private function getUser()
{
$_query = "SELECT * FROM users WHERE email = '" . $this->get('login_form_username') . "' AND application='" . $this->applicationName() . "' LIMIT 1";
$_obj = new \PAJ\Library\DB\MYSQL\Query($_query, false, $this->get('dbname'));
if ($_obj->get('queryresult')) {
$this->set('db_userdata', $_obj->get('queryresult'));
unset($_obj);
return true;
} else {
unset($_obj);
return false;
}
}
protected function setLastActive()
{
// init
$this->set('success', false);
$this->set('errormessage', 'Invalid session.');
$_userID = false;
if (isset($_SESSION['userid'])) {
$_userID = $_SESSION['userid'];
}
if ($_userID) {
// query VARS
$_numRows = 0;
$_queryResult = false;
$_insert = true;
$_cacheNameSpace = false;
$_incrementCacheNameSpace = false;
$_dbnames = $this->get('dbnames');
$_dbtables = $this->get('dbtables');
$_dbcolumns = $this->get('dbcolumns');
$_dbnames = explode(',', $_dbnames);
$_dbtables = explode(',', $_dbtables);
$_dbcolumns = explode(',', $_dbcolumns);
foreach ($_dbnames as $_key => $_dbname) {
$_query = 'UPDATE ' . $_dbtables[$_key] . ' SET timeStamp=NOW() WHERE ' . $_dbcolumns[$_key] . '="' . $_userID . '"';
$_obj = new \PAJ\Library\DB\MYSQL\Query($_query, $_insert, $_dbname, $_cacheNameSpace, $_incrementCacheNameSpace);
$_queryResult = $_obj->get('queryresult');
unset($_obj);
}
if ($_queryResult) {
$this->set('success', true);
$this->set('output', array('setLastActive' => true, 'output' => 'Session lastactive timestamp updated.'));
} else {
$this->set('errormessage', 'Error updating database with last active timestamp.');
}
}
}
/**
* DBValidateUserEmail function.
* @what - validate an email address with the DB
* @access private
* @param mixed $_userEmail
* @return void
*/
protected function DBValidateUserEmail($_userEmail)
{
$_query = "SELECT * FROM users WHERE email = '" . $_userEmail . "' LIMIT 1";
$_obj = new \PAJ\Library\DB\MYSQL\Query($_query, false, $this->get('dbname'));
$_DBData = $_obj->get('queryresult');
unset($_obj);
if ($_DBData) {
// check if account is activated
//
$_accountActivated = $_DBData['activated'];
$_accountType = $_DBData['accounttype'];
if ($_accountActivated and $_accountType === 'local') {
$this->set('userid', $_DBData['userid']);
return true;
// account validated with user email
}
return false;
} else {
// no records found
return false;
}
}
/**
* DBPasswordResetTokenDelete function.
* @what - delete the reset token from the database after it has been used
* @access public
* @param mixed $_token
* @param mixed $_userID
* @return void
*/
public function DBPasswordResetTokenDelete($_token, $_userID)
{
$_queryResult = false;
$_numRows = 0;
$_queryResult = false;
$_insert = true;
$_cacheNameSpace = false;
$_DBName = $this->get('dbname');
$_incrementCacheNameSpace = false;
// delete just the current request and token OR -->>
//$_query="DELETE FROM passwordresetrequests WHERE (userid='".$_userID."' AND token='". $_token. "')";
// delete all requests from this user after a succesful change - more secure???
$_query = "DELETE FROM passwordresetrequests WHERE (userid='" . $_userID . "')";
$_obj = new \PAJ\Library\DB\MYSQL\Query($_query, $_insert, $_DBName, $_cacheNameSpace, $_incrementCacheNameSpace);
$_queryResult = $_obj->get('queryresult');
unset($_obj);
return $_queryResult;
}
/**
* DBPasswordResetRequestsInsert function.
* @what - insert a password reset request entry in the database
* @access private
* @param mixed $_userID
* @param mixed $_userEmail
* @param mixed $_token
* @return void
*/
private function DBPasswordResetRequestsInsert($_userID, $_userEmail, $_token)
{
$_numRows = 0;
// init numrows
$_queryResult = false;
// init queryresult
$_insert = true;
// insert query true/false
$_cacheNameSpace = false;
// namespace true, use app namespace false
$_dbName = $this->get('dbname');
// database name
$_incrementCacheNameSpace = false;
// cache increment BOO
$_query = "INSERT INTO passwordresetrequests (userid, email, token, ip) VALUES ('" . $_userID . "', '" . $_userEmail . "', '" . $_token . "', '" . $_SERVER['REMOTE_ADDR'] . "')";
$_obj = new \PAJ\Library\DB\MYSQL\Query($_query, $_insert, $_dbName, $_cacheNameSpace, $_incrementCacheNameSpace);
if (!$_obj->get('queryresult')) {
throw new \Exception('Query failed: ' . $_query);
}
unset($_obj);
}
