/** * renders the feedback messages into the view */ public function getFeedbackNegativeMessages() { // echo out the feedback messages (errors and success messages etc.), // they are in $_SESSION["feedback_positive"] and $_SESSION["feedback_negative"] // get the feedback (they are arrays, to make multiple positive/negative messages possible) $feedback_negative = Session::get(Session::SESSION_FEEDBACK_NEGATIVE); // delete these messages (as they are not needed anymore and we want to avoid to show them twice Session::set(Session::SESSION_FEEDBACK_NEGATIVE, null); return $feedback_negative; }
/** * The real login process: The user's data is written into the session. * Cheesy name, maybe rename. Also maybe refactoring this, using an array. * * @param $user_name * @param $user_name * @param $user_email * @param $user_account_type */ public static function setSuccessfulLoginIntoSession($user_name, $user_email, $user_account_type, $user_provider_type) { // Session::init(); Session::regenerateId(); Session::set(Session::SESSION_USER_NAME, $user_name); Session::set(Session::SESSION_USER_EMAIL, $user_email); Session::set(Session::SESSION_USER_ACCOUNT_TYPE, $user_account_type); Session::set(Session::SESSION_USER_PROVIDER_TYPE, $user_provider_type); // get and set avatars Session::set(Session::SESSION_USER_AVATAR_FILE, AvatarModel::getPublicUserAvatarFilePathByUserName($user_name)); Session::set(Session::SESSION_USER_GRAVATAR_IMAGE_URL, AvatarModel::getGravatarLinkByEmail($user_email)); // finally, set user as logged-in Session::set(Session::SESSION_USER_LOGGED_IN, true); // update session id in database Session::updateSessionId($user_name, session_id()); // set session cookie setting manually, // Why? because you need to explicitly set session expiry, path, domain, secure, and HTTP. // @see https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet#Cookies setcookie(session_name(), session_id(), time() + Config::get('session.runtime'), Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http')); \Slim\Slim::getInstance()->log->debug("Session name: " . session_name() . " id: " . session_id()); }
/** * Edit the user's email * * @param $new_user_email * * @return bool success status */ public static function editUserEmail($new_user_email) { // email provided ? if (empty($new_user_email)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_FIELD_EMPTY')); return false; } // check if new email is same like the old one if ($new_user_email == Session::getDecoded(Session::SESSION_USER_EMAIL)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE')); return false; } // user's email must be in valid email format, also checks the length // @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length // @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN')); return false; } // strip tags, just to be sure $new_user_email = substr(strip_tags($new_user_email), 0, 254); // check if user's email already exists if (self::doesEmailAlreadyExist($new_user_email)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN')); return false; } // write to database, if successful ... // ... then write new email to session, Gravatar too (as this relies to the user's email address) if (self::saveNewEmailAddress(Session::getDecoded(Session::SESSION_USER_NAME), $new_user_email)) { Session::set(Session::SESSION_USER_EMAIL, $new_user_email); Session::set(Session::SESSION_USER_GRAVATAR_IMAGE_URL, AvatarModel::getGravatarLinkByEmail($new_user_email)); Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL')); return true; } Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_UNKNOWN_ERROR')); return false; }
private static function loginFromJs2($fb_graph_user, $accessToken) { $fb_email = $fb_graph_user->getEmail(); IubarFattureApp::getInstance()->log->debug("Calling LoginModel::loginExternal()"); $login_successful = LoginModel::loginExternal($fb_email, UserModel::PROVIDER_TYPE_FB); // check login status: if true, then redirect user to user/index, if false, then to login form again if ($login_successful) { IubarFattureApp::getInstance()->log->debug("Login successfully"); if (self::FORCE_TOKEN_REFRESH_AFTER_LOGIN) { // Scambio l'access token con uno a lunga durata, lo salvo nel db e aggiorno l'oggeto Facebook. IubarFattureApp::getInstance()->log->debug("Exchange access short live token '" . $accessToken . "' for a long live one"); $accessToken = self::getExtendAccessToken($accessToken); // ask FB for a long-lived token IubarFattureApp::getInstance()->log->debug("New log live token: '" . $accessToken . "'"); Session::set(Session::FACEBOOK_ACCESS_TOKEN, (string) $accessToken); // qui il cast è obbligatorio perchè $accessToken è un oggetto } $scope = null; // TODO: $expire_date = null; // TODO: ExternalModel::writeAccessTokenToDb($fb_email, $accessToken, $scope, $expire_date, UserModel::PROVIDER_TYPE_FB); self::getFb()->setDefaultAccessToken($accessToken); $fb_id = $fb_graph_user->getId(); $fb_display = $fb_graph_user->getName(); $fb_pic_url = $fb_graph_user->getPicture()->getUrl(); Session::set(Session::FACEBOOK_DISPLAY_NAME, $fb_display); Session::set(Session::FACEBOOK_PICTURE, $fb_pic_url); Session::set(Session::FACEBOOK_ID, $fb_id); } return $login_successful; }
/** * Delete a user's avatar * * @param int $userName * @return bool success */ public static function deleteAvatar($userName) { if (!$userName) { //TODO: aggiungere altri eventuali controlli Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED")); return false; } // try to delete image, but still go on regardless of file deletion result self::deleteAvatarImageFile($userName); $dql = "UPDATE " . UserModel::TABLE_NAME . " u SET u.hasavatar = 0 WHERE u.username = '******'"; $numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute(); if ($numUpdated == 1) { Session::set(Session::SESSION_USER_AVATAR_FILE, self::getPublicUserAvatarFilePathByUserName($userName)); Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_SUCCESSFUL")); return true; } else { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED")); return false; } }