public function g()
{
session_start();
$data = array();
$loginClass = new Login();
$id = $loginClass->isLogged();
if ($id) {
$notif = new Notifications();
$notif->newNotification(2, 0);
} else {
$this->redirect('');
}
}
/**
* Logs in with the data provided in $_POST, coming from the login form
* @param $usuario_nombre_usuario
* @param $usuario_contrasena
* @param $usuario_recuerdame
*/
private function loginWithPostData($usuario_nombre_usuario, $usuario_contrasena, $usuario_recuerdame)
{
if (empty($usuario_nombre_usuario)) {
$this->errors[] = MESSAGE_USERNAME_EMPTY;
} else {
if (empty($usuario_contrasena)) {
$this->errors[] = MESSAGE_PASSWORD_EMPTY;
// if POST data (from login form) contains non-empty usuario_nombre_usuario and non-empty usuario_contrasena
} else {
// user can login with his username or his email address.
// if user has not typed a valid email address, we try to identify him with his usuario_nombre_usuario
if (!filter_var($usuario_nombre_usuario, FILTER_VALIDATE_EMAIL)) {
// database query, getting all the info of the selected user
$result_row = $this->getUserData(trim($usuario_nombre_usuario));
// if user has typed a valid email address, we try to identify him with his usuario_email
} else {
if ($this->databaseConnection()) {
// database query, getting all the info of the selected user
$query_user = $this->db_connection->prepare('SELECT * FROM wm_usuarios WHERE usuario_email = :usuario_email');
$query_user->bindValue(':usuario_email', trim($usuario_nombre_usuario), PDO::PARAM_STR);
$query_user->execute();
// get result row (as an object)
$result_row = $query_user->fetchObject();
}
}
// if this user not exists
if (!isset($result_row->usuario_id)) {
// was MESSAGE_USER_DOES_NOT_EXIST before, but has changed to MESSAGE_LOGIN_FAILED
// to prevent potential attackers showing if the user exists
$this->errors[] = MESSAGE_LOGIN_FAILED;
} else {
if ($result_row->usuario_login_fails >= 3 && $result_row->usuario_last_failed_login > time() - 30) {
$this->errors[] = MESSAGE_PASSWORD_WRONG_3_TIMES;
// using PHP 5.5's password_verify() function to check if the provided passwords fits to the hash of that user's password
} else {
if (!password_verify($usuario_contrasena, $result_row->usuario_contrasena)) {
// increment the failed login counter for that user
$sth = $this->db_connection->prepare('UPDATE wm_usuarios ' . 'SET usuario_login_fails = usuario_login_fails+1, usuario_last_failed_login = :usuario_last_failed_login ' . 'WHERE usuario_nombre_usuario = :usuario_nombre_usuario OR usuario_email = :usuario_nombre_usuario');
$sth->execute(array(':usuario_nombre_usuario' => $usuario_nombre_usuario, ':usuario_last_failed_login' => time()));
$this->errors[] = MESSAGE_PASSWORD_WRONG;
// has the user activated their account with the verification email
} else {
if ($result_row->usuario_active_ahora != 1) {
$this->errors[] = MESSAGE_ACCOUNT_NOT_ACTIVATED;
} else {
// write user data into PHP SESSION [a file on your server]
$_SESSION['usuario_id'] = $result_row->usuario_id;
$_SESSION['usuario_nombre_usuario'] = $result_row->usuario_nombre_usuario;
$_SESSION['usuario_email'] = $result_row->usuario_email;
$_SESSION['user_logged_in'] = 1;
// declare user id, set the login status to true
$this->usuario_id = $result_row->usuario_id;
$this->usuario_nombre_usuario = $result_row->usuario_nombre_usuario;
$this->usuario_email = $result_row->usuario_email;
$notifications = new Notifications();
echo $this->usuario_id;
$notifications->newNotification($this->usuario_id, "Login", "Te has loggeado con éxito!", date('Y-m-d'));
$this->user_is_logged_in = true;
// reset the failed login counter for that user
$sth = $this->db_connection->prepare('UPDATE wm_usuarios ' . 'SET usuario_login_fails = 0, usuario_last_failed_login = NULL ' . 'WHERE usuario_id = :usuario_id AND usuario_login_fails != 0');
$sth->execute(array(':usuario_id' => $result_row->usuario_id));
// if user has check the "remember me" checkbox, then generate token and write cookie
if (isset($usuario_recuerdame)) {
$this->newRememberMeCookie();
} else {
// Reset remember-me token
$this->deleteRememberMeCookie();
}
// OPTIONAL: recalculate the user's password hash
// DELETE this if-block if you like, it only exists to recalculate wm_usuarios's hashes when you provide a cost factor,
// by default the script will use a cost factor of 10 and never change it.
// check if the have defined a cost factor in config/hashing.php
if (defined('HASH_COST_FACTOR')) {
// check if the hash needs to be rehashed
if (password_needs_rehash($result_row->usuario_contrasena, PASSWORD_DEFAULT, array('cost' => HASH_COST_FACTOR))) {
// calculate new hash with new cost factor
$usuario_contrasena = password_hash($usuario_contrasena, PASSWORD_DEFAULT, array('cost' => HASH_COST_FACTOR));
// TODO: this should be put into another method !?
$query_update = $this->db_connection->prepare('UPDATE wm_usuarios SET usuario_contrasena = :usuario_contrasena WHERE usuario_id = :usuario_id');
$query_update->bindValue(':usuario_contrasena', $usuario_contrasena, PDO::PARAM_STR);
$query_update->bindValue(':usuario_id', $result_row->usuario_id, PDO::PARAM_INT);
$query_update->execute();
if ($query_update->rowCount() == 0) {
// writing new hash was successful. you should now output this to the user ;)
} else {
// writing new hash was NOT successful. you should now output this to the user ;)
}
}
}
}
}
}
}
}
}
}
public function newConcertPOST($verification_code)
{
$notifications = new Notifications();
$login = new ModelLogin();
if ($this->checkConcertExists($verification_code)) {
$query_new_concierto = DB::connect()->prepare("UPDATE `uqfhhbcn_whymusic`.`wm_concierto` SET `concierto_estado` = 'aceptado' WHERE `wm_concierto`.`concierto_verification` =:concierto_verification;");
$query_new_concierto->bindValue(':concierto_verification', $verification_code, PDO::PARAM_STR);
$query_new_concierto->execute();
if ($query_new_concierto) {
echo "El concierto se ha creado con exito";
$notifications->newNotification($login->getUserId(), "Concierto", "El concierto se ha creado con exito!", date('Y-m-d'));
ROUTER::redirect_to_action("demo/index", 2);
} else {
echo "Algo ha salido mal, vuelve a intentar lo más tarde";
}
} else {
echo "El código de verificación no existe";
}
}
