public function log_in($uid, $remember_me, $login_source) { $user_type = Network::get_user_type(PA::$network_info->network_id, $uid); if ($user_type == DISABLED_MEMBER) { throw new PAException(USER_ACCESS_DENIED, 'Your account has been temporarily disabled by the administrator.'); } $logged_user = new User(); // load user $logged_user->load((int) $uid); $logged_user->set_last_login(); PA::$login_user = $logged_user; register_session($logged_user->login_name, $logged_user->user_id, $logged_user->role, $logged_user->first_name, $logged_user->last_name, $logged_user->email, $logged_user->picture); if ($remember_me) { // set login cookie if ($this->login_cookie->is_new()) { $this->login_cookie->new_session($uid); } $cookie_value = $this->login_cookie->get_cookie(); $cookie_expiry = time() + LoginCookie::$cookie_lifetime; // update tracking info $this->login_cookie->update_tracking_info($_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR']); } else { // clear login cookie $cookie_value = ""; $cookie_expiry = 0; } // remember series ID, so we can destroy session on logout $_SESSION['login_series'] = $this->login_cookie->get_series(); // remember login source, so we know if it's safe to let user change password, etc $_SESSION['login_source'] = $login_source; // set new cookie for next login! (or delete cookie, if not remembering login) setcookie(PA_Login::$cookie_name, $cookie_value, $cookie_expiry, PA::$local_url, "." . PA::$domain_suffix); }
public function getCurrentUser() { global $page_uid, $page_user, $login_uid, $login_name, $login_user; require_once "api/User/User.php"; session_start(); PA::$login_uid = NULL; PA::$login_user = NULL; $login_uid = NULL; $login_name = NULL; $login_user = NULL; $this->CurrUser = isset($_SESSION['user']) ? $_SESSION['user'] : null; // Check if an authToken variable in GET and use it if available $authToken = isset($_GET['authToken']) ? $_GET['authToken'] : null; if ($authToken) { try { $user = new User(); $user = $this->getUserFromAuthToken($authToken); if ($user && $user->user_id) { // User is valid so log_in the user // Since we know that AuthToken was passed into the URL, we can assume this // user was redirected here from a partner web site. We need to log in the user // as if they logged in through the normal PeopleAggregator login form: // (ie. set all session variables just as if dologin.php was called). $referer = "external site"; if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; } $pal = new PA_Login(); $pal->log_in($user->user_id, false, $referer); // Set authToken as a session variable so that it can be accessed anywhere $_SESSION['authToken'] = $authToken; } } catch (Exception $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED, USER_TOKEN_INVALID, USER_TOKEN_EXPIRED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } } if ($this->CurrUser) { try { $user = new User(); $user->load((int) $this->CurrUser['id'], "user_id", TRUE); } catch (Exception $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } } if (isset($user) && $user) { // if the user variable is set if ($user->user_id) { $login_name = $this->CurrUser['name']; PA::$login_user = $login_user = $user; PA::$login_uid = $login_uid = $user->user_id; } if (PA::$login_uid) { PA::$login_user->update_user_time_spent(); User::track_status(PA::$login_uid); } } // If a user is specified on the query string as an ID (uid=123) or // login name (login=phil), validate the id/name and load the user // object. if (!empty($_GET['uid'])) { $page_uid = PA::$page_uid = (int) $_GET['uid']; $page_user = PA::$page_user = new User(); PA::$page_user->load(PA::$page_uid); } else { if (!empty($_GET['login'])) { $page_user = PA::$page_user = new User(); if (is_numeric($_GET['login'])) { PA::$page_user->load((int) $_GET['login']); } else { PA::$page_user->load($_GET['login']); } $page_uid = PA::$page_uid = PA::$page_user->user_id; } else { $page_uid = PA::$page_uid = $page_user = PA::$page_user = NULL; } } // Copy PA::$page_* into PA::$* if present, otherwise use PA::$login_*. if (PA::$page_uid) { $uid = PA::$uid = PA::$page_uid; $user = PA::$user = PA::$page_user; } else { $uid = PA::$uid = PA::$login_uid; $user = PA::$user = PA::$login_user; } session_commit(); }
