/**
* Gets the user's avatar file path
* @param string $userName
* @return string avatar picture path
*/
public static function getPublicUserAvatarFilePathByUserName($userName)
{
$user = UserModel::getByUsername($userName);
if ($user && $user->getHasavatar()) {
return Config::get('app.baseurl') . Config::get('avatar.path.public') . $this->getIdForImage($user_name) . '.jpg';
}
return Config::get('app.baseurl') . Config::get('avatar.path.public') . Config::get('avatar.default');
}
/**
* Handles the entire registration process for DEFAULT users (not for people who register with
* 3rd party services, like facebook) and creates a new user in the database if everything is fine
*
* @return boolean Gives back the success status of the registration
*/
public static function registerNewUser($user_name, $user_email, $user_email_repeat, $user_password_new, $user_password_repeat, $captcha, $provider_type)
{
$user_password_hash = null;
$user_activation_hash = null;
\Slim\Slim::getInstance()->log->debug("This is registerNewUser()");
if (self::isDefaultProvider($provider_type)) {
// stop registration flow if registrationInputValidation() returns false (= anything breaks the input check rules)
$validation_result = self::registrationInputValidation($user_name, $user_password_new, $user_password_repeat, $user_email, $user_email_repeat, $captcha);
if (!$validation_result) {
\Slim\Slim::getInstance()->log->debug("ERROR: registrationInputValidation() failed");
return false;
}
\Slim\Slim::getInstance()->log->debug("OK: registrationInputValidation() returns true");
// crypt the password with the PHP 5.5's password_hash() function, results in a 60 character hash string.
// @see php.net/manual/en/function.password-hash.php for more, especially for potential options
$user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT);
\Slim\Slim::getInstance()->log->debug("\$user_password_hash: " . $user_password_hash);
if (\Slim\Slim::getInstance()->config('auth.email.verification.enabled')) {
// generate random hash for email verification (40 char string)
$user_activation_hash = sha1(uniqid(mt_rand(), true));
}
}
// check if username already exists
if (User::getByUsername($user_name) !== null) {
\Slim\Slim::getInstance()->log->debug("Error: Username non disponibile");
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USERNAME_ALREADY_TAKEN'));
return false;
}
\Slim\Slim::getInstance()->log->debug("OK: username doesn't exists");
// check if email already exists
if (User::getByEmail($user_email) !== null) {
\Slim\Slim::getInstance()->log->debug('Email in uso');
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
return false;
}
\Slim\Slim::getInstance()->log->debug("OK: email doesn't exists");
// write user data to database
if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, $user_activation_hash, $provider_type)) {
\Slim\Slim::getInstance()->log->debug('Registrazione fallita');
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED'));
return false;
}
\Slim\Slim::getInstance()->log->debug("OK: writeNewUserToDatabase() returns true");
$user = User::getByEmail($user_email);
// get user_id of the user that has been created
if (!$user) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_UNKNOWN_ERROR'));
return false;
}
if (self::isDefaultProvider($provider_type) && \Slim\Slim::getInstance()->config('auth.email.verification.enabled')) {
// send verification email
if (self::sendVerificationEmail($user_name, $user_email, $user_activation_hash)) {
\Slim\Slim::getInstance()->log->debug("OK: verification email sent to " . $user_email);
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED'));
return true;
}
\Slim\Slim::getInstance()->log->debug("ERROR: sending verification email to " . $user_email . " failed");
// if verification email sending failed: instantly delete the user
self::rollbackRegistrationByUsername($user_name);
\Slim\Slim::getInstance()->log->debug("NOTICE: rollbackRegistrationByUsername()");
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_FAILED'));
return false;
} else {
if (self::sendWelcomeEmail($user_name, $user_email)) {
return true;
}
\Slim\Slim::getInstance()->log->debug("ERROR: sending welcome email to " . $user_email . " failed");
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_WELCOME_MAIL_SENDING_FAILED'));
return false;
}
return false;
}
/**
* Deletes the cookie
* It's necessary to split deleteCookie() and logout() as cookies are deleted without logging out too!
* Sets the remember-me-cookie to ten years ago (3600sec * 24 hours * 365 days * 10).
* that's obviously the best practice to kill a cookie @see http://stackoverflow.com/a/686166/1114320
*/
public static function deleteCookie($user_name = null)
{
// is $user_name was set, then clear remember_me token in database
if ($user_name) {
$user_name = Filter::html_entity_invert($user_name);
$user = UserModel::getByUsername($user_name);
$user->setRemembermetoken(NULL);
$em = DbResource::getEntityManager();
$em->persist($user);
$em->flush();
}
// delete remember_me cookie in browser
setcookie(self::COOKIE_REMEMBER_ME, false, time() - 3600 * 24 * 3650, Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http'));
}
private static function getUserOrRegister($fb_graph_user)
{
$fb_id = $fb_graph_user->getId();
$user = UserModel::getByUsername($fb_id);
if (!$user) {
$continue = self::registerOrMergeNewUserDefault($fb_graph_user);
if ($continue) {
// After the creation I fetch the user from the db
$user = UserModel::getByUsername($fb_id);
}
}
return $user;
}
/**
* Validates current and new passwords
*
* @param string $user_name
* @param string $user_password_current
* @param string $user_password_new
* @param string $user_password_repeat
*
* @return bool
*/
public static function validatePasswordChange($user_name, $user_password_current, $user_password_new, $user_password_repeat)
{
$user = UserModel::getByUsername($user_name);
if ($user) {
$user_password_hash = $user->getPwdhash();
} else {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_DOES_NOT_EXIST'));
return false;
}
if (!password_verify($user_password_current, $user_password_hash)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_CURRENT_INCORRECT'));
return false;
} else {
if (empty($user_password_new) || empty($user_password_repeat)) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY'));
return false;
} else {
if ($user_password_new !== $user_password_repeat) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG'));
return false;
} else {
if (strlen($user_password_new) < 6) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
return false;
} else {
if ($user_password_current == $user_password_new) {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_NEW_SAME_AS_CURRENT'));
return false;
}
}
}
}
}
return true;
}
