Пример #1
0
 /**
  * Clear user data
  *
  * @param  array $post
  * @return void
  */
 public function clear(array $post)
 {
     if (isset($post['user_id'])) {
         $session = Table\UserSessionData::findById((int) $post['user_id']);
         if (isset($session->user_id)) {
             if (isset($post['clear_logins'])) {
                 $session->logins = null;
                 $session->total_logins = 0;
             }
             if (isset($post['clear_failed_attempts'])) {
                 $session->failed_attempts = 0;
             }
             $session->save();
         }
     }
 }
Пример #2
0
 /**
  * Login and track session
  *
  * @param  AbstractController $controller
  * @param  Application        $application
  * @return void
  */
 public static function login(AbstractController $controller, Application $application)
 {
     $sess = $application->getService('session');
     $userUri = APP_URI;
     $key = 'user';
     if (isset($sess->member) && $application->isRegistered('phire-members')) {
         $key = 'member';
         $memberAdmin = new \Phire\Members\Model\MembersAdmin();
         $memberAdmin->getByRoleId($sess->member->role_id);
         if (isset($memberAdmin->uri)) {
             $userUri = $memberAdmin->uri;
         }
     }
     $path = BASE_PATH . $userUri;
     if ($path == '') {
         $path = '/';
     }
     $cookie = Cookie::getInstance(['path' => $path]);
     $cookie->delete('phire_session_timeout');
     $cookie->delete('phire_session_path');
     // If login, validate and start new session
     if ($controller->request()->isPost() && substr($controller->request()->getRequestUri(), -6) == '/login') {
         // If the user successfully logged in
         if (isset($sess[$key])) {
             $config = Table\UserSessionConfig::findById($sess[$key]->role_id);
             $data = Table\UserSessionData::findById($sess[$key]->id);
             if (isset($config->role_id)) {
                 if (!self::validate($config, $sess[$key], $data)) {
                     if (isset($data->user_id)) {
                         $data->failed_attempts++;
                         $data->save();
                     } else {
                         $data = new Table\UserSessionData(['user_id' => $sess[$key]->id, 'logins' => null, 'failed_attempts' => 1]);
                         $data->save();
                     }
                     if (isset($config->role_id) && (int) $config->log_type > 0 && null !== $config->log_emails) {
                         self::log($config, $sess[$key], false);
                     }
                     $sess->kill();
                     Response::redirect(BASE_PATH . $userUri . '/login?failed=' . $data->failed_attempts);
                     exit;
                 } else {
                     if (isset($data->user_id)) {
                         $limit = (int) $application->module('phire-sessions')['login_limit'];
                         $logins = unserialize($data->logins);
                         if ($limit > 0 && count($logins) >= $limit) {
                             reset($logins);
                             unset($logins[key($logins)]);
                         }
                         $logins[time()] = ['ua' => $_SERVER['HTTP_USER_AGENT'], 'ip' => $_SERVER['REMOTE_ADDR']];
                         $data->total_logins++;
                         $data->failed_attempts = 0;
                         $data->logins = serialize($logins);
                         $data->save();
                     } else {
                         $data = new Table\UserSessionData(['user_id' => $sess[$key]->id, 'logins' => serialize([time() => ['ua' => $_SERVER['HTTP_USER_AGENT'], 'ip' => $_SERVER['REMOTE_ADDR']]]), 'total_logins' => 1, 'failed_attempts' => 0]);
                         $data->save();
                     }
                 }
                 $expire = (int) $config->session_expiration > 0 ? (int) $config->session_expiration : null;
                 $timeout = (int) $config->timeout_warning;
             } else {
                 $expire = null;
                 $timeout = false;
             }
             $lastLogin = null;
             $lastIp = null;
             // Check for the last login
             $data = Table\UserSessionData::findById($sess[$key]->id);
             if (isset($data->user_id)) {
                 $logins = null !== $data->logins ? unserialize($data->logins) : [];
                 if (count($logins) > 1) {
                     $keys = array_keys($logins);
                     $timestamp = isset($keys[count($keys) - 2]) ? $keys[count($keys) - 2] : null;
                     if (null !== $timestamp && isset($logins[$timestamp])) {
                         $lastLogin = $timestamp;
                         $lastIp = $logins[$timestamp]['ip'];
                     }
                 }
             }
             // Clear old sessions
             $clear = (int) $application->module('phire-sessions')['clear_sessions'];
             if ($clear > 0) {
                 $clear = time() - $clear;
                 $sql = Table\UserSessions::sql();
                 $sql->delete()->where(['start <= :start']);
                 Table\UserSessions::execute((string) $sql, ['start' => $clear]);
             }
             $session = new Table\UserSessions(['user_id' => $sess[$key]->id, 'ip' => $_SERVER['REMOTE_ADDR'], 'ua' => $_SERVER['HTTP_USER_AGENT'], 'start' => time()]);
             $session->save();
             $sess[$key]->session = new \ArrayObject(['id' => $session->id, 'start' => $session->start, 'last' => $session->start, 'expire' => $expire, 'timeout' => $timeout, 'last_login' => $lastLogin, 'last_ip' => $lastIp], \ArrayObject::ARRAY_AS_PROPS);
             if (isset($config->role_id) && (int) $config->log_type > 0 && null !== $config->log_emails) {
                 self::log($config, $sess[$key], true);
             }
             // Else, if the user login failed
         } else {
             if (null !== $controller->view()->form && $controller->view()->form !== false && null !== $controller->view()->form->username) {
                 $user = \Phire\Table\Users::findBy(['username' => $controller->view()->form->username]);
                 $config = Table\UserSessionConfig::findById($user->role_id);
                 if (isset($user->id)) {
                     $data = Table\UserSessionData::findById($user->id);
                     if (isset($data->user_id)) {
                         $data->failed_attempts++;
                         $data->save();
                     } else {
                         $data = new Table\UserSessionData(['user_id' => $user->id, 'logins' => null, 'failed_attempts' => 1]);
                         $data->save();
                     }
                     if (isset($config->role_id) && (int) $config->log_type > 0 && null !== $config->log_emails) {
                         self::log($config, $user, false);
                     }
                 }
             }
         }
         // Check existing session
     } else {
         if (isset($sess[$key]) && isset($sess[$key]->session)) {
             if (!isset(Table\UserSessions::findById((int) $sess[$key]->session->id)->id) || null !== $sess[$key]->session->expire && time() - $sess[$key]->session->last >= $sess[$key]->session->expire) {
                 $session = Table\UserSessions::findById((int) $sess[$key]->session->id);
                 if (isset($session->id)) {
                     $session->delete();
                 }
                 $sess->kill();
                 Response::redirect(BASE_PATH . $userUri . '/login?expired=1');
                 exit;
             } else {
                 if ($sess[$key]->session->timeout && null !== $sess[$key]->session->expire) {
                     $cookie->set('phire_session_timeout', $sess[$key]->session->expire - 30);
                     $cookie->set('phire_session_path', BASE_PATH . $userUri);
                 }
                 $sess[$key]->session->last = time();
             }
         }
     }
 }