예제 #1
0
 /**
  * performs the login via cookie (for DEFAULT user account, FACEBOOK-accounts are handled differently)
  * TODO add throttling here ?
  *
  * @param $cookie string The cookie "remember_me"
  *
  * @return bool success state
  */
 public static function loginWithCookie($cookie)
 {
     if (!$cookie) {
         Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
         return false;
     }
     // check cookie's contents, check if cookie contents belong together or token is empty
     list($user_id, $token, $hash) = explode(':', $cookie);
     if ($hash !== hash('sha256', $user_id . ':' . $token) or empty($token)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
         return false;
     }
     // get data of user that has this id and this token
     $result = UserModel::getUserDataByUserIdAndToken($user_id, $token);
     if ($result) {
         // successfully logged in, so we write all necessary data into the session and set "user_logged_in" to true
         self::setSuccessfulLoginIntoSession($result->user_id, $result->user_name, $result->user_email, $result->user_account_type);
         // save timestamp of this login in the database line of that user
         self::saveTimestampOfLoginOfUser($result->user_name);
         Session::add('feedback_positive', Text::get('FEEDBACK_COOKIE_LOGIN_SUCCESSFUL'));
         return true;
     } else {
         Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
         return false;
     }
 }
예제 #2
0
 /**
  * Validate the password submission
  *
  * @param $user_name
  * @param $user_password_reset_hash
  * @param $user_password_new
  * @param $user_password_repeat
  *
  * @return bool
  */
 public static function validateNewPassword($user_name, $user_password_reset_hash, $user_password_new, $user_password_repeat)
 {
     if (empty($user_name)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_FIELD_EMPTY'));
         return false;
     } else {
         if (empty($user_password_new) || empty($user_password_repeat)) {
             Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY'));
             return false;
         } else {
             if ($user_password_new !== $user_password_repeat) {
                 Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG'));
                 return false;
             } else {
                 if (strlen($user_password_new) < 6) {
                     Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
                     return false;
                 }
             }
         }
     }
     return true;
 }
예제 #3
0
 /**
  * Edit the user's email
  *
  * @param $new_user_email
  *
  * @return bool success status
  */
 public static function editUserEmail($new_user_email)
 {
     // email provided ?
     if (empty($new_user_email)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_FIELD_EMPTY'));
         return false;
     }
     // check if new email is same like the old one
     if ($new_user_email == Session::get('user_email')) {
         Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE'));
         return false;
     }
     // user's email must be in valid email format, also checks the length
     // @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length
     // @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address
     if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN'));
         return false;
     }
     // strip tags, just to be sure
     $new_user_email = substr(strip_tags($new_user_email), 0, 254);
     // check if user's email already exists
     if (UserModel::doesEmailAlreadyExist($new_user_email)) {
         Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
         return false;
     }
     // write to database, if successful ...
     // ... then write new email to session, Gravatar too (as this relies to the user's email address)
     if (UserModel::saveNewEmailAddress(Session::get('user_id'), $new_user_email)) {
         Session::set('user_email', $new_user_email);
         Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($new_user_email));
         Session::add('feedback_positive', Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL'));
         return true;
     }
     Session::add('feedback_negative', Text::get('FEEDBACK_UNKNOWN_ERROR'));
     return false;
 }