/**
* This static method returns a valid CurrentUser object if there is one
* in the cookie that is not timed out. The session-ID is updated if
* necessary. The CurrentUser will be removed from the session, if it is
* timed out. If there is no valid CurrentUser in the cookie or the
* cookie is timed out, null will be returned. If the cookie is correct,
* but there is no user found in the user table, false will be returned.
* On success, a valid CurrentUser object is returned
*
* @static
* @param PMF_Configuration $config
*
* @return null|PMF_User_CurrentUser
*/
public static function getFromCookie(PMF_Configuration $config)
{
if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser($config);
$user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
if (-1 === $user->getUserId()) {
return null;
}
// sessionId and cookie information needs to be updated
if ($user->sessionIdIsTimedOut()) {
$user->updateSessionId();
$user->setRememberMe(sha1(session_id()));
}
// user is now logged in
$user->_loggedIn = true;
// save current user to session and return the instance
$user->saveToSession();
return $user;
}
/**
* This static method returns a valid CurrentUser object if there is one
* in the cookie that is not timed out. The session-ID is updated then.
* The CurrentUser will be removed from the session, if it is
* timed out. If there is no valid CurrentUser in the cookie or the
* cookie is timed out, null will be returned. If the cookie is correct,
* but there is no user found in the user table, false will be returned.
* On success, a valid CurrentUser object is returned
*
* @static
*
* @param PMF_Configuration $config
*
* @return null|PMF_User_CurrentUser
*/
public static function getFromCookie(PMF_Configuration $config)
{
if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser($config);
$user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
if (-1 === $user->getUserId()) {
return null;
}
// sessionId needs to be updated
$user->updateSessionId(true);
// user is now logged in
$user->_loggedIn = true;
// save current user to session and return the instance
$user->saveToSession();
// add CSRF token to session
$user->saveCrsfTokenToSession();
return $user;
}
/**
* This static method returns a valid CurrentUser object if
* there is one in the session that is not timed out.
* If the the optional parameter ip_check is true, the current
* user must have the same ip which is stored in the user table
* The session-ID is updated if necessary. The CurrentUser
* will be removed from the session, if it is timed out. If
* there is no valid CurrentUser in the session or the session
* is timed out, null will be returned. If the session data is
* correct, but there is no user found in the user table, false
* will be returned. On success, a valid CurrentUser object is
* returned.
*
* @param boolean $ip_check Check th IP address
* @return mixed
*/
public static function getFromSession($ip_check = false)
{
// there is no valid user object in session
if (!isset($_SESSION[PMF_SESSION_CURRENT_USER]) || !isset($_SESSION[PMF_SESSION_ID_TIMESTAMP])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser();
$user->getUserById($_SESSION[PMF_SESSION_CURRENT_USER]);
// user object is timed out
if ($user->sessionIsTimedOut()) {
$user->deleteFromSession();
return null;
}
// session-id not found in user table
$session_info = $user->getSessionInfo();
$session_id = isset($session_info['session_id']) ? $session_info['session_id'] : '';
if ($session_id == '' || $session_id != session_id()) {
return false;
}
// check ip
if ($ip_check and $session_info['ip'] != $_SERVER['REMOTE_ADDR']) {
return false;
}
// session-id needs to be updated
if ($user->sessionIdIsTimedOut()) {
$user->updateSessionId();
}
// user is now logged in
$user->logged_in = true;
// save current user to session and return the instance
$user->saveToSession();
return $user;
}