function handle_request() { $json = new Services_JSON(); try { global $_PA, $HTTP_RAW_POST_DATA; if (!@$_PA->enable_widgetization_server) { $this->fail("Widget server is not enabled; you must set \$_PA->enable_widgetization_server = TRUE in local_config.php."); } if ($_SERVER['REQUEST_METHOD'] != 'POST') { $this->fail("This URL handles POST requests only"); } if ($_SERVER['CONTENT_TYPE'] != 'application/x-javascript') { $this->fail("Content-Type of application/x-javascript required"); } // Parse input $request = $json->decode($HTTP_RAW_POST_DATA); if ($request == NULL) { $this->fail("Null request"); } if (@$_PA->log_widget_requests) { Logger::log("WidgetServer::handle_request(): request={$HTTP_RAW_POST_DATA}", LOGGER_ACTION); } $this->global = $request->global; // This should probably be in config.inc. For the moment // we figure out the network based on the URL, as with the // rest of the system. PA::$network_info = get_network_info(); $lang = "english"; if (!empty($this->global->language)) { switch ($this->global->language) { case 'en': break; case 'fr': $lang = "french"; break; default: $this->fail("Unknown language: {$this->global}->language"); } } PA::load_language($lang); // Create items as required if (!empty($this->global->items)) { foreach ($this->global->items as $item) { $item_params = array(); foreach ($item as $k => $v) { $item_params[$k] = $v; } Item::sync($item_params); // create or update row in 'items' database table } } // Set up globals - network, user etc if (!empty($this->global->user)) { $user_info = array("user_id" => $this->global->user->id, "login_name" => $this->global->user->login, "email" => $this->global->user->email, "first_name" => $this->global->user->first_name, "last_name" => $this->global->user->last_name, "url" => $this->global->user->url, "thumbnail_url" => $this->global->user->thumbnail_url); // load (and sync!) or create a shadow user for the current remote user PA::$login_user = new ShadowUser($this->global->user->namespace); if (!PA::$login_user->load($user_info)) { // we haven't seen this remote user before - create account PA::$login_user = ShadowUser::create($this->global->user->namespace, $user_info, PA::$network_info); //FIXME: need to define what remote urls mean. in this case "url" should be used instead of /users/$login_name when generating internal urls, so it should go in a global profile block rather than something specific to the remote site. PA::$login_user->set_profile_field($this->global->user->namespace, "url", $this->global->user->url); } PA::$login_uid = PA::$login_user->user_id; } // Render modules $modules = array(); foreach ($request->modules as $req_module) { $module = array(); $module['id'] = $req_module->id; $module['name'] = $name = $req_module->name; $params = array(); foreach ($req_module->params as $k => $v) { $params[$k] = $v; } // clean up URLs that may have the port 80 specified // this would lead to cross server AJAX problems in safari etc // although we are actually on the same server // domain.tld:80/file/ and domain.tld/file/ foreach (array('get_url', 'ajax_url', 'post_url') as $i => $url) { $req_module->{$url} = preg_replace('|:80/*|', '/', $req_module->{$url}); } // dispatch module ob_start(); $module['html'] = $this->render_module($req_module->method, $req_module->name, $req_module->args, $params, $req_module->get_url, $req_module->ajax_url, $req_module->post_url, $req_module->param_prefix); // prefix for input parameters and textareas $errors = ob_get_contents(); ob_end_clean(); if (!empty($errors)) { $module['errors'] = $errors; } $modules[] = $module; } $response = array('modules' => $modules); header("Content-Type: application/x-javascript"); echo $json->encode($response); } catch (WidgetException $e) { echo $json->encode(array("error" => $e->getMessage())); } }
