/**
* Verify user after activation mail link opened
* @param string $ua_verification_code user's activation verification token
*/
public function getVerify($ua_verification_code)
{
$this->app->log->debug(get_class($this) . '->getVerify()');
$user_name = Encryption::decrypt($this->app->request->get("user_name"));
if (isset($user_name) && isset($ua_verification_code)) {
$success = RegistrationModel::verifyNewUser($user_name, $ua_verification_code);
if ($success) {
// TODO: valutare se inviare mail di benvenuto all'utente
}
$this->app->render($this->app->config('app.templates.path') . '/login/verify.twig', array('feedback_positive' => $this->getFeedbackPositiveMessages(), 'feedback_negative' => $this->getFeedbackNegativeMessages()));
} else {
$this->app->redirect($this->app->config('app.baseurl') . '/login');
}
}
/**
* Sends the verification email (to confirm the account).
* The construction of the mail $body looks weird at first, but it's really just a simple string.
*
* @param string $user_name
* @param string $user_email user's email
* @param string $user_activation_hash user's mail verification hash string
*
* @return boolean gives back true if mail has been sent, gives back false if no mail could been sent
*/
private static function sendVerificationEmail($user_name, $user_email, $user_activation_hash)
{
$app = \Slim\Slim::getInstance();
$url = $app->config('app.baseurl') . '/' . Config::get('email.verification.url') . '/' . urlencode($user_activation_hash) . "?user_name=" . urlencode(Encryption::encrypt($user_name));
$subject = Config::get('email.verification.subject');
$body = Config::get('email.verification.content') . ' <a href="' . $url . '">' . $url . '</a>';
$mail = new \Iubar\Login\Core\EmailSender();
$mail->setTo($user_email);
$mail->setSubject($subject);
$mail->setBodyHtml($body);
$mail_sent = $mail->go(true);
if ($mail_sent) {
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_SUCCESSFUL'));
return true;
} else {
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_ERROR'));
return false;
}
}
/**
* Write remember-me token into database and into cookie
* Maybe splitting this into database and cookie part ?
*
* @param $user_name string
*/
public static function setRememberMeInDatabaseAndCookie($user_name)
{
$user = UserModel::getByUsername($user_name);
// generate 64 char random string
$random_token_string = hash('sha256', mt_rand());
// write that token into database
$user->setRemembermetoken($random_token_string);
$em = DbResource::getEntityManager();
$em->persist($user);
$em->flush();
// generate cookie string that consists of user id, random string and combined hash of both
// never expose the original user id, instead, encrypt it.
$cookie_string_first_part = Encryption::encrypt($user_name) . ':' . $random_token_string;
$cookie_string_hash = hash('sha256', $user_name . ':' . $random_token_string);
$cookie_string = $cookie_string_first_part . ':' . $cookie_string_hash;
// set cookie, and make it available only for the domain created on (to avoid XSS attacks, where the
// attacker could steal your remember-me cookie string and would login itself).
// If you are using HTTPS, then you should set the "secure" flag (the second one from right) to true, too.
// @see http://www.php.net/manual/en/function.setcookie.php
setcookie(self::COOKIE_REMEMBER_ME, $cookie_string, time() + Config::get('cookie.runtime'), Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http'));
}
/**
* Send the password reset mail
*
* @param string $user_name username
* @param string $user_password_reset_hash password reset hash
* @param string $user_email user email
*
* @return bool success status
*/
public static function sendPasswordResetMail($user_name, $user_password_reset_hash, $user_email)
{
// create email body
$app = \Slim\Slim::getInstance();
$url = $app->config('app.baseurl') . '/' . Config::get('email.pwdreset.url') . '/' . urlencode($user_password_reset_hash) . "?user_name=" . urlencode(Encryption::encrypt($user_name));
$subject = Config::get('email.pwdreset.subject');
$body = Config::get('email.pwdreset.content') . ' <a href="' . $url . '">' . $url . '</a>';
// create instance of EmailSender class, try sending and check
$mail = new \Application\Core\EmailSender();
$mail->setTo($user_email);
$mail->setSubject($subject);
$mail->setBodyHtml($body);
$mail_sent = $mail->go(true);
if ($mail_sent) {
Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_PASSWORD_RESET_MAIL_SENDING_SUCCESSFUL'));
return true;
}
Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_RESET_MAIL_SENDING_ERROR'));
return false;
}
/**
* Verify the verification token of that user (to show the user the password editing view or not)
* @param string $user_name username
* @param string $verification_code password reset verification token
*/
public function getVerifyPasswordReset($verification_code)
{
$this->app->log->debug(get_class($this) . '->getVerifyPasswordReset()');
// check if this the provided verification code fits the user's verification code
$user_name = Encryption::decrypt($this->app->request->get("user_name"));
if (PasswordResetModel::verifyPasswordReset($user_name, $verification_code)) {
$this->app->render($this->app->config('app.templates.path') . '/login/password-reset.twig', array('user_name' => $user_name, 'user_password_reset_hash' => $verification_code, 'feedback_positive' => $this->getFeedbackPositiveMessages(), 'feedback_negative' => $this->getFeedbackNegativeMessages()));
} else {
$this->redirectToLogin();
}
}