/**
* renders the feedback messages into the view
*/
public function getFeedbackNegativeMessages()
{
// echo out the feedback messages (errors and success messages etc.),
// they are in $_SESSION["feedback_positive"] and $_SESSION["feedback_negative"]
// get the feedback (they are arrays, to make multiple positive/negative messages possible)
$feedback_negative = Session::get(Session::SESSION_FEEDBACK_NEGATIVE);
// delete these messages (as they are not needed anymore and we want to avoid to show them twice
Session::set(Session::SESSION_FEEDBACK_NEGATIVE, null);
return $feedback_negative;
}
/**
* The real login process: The user's data is written into the session.
* Cheesy name, maybe rename. Also maybe refactoring this, using an array.
*
* @param $user_name
* @param $user_name
* @param $user_email
* @param $user_account_type
*/
public static function setSuccessfulLoginIntoSession($user_name, $user_email, $user_account_type, $user_provider_type)
{
// Session::init();
Session::regenerateId();
Session::set(Session::SESSION_USER_NAME, $user_name);
Session::set(Session::SESSION_USER_EMAIL, $user_email);
Session::set(Session::SESSION_USER_ACCOUNT_TYPE, $user_account_type);
Session::set(Session::SESSION_USER_PROVIDER_TYPE, $user_provider_type);
// get and set avatars
Session::set(Session::SESSION_USER_AVATAR_FILE, AvatarModel::getPublicUserAvatarFilePathByUserName($user_name));
Session::set(Session::SESSION_USER_GRAVATAR_IMAGE_URL, AvatarModel::getGravatarLinkByEmail($user_email));
// finally, set user as logged-in
Session::set(Session::SESSION_USER_LOGGED_IN, true);
// update session id in database
Session::updateSessionId($user_name, session_id());
// set session cookie setting manually,
// Why? because you need to explicitly set session expiry, path, domain, secure, and HTTP.
// @see https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet#Cookies
setcookie(session_name(), session_id(), time() + Config::get('session.runtime'), Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http'));
\Slim\Slim::getInstance()->log->debug("Session name: " . session_name() . " id: " . session_id());
}
/**
* Edit the user's email
*
* @param $new_user_email
*
* @return bool success status
*/
public static function editUserEmail($new_user_email)
{
// email provided ?
if (empty($new_user_email)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_FIELD_EMPTY'));
return false;
}
// check if new email is same like the old one
if ($new_user_email == Session::getDecoded(Session::SESSION_USER_EMAIL)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE'));
return false;
}
// user's email must be in valid email format, also checks the length
// @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length
// @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address
if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN'));
return false;
}
// strip tags, just to be sure
$new_user_email = substr(strip_tags($new_user_email), 0, 254);
// check if user's email already exists
if (self::doesEmailAlreadyExist($new_user_email)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
return false;
}
// write to database, if successful ...
// ... then write new email to session, Gravatar too (as this relies to the user's email address)
if (self::saveNewEmailAddress(Session::getDecoded(Session::SESSION_USER_NAME), $new_user_email)) {
Session::set(Session::SESSION_USER_EMAIL, $new_user_email);
Session::set(Session::SESSION_USER_GRAVATAR_IMAGE_URL, AvatarModel::getGravatarLinkByEmail($new_user_email));
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL'));
return true;
}
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_UNKNOWN_ERROR'));
return false;
}
private static function loginFromJs2($fb_graph_user, $accessToken)
{
$fb_email = $fb_graph_user->getEmail();
IubarFattureApp::getInstance()->log->debug("Calling LoginModel::loginExternal()");
$login_successful = LoginModel::loginExternal($fb_email, UserModel::PROVIDER_TYPE_FB);
// check login status: if true, then redirect user to user/index, if false, then to login form again
if ($login_successful) {
IubarFattureApp::getInstance()->log->debug("Login successfully");
if (self::FORCE_TOKEN_REFRESH_AFTER_LOGIN) {
// Scambio l'access token con uno a lunga durata, lo salvo nel db e aggiorno l'oggeto Facebook.
IubarFattureApp::getInstance()->log->debug("Exchange access short live token '" . $accessToken . "' for a long live one");
$accessToken = self::getExtendAccessToken($accessToken);
// ask FB for a long-lived token
IubarFattureApp::getInstance()->log->debug("New log live token: '" . $accessToken . "'");
Session::set(Session::FACEBOOK_ACCESS_TOKEN, (string) $accessToken);
// qui il cast è obbligatorio perchè $accessToken è un oggetto
}
$scope = null;
// TODO:
$expire_date = null;
// TODO:
ExternalModel::writeAccessTokenToDb($fb_email, $accessToken, $scope, $expire_date, UserModel::PROVIDER_TYPE_FB);
self::getFb()->setDefaultAccessToken($accessToken);
$fb_id = $fb_graph_user->getId();
$fb_display = $fb_graph_user->getName();
$fb_pic_url = $fb_graph_user->getPicture()->getUrl();
Session::set(Session::FACEBOOK_DISPLAY_NAME, $fb_display);
Session::set(Session::FACEBOOK_PICTURE, $fb_pic_url);
Session::set(Session::FACEBOOK_ID, $fb_id);
}
return $login_successful;
}
/**
* Delete a user's avatar
*
* @param int $userName
* @return bool success
*/
public static function deleteAvatar($userName)
{
if (!$userName) {
//TODO: aggiungere altri eventuali controlli
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
return false;
}
// try to delete image, but still go on regardless of file deletion result
self::deleteAvatarImageFile($userName);
$dql = "UPDATE " . UserModel::TABLE_NAME . " u SET u.hasavatar = 0 WHERE u.username = '******'";
$numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute();
if ($numUpdated == 1) {
Session::set(Session::SESSION_USER_AVATAR_FILE, self::getPublicUserAvatarFilePathByUserName($userName));
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_SUCCESSFUL"));
return true;
} else {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
return false;
}
}