$login_uid = PA::$login_uid = @$_SESSION['user']['id']; $login_name = @$_SESSION['user']['name']; if (!$login_uid) { $login_user = PA::$login_user = NULL; } else { $login_user = PA::$login_user = new User(); try { PA::$login_user->load((int) $login_uid, 'user_id', TRUE); } catch (CNException $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } // update tracking stuff if (PA::$login_uid) { PA::$login_user->update_user_time_spent(); User::track_status(PA::$login_uid); } } // If a user is specified on the query string as an ID (uid=123) or // login name (login=phil), validate the id/name and load the user // object. if (!empty($_GET['uid'])) { $page_uid = PA::$page_uid = (int) $_GET['uid']; $page_user = PA::$page_user = new User(); PA::$page_user->load(PA::$page_uid); } elseif (!empty($_GET['login'])) {
} $redirect_url = PA_ROUTE_GROUP . "/gid={$gid}&action=join&GInvID={$group_invitation_id}"; } else { //else redirect registered user to its page. $redirect_url = PA_ROUTE_USER_PRIVATE . '/' . "msg_id=7014"; } // end of if group invitation is valid } else { $redirect_url = PA_ROUTE_USER_PRIVATE . '/' . "msg_id=7014"; } } header("Location: " . PA::$url . $redirect_url); exit; } else { register_session($newuser->login_name, $newuser->user_id, $newuser->role, $newuser->first_name, $newuser->last_name, $newuser->email, $newuser->picture); PA::$login_user = $newuser; PA::$login_uid = $newuser->user_id; if (isset($_GET['gid'])) { //if gid is available, redirect to group home page header("Location: " . PA::$url . PA_ROUTE_GROUP . "/gid=" . $_GET['gid']); exit; } if (isset($_GET['aid'])) { //if gid is available, redirect to group home page header("Location: " . PA::$url . "/network_announcement.php?aid=" . $_GET['aid']); exit; } if (isset($user->user_id)) { //if uid is set, then look for action if (isset($_GET['action']) && $_GET['action'] == 'user') { //redirect user to user's private page
function handle_request() { $json = new Services_JSON(); try { global $HTTP_RAW_POST_DATA; if (!@PA::$config->enable_widgetization_server) { $this->fail("Widget server is not enabled; you must set \\PA::{$config->enable_widgetization_server} = TRUE in local_config.php."); } if ($_SERVER['REQUEST_METHOD'] != 'POST') { $this->fail("This URL handles POST requests only"); } if ($_SERVER['CONTENT_TYPE'] != 'application/x-javascript') { $this->fail("Content-Type of application/x-javascript required"); } // Parse input $request = $json->decode($HTTP_RAW_POST_DATA); if ($request == NULL) { $this->fail("Null request"); } $this->global = $request->global; // Set up globals - network, user etc if (!empty($this->global->user)) { PA::$login_user = new ShadowUser($this->global->namespace); // see if we can load it already if (!PA::$login_user->load($this->global->user->user_id)) { // wasn't here before, so we create a shadow account PA::$login_user = ShadowUser::create($this->global->namespace, $this->global->user, PA::$network_info); } PA::$login_uid = PA::$login_user->user_id; } // This should probably be in config.inc. For the moment // we figure out the network based on the URL, as with the // rest of the system. PA::$network_info = get_network_info(); // Render modules $modules = array(); foreach ($request->modules as $req_module) { $module = array(); $module['id'] = $req_module->id; $module['name'] = $name = $req_module->name; $params = array(); foreach ($req_module->params as $k => $v) { $params[$k] = $v; } // dispatch module ob_start(); $module['html'] = $this->render_module($req_module->method, $req_module->name, $req_module->args, $params, $req_module->post_url, $req_module->param_prefix); // prefix for input parameters and textareas $errors = ob_get_contents(); ob_end_clean(); if (!empty($errors)) { $module['errors'] = $errors; } $modules[] = $module; } $response = array('modules' => $modules); header("Content-Type: application/x-javascript"); echo $json->encode($response); } catch (WidgetException $e) { echo $json->encode(array("error" => $e->getMessage())); } }