subject); $mail->setBodyHtml($body); $mail_sent = $mail->go(true); if ($mail_sent) { Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_SUCCESSFUL')); return true; } else { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_ERROR')); return false; } }
/** * Send the password reset mail * * @param string $user_name username * @param string $user_password_reset_hash password reset hash * @param string $user_email user email * * @return bool success status */ public static function sendPasswordResetMail($user_name, $user_password_reset_hash, $user_email) { // create email body $app = \Slim\Slim::getInstance(); $url = $app->config('app.baseurl') . '/' . Config::get('email.pwdreset.url') . '/' . urlencode($user_password_reset_hash) . "?user_name=" . urlencode(Encryption::encrypt($user_name)); $subject = Config::get('email.pwdreset.subject'); $body = Config::get('email.pwdreset.content') . ' <a href="' . $url . '">' . $url . '</a>'; // create instance of EmailSender class, try sending and check $mail = new \Application\Core\EmailSender(); $mail->setTo($user_email); $mail->setSubject($subject); $mail->setBodyHtml($body); $mail_sent = $mail->go(true); if ($mail_sent) { Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_PASSWORD_RESET_MAIL_SENDING_SUCCESSFUL')); return true; } Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_RESET_MAIL_SENDING_ERROR')); return false; }