/** * checks the email/verification code combination and set the user's activation status to true in the database * * @param string $user_name * @param string $ua_verification_code verification token * * @return bool success status */ public static function verifyNewUser($user_name, $ua_verification_code) { $dql = "UPDATE " . User::TABLE_NAME . " u SET u.active = 1, u.activationhash = NULL WHERE u.username = '******' AND u.activationhash = '" . $ua_verification_code . "'"; $numUpdated = DbResource::getEntityManager()->createQuery($dql)->execute(); if ($numUpdated == 1) { Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL')); return true; } Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED')); return false; }
/** * performs the login via cookie (for DEFAULT user account, FACEBOOK-accounts are handled differently) * TODO add throttling here ? * * @param $cookie string The cookie "remember_me" * * @return bool success state */ public static function loginWithCookie($cookie) { // do we have a cookie ? if (!$cookie) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_COOKIE_INVALID')); return false; } // before list(), check it can be split into 3 strings. if (count(explode(':', $cookie)) !== 3) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_COOKIE_INVALID')); return false; } // check cookie's contents, check if cookie contents belong together or token is empty list($user_name, $token, $hash) = explode(':', $cookie); // decrypt user user_name $user_name = Encryption::decrypt($user_name); if ($hash !== hash('sha256', $user_name . ':' . $token) or empty($token) or empty($user_name)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_COOKIE_INVALID')); return false; } // get data of user that has this id and this token $user = UserModel::getUserDataByUserNameAndToken($user_name, $token); // if user with that id and exactly that cookie token exists in database if ($user) { // successfully logged in, so we write all necessary data into the session and set "user_logged_in" to true self::setSuccessfulLoginIntoSession($user->getUsername(), $user->getEmail(), $user->getAccounttype(), $user->getProvidertype()); // save timestamp of this login in the database line of that user self::saveTimestampOfLoginOfUser($user->getUsername()); // NOTE: we don't set another remember_me-cookie here as the current cookie should always // be invalid after a certain amount of time, so the user has to login with username/password // again from time to time. This is good and safe ! ;) Session::add(Session::SESSION_FEEDBACK_POSITIVE, Text::get('FEEDBACK_COOKIE_LOGIN_SUCCESSFUL')); return true; } else { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_COOKIE_INVALID')); return false; } }
/** * Removes the avatar image file from the filesystem * * @param string $userName * @return bool */ public static function deleteAvatarImageFile($userName) { $avatarId = $this->getIdForImage($userName); // Check if file exists if (!file_exists(Config::get('avatar.path') . $avatarId . ".jpg")) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_NO_FILE")); return false; } // Delete avatar file if (!unlink(Config::get('avatar.path') . $avatarId . ".jpg")) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED")); return false; } return true; }
private static function registerNewUserExternal($fb_graph_user, $accessToken) { $fb_id = $fb_graph_user->getId(); if (ExternalModel::getUserById($fb_id) !== null) { IubarFattureApp::getInstance()->log->debug('Fb user\'s id aleady in use'); Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_FB_ID_ALREADY_TAKEN')); return false; } if (ExternalModel::getUserByEmail($fb_id, UserModel::PROVIDER_TYPE_FB) !== null) { IubarFattureApp::getInstance()->log->debug('Fb user\'s id aleady in use'); Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_FB_EMAIL_ALREADY_TAKEN')); return false; } // write user data to database if (!self::writeNewFbUserToDatabase($fb_graph_user, $accessToken)) { IubarFattureApp::getInstance()->log->debug('Registrazione fallita'); Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED')); return false; } return true; }
/** * Validates current and new passwords * * @param string $user_name * @param string $user_password_current * @param string $user_password_new * @param string $user_password_repeat * * @return bool */ public static function validatePasswordChange($user_name, $user_password_current, $user_password_new, $user_password_repeat) { $user = UserModel::getByUsername($user_name); if ($user) { $user_password_hash = $user->getPwdhash(); } else { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_USER_DOES_NOT_EXIST')); return false; } if (!password_verify($user_password_current, $user_password_hash)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_CURRENT_INCORRECT')); return false; } else { if (empty($user_password_new) || empty($user_password_repeat)) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY')); return false; } else { if ($user_password_new !== $user_password_repeat) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG')); return false; } else { if (strlen($user_password_new) < 6) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_TOO_SHORT')); return false; } else { if ($user_password_current == $user_password_new) { Session::add(Session::SESSION_FEEDBACK_NEGATIVE, Text::get('FEEDBACK_PASSWORD_NEW_SAME_AS_CURRENT')); return false; } } } } } return true; }