private function _process_cookie($cookie) { if (PA_Login::$once_only) { PA_Login::$once_only = 0; } else { die("PA_Login::process_cookie() called more than once in a page - this is not allowed."); } // parse and validate cookie $user_id = $this->login_cookie->parse_cookie($cookie); if (empty($user_id)) { PA_Login::_unset_cookie(); return; // invalid } // success - log in PA_Login::log_in($user_id, true, "cookie"); }
public function getCurrentUser() { global $page_uid, $page_user, $login_uid, $login_name, $login_user; require_once "api/User/User.php"; session_start(); PA::$login_uid = NULL; PA::$login_user = NULL; $login_uid = NULL; $login_name = NULL; $login_user = NULL; $this->CurrUser = isset($_SESSION['user']) ? $_SESSION['user'] : null; // Check if an authToken variable in GET and use it if available $authToken = isset($_GET['authToken']) ? $_GET['authToken'] : null; if ($authToken) { try { $user = new User(); $user = $this->getUserFromAuthToken($authToken); if ($user && $user->user_id) { // User is valid so log_in the user // Since we know that AuthToken was passed into the URL, we can assume this // user was redirected here from a partner web site. We need to log in the user // as if they logged in through the normal PeopleAggregator login form: // (ie. set all session variables just as if dologin.php was called). $referer = "external site"; if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; } $pal = new PA_Login(); $pal->log_in($user->user_id, false, $referer); // Set authToken as a session variable so that it can be accessed anywhere $_SESSION['authToken'] = $authToken; } } catch (Exception $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED, USER_TOKEN_INVALID, USER_TOKEN_EXPIRED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } } if ($this->CurrUser) { try { $user = new User(); $user->load((int) $this->CurrUser['id'], "user_id", TRUE); } catch (Exception $e) { if (!in_array($e->getCode(), array(USER_NOT_FOUND, USER_ALREADY_DELETED))) { throw $e; } // The currently logged-in user has been deleted; invalidate the session. session_destroy(); session_start(); $login_uid = PA::$login_uid = $login_name = $login_user = PA::$login_user = NULL; } } if (isset($user) && $user) { // if the user variable is set if ($user->user_id) { $login_name = $this->CurrUser['name']; PA::$login_user = $login_user = $user; PA::$login_uid = $login_uid = $user->user_id; } if (PA::$login_uid) { PA::$login_user->update_user_time_spent(); User::track_status(PA::$login_uid); } } // If a user is specified on the query string as an ID (uid=123) or // login name (login=phil), validate the id/name and load the user // object. if (!empty($_GET['uid'])) { $page_uid = PA::$page_uid = (int) $_GET['uid']; $page_user = PA::$page_user = new User(); PA::$page_user->load(PA::$page_uid); } else { if (!empty($_GET['login'])) { $page_user = PA::$page_user = new User(); if (is_numeric($_GET['login'])) { PA::$page_user->load((int) $_GET['login']); } else { PA::$page_user->load($_GET['login']); } $page_uid = PA::$page_uid = PA::$page_user->user_id; } else { $page_uid = PA::$page_uid = $page_user = PA::$page_user = NULL; } } // Copy PA::$page_* into PA::$* if present, otherwise use PA::$login_*. if (PA::$page_uid) { $uid = PA::$uid = PA::$page_uid; $user = PA::$user = PA::$page_user; } else { $uid = PA::$uid = PA::$login_uid; $user = PA::$user = PA::$login_user; } session_commit(); }
header("Location:{$location}"); exit; } // username and password supplied - attempt to authenticate try { $u = User::authenticate_user($username, $password); } catch (CNException $e) { $msg = "Error: {$e->message}"; $error = TRUE; $u = FALSE; } if ($u > 0) { // if authetication succeeded $pal = new PA_Login(); $remember_me = isset($_POST['remember']) && $_POST['remember'] == 1; $pal->log_in($u, $remember_me, "password"); // verify token if (!empty($token)) { // if token isn't empty try { $token_arr = authenticate_invitation_token($token); } catch (CNException $e) { $token_arr[1] = "{$e->message}"; } } // if token is empty if (empty($token)) { $location = PA::$after_login_page; } else { if ($token_arr[0] == TRUE && $token_arr[1] == $_SESSION['user']['email']) { if ($invitation_id) {