/** * Gets the user's avatar file path * @param string $userName * @return string avatar picture path */ public static function getPublicUserAvatarFilePathByUserName($userName) { $user = UserModel::getByUsername($userName); if ($user && $user->getHasavatar()) { return Config::get('app.baseurl') . Config::get('avatar.path.public') . $this->getIdForImage($user_name) . '.jpg'; } return Config::get('app.baseurl') . Config::get('avatar.path.public') . Config::get('avatar.default'); }
/** * Handles the entire registration process for DEFAULT users (not for people who register with * 3rd party services, like facebook) and creates a new user in the database if everything is fine * * @return boolean Gives back the success status of the registration */ public static function registerNewUser($user_name, $user_email, $user_email_repeat, $user_password_new, $user_password_repeat, $captcha, $provider_type) { $user_password_hash = null; $user_activation_hash = null; \Slim\Slim::getInstance()->log->debug("This is registerNewUser()"); if (self::isDefaultProvider($provider_type)) { // stop registration flow if registrationInputValidation() returns false (= anything breaks the input check rules) $validation_result = self::registrationInputValidation($user_name, $user_password_new, $user_password_repeat, $user_email, $user_email_repeat, $captcha); if (!$validation_result) { \Slim\Slim::getInstance()->log->debug("ERROR: registrationInputValidation() failed"); return false; } \Slim\Slim::getInstance()->log->debug("OK: registrationInputValidation() returns true"); // crypt the password with the PHP 5.5's password_hash() function, results in a 60 character hash string. // @see php.net/manual/en/function.password-hash.php for more, especially for potential options $user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT); \Slim\Slim::getInstance()->log->debug("\$user_password_hash: " . $user_password_hash); if (\Slim\Slim::getInstance()->config('auth.email.verification.enabled')) { // generate random hash for email verification (40 char string) $user_activation_hash = sha1(uniqid(mt_rand(), true)); } } // check if username already exists if (User::getByUsername($user_name) !== null) { \Slim\Slim::getInstance()->log->debug("Error: Username non disponibile"); Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USERNAME_ALREADY_TAKEN')); return false; } \Slim\Slim::getInstance()->log->debug("OK: username doesn't exists"); // check if email already exists if (User::getByEmail($user_email) !== null) { \Slim\Slim::getInstance()->log->debug('Email in uso'); Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN')); return false; } \Slim\Slim::getInstance()->log->debug("OK: email doesn't exists"); // write user data to database if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, $user_activation_hash, $provider_type)) { \Slim\Slim::getInstance()->log->debug('Registrazione fallita'); Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED')); return false; } \Slim\Slim::getInstance()->log->debug("OK: writeNewUserToDatabase() returns true"); $user = User::getByEmail($user_email); // get user_id of the user that has been created if (!$user) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_UNKNOWN_ERROR')); return false; } if (self::isDefaultProvider($provider_type) && \Slim\Slim::getInstance()->config('auth.email.verification.enabled')) { // send verification email if (self::sendVerificationEmail($user_name, $user_email, $user_activation_hash)) { \Slim\Slim::getInstance()->log->debug("OK: verification email sent to " . $user_email); Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED')); return true; } \Slim\Slim::getInstance()->log->debug("ERROR: sending verification email to " . $user_email . " failed"); // if verification email sending failed: instantly delete the user self::rollbackRegistrationByUsername($user_name); \Slim\Slim::getInstance()->log->debug("NOTICE: rollbackRegistrationByUsername()"); Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_FAILED')); return false; } else { if (self::sendWelcomeEmail($user_name, $user_email)) { return true; } \Slim\Slim::getInstance()->log->debug("ERROR: sending welcome email to " . $user_email . " failed"); Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_WELCOME_MAIL_SENDING_FAILED')); return false; } return false; }
/** * Deletes the cookie * It's necessary to split deleteCookie() and logout() as cookies are deleted without logging out too! * Sets the remember-me-cookie to ten years ago (3600sec * 24 hours * 365 days * 10). * that's obviously the best practice to kill a cookie @see http://stackoverflow.com/a/686166/1114320 */ public static function deleteCookie($user_name = null) { // is $user_name was set, then clear remember_me token in database if ($user_name) { $user_name = Filter::html_entity_invert($user_name); $user = UserModel::getByUsername($user_name); $user->setRemembermetoken(NULL); $em = DbResource::getEntityManager(); $em->persist($user); $em->flush(); } // delete remember_me cookie in browser setcookie(self::COOKIE_REMEMBER_ME, false, time() - 3600 * 24 * 3650, Config::get('cookie.path'), Config::get('cookie.domain'), Config::get('cookie.secure'), Config::get('cookie.http')); }
private static function getUserOrRegister($fb_graph_user) { $fb_id = $fb_graph_user->getId(); $user = UserModel::getByUsername($fb_id); if (!$user) { $continue = self::registerOrMergeNewUserDefault($fb_graph_user); if ($continue) { // After the creation I fetch the user from the db $user = UserModel::getByUsername($fb_id); } } return $user; }
/** * Validates current and new passwords * * @param string $user_name * @param string $user_password_current * @param string $user_password_new * @param string $user_password_repeat * * @return bool */ public static function validatePasswordChange($user_name, $user_password_current, $user_password_new, $user_password_repeat) { $user = UserModel::getByUsername($user_name); if ($user) { $user_password_hash = $user->getPwdhash(); } else { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_DOES_NOT_EXIST')); return false; } if (!password_verify($user_password_current, $user_password_hash)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_CURRENT_INCORRECT')); return false; } else { if (empty($user_password_new) || empty($user_password_repeat)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY')); return false; } else { if ($user_password_new !== $user_password_repeat) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG')); return false; } else { if (strlen($user_password_new) < 6) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_TOO_SHORT')); return false; } else { if ($user_password_current == $user_password_new) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_NEW_SAME_AS_CURRENT')); return false; } } } } } return true; }