/**
* @see wcf\system\user\authentication\IUserAuthentication::loginAutomatically()
*/
public function loginAutomatically($persistent = false, $userClassname = 'wcf\data\user\User') {
if (!$persistent) return null;
$user = null;
if (isset($_COOKIE[COOKIE_PREFIX.'userID']) && isset($_COOKIE[COOKIE_PREFIX.'password'])) {
if (!($user = $this->getUserAutomatically(intval($_COOKIE[COOKIE_PREFIX.'userID']), $_COOKIE[COOKIE_PREFIX.'password'], $userClassname))) {
$user = null;
// reset cookie
HeaderUtil::setCookie('userID', '');
HeaderUtil::setCookie('password', '');
}
}
return $user;
}
/**
* @see \wcf\action\IAction::execute()
*/
public function execute()
{
AbstractSecureAction::execute();
// do logout
WCF::getSession()->delete();
// remove cookies
if (isset($_COOKIE[COOKIE_PREFIX . 'userID'])) {
HeaderUtil::setCookie('userID', 0);
}
if (isset($_COOKIE[COOKIE_PREFIX . 'password'])) {
HeaderUtil::setCookie('password', '');
}
$this->executed();
// forward to index page
HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(), WCF::getLanguage()->get('wcf.user.logout.redirect'));
exit;
}
/**
* @see \wcf\system\session\ACPSessionFactory::init()
*/
protected function init()
{
$usesCookies = true;
if (isset($_COOKIE[COOKIE_PREFIX . 'cookieHash'])) {
if ($_COOKIE[COOKIE_PREFIX . 'cookieHash'] != SessionHandler::getInstance()->sessionID) {
$usesCookies = false;
}
} else {
$usesCookies = false;
}
if (!$usesCookies) {
// cookie support will be enabled upon next request
HeaderUtil::setCookie('cookieHash', SessionHandler::getInstance()->sessionID);
} else {
// enable cookie support
SessionHandler::getInstance()->enableCookies();
}
parent::init();
}
/**
* logout
*
* @return Boolean return true when logout success.
*/
public function logout()
{
//ref wcf\action\LogoutAction::execute()
// do logout
WCF::getSession()->delete();
// remove cookies
if (isset($_COOKIE[COOKIE_PREFIX . 'userID'])) {
HeaderUtil::setCookie('userID', 0);
}
if (isset($_COOKIE[COOKIE_PREFIX . 'password'])) {
HeaderUtil::setCookie('password', '');
}
return true;
}
/**
* @see \wcf\form\IForm::save()
*/
public function save()
{
parent::save();
$success = array();
$updateParameters = array();
// quit
if (WCF::getSession()->getPermission('user.profile.canQuit')) {
if (!WCF::getUser()->quitStarted && $this->quit == 1) {
$updateParameters['quitStarted'] = TIME_NOW;
$this->quitStarted = TIME_NOW;
$success[] = 'wcf.user.quit.success';
} else {
if (WCF::getUser()->quitStarted && $this->cancelQuit == 1) {
$updateParameters['quitStarted'] = 0;
$this->quitStarted = 0;
$success[] = 'wcf.user.quit.cancel.success';
}
}
}
// user name
if (WCF::getSession()->getPermission('user.profile.canRename') && $this->username != WCF::getUser()->username) {
if (mb_strtolower($this->username) != mb_strtolower(WCF::getUser()->username)) {
$updateParameters['lastUsernameChange'] = TIME_NOW;
$updateParameters['oldUsername'] = WCF::getUser()->username;
}
$updateParameters['username'] = $this->username;
$success[] = 'wcf.user.changeUsername.success';
}
// email
if (WCF::getSession()->getPermission('user.profile.canChangeEmail') && $this->email != WCF::getUser()->email && $this->email != WCF::getUser()->newEmail) {
if (REGISTER_ACTIVATION_METHOD == 0 || REGISTER_ACTIVATION_METHOD == 2 || mb_strtolower($this->email) == mb_strtolower(WCF::getUser()->email)) {
// update email
$updateParameters['email'] = $this->email;
$success[] = 'wcf.user.changeEmail.success';
} else {
if (REGISTER_ACTIVATION_METHOD == 1) {
// get reactivation code
$activationCode = UserRegistrationUtil::getActivationCode();
// save as new email
$updateParameters['reactivationCode'] = $activationCode;
$updateParameters['newEmail'] = $this->email;
$messageData = array('username' => WCF::getUser()->username, 'userID' => WCF::getUser()->userID, 'activationCode' => $activationCode);
$mail = new Mail(array(WCF::getUser()->username => $this->email), WCF::getLanguage()->getDynamicVariable('wcf.user.changeEmail.needReactivation.mail.subject'), WCF::getLanguage()->getDynamicVariable('wcf.user.changeEmail.needReactivation.mail', $messageData));
$mail->send();
$success[] = 'wcf.user.changeEmail.needReactivation';
}
}
}
// password
if (!WCF::getUser()->authData) {
if (!empty($this->newPassword) || !empty($this->confirmNewPassword)) {
$updateParameters['password'] = $this->newPassword;
$success[] = 'wcf.user.changePassword.success';
}
}
// 3rdParty
if (GITHUB_PUBLIC_KEY !== '' && GITHUB_PRIVATE_KEY !== '') {
if ($this->githubConnect && WCF::getSession()->getVar('__githubToken')) {
$updateParameters['authData'] = 'github:' . WCF::getSession()->getVar('__githubToken');
$success[] = 'wcf.user.3rdparty.github.connect.success';
WCF::getSession()->unregister('__githubToken');
WCF::getSession()->unregister('__githubUsername');
}
}
if ($this->githubDisconnect && StringUtil::startsWith(WCF::getUser()->authData, 'github:')) {
$updateParameters['authData'] = '';
$success[] = 'wcf.user.3rdparty.github.disconnect.success';
}
if (TWITTER_PUBLIC_KEY !== '' && TWITTER_PRIVATE_KEY !== '') {
if ($this->twitterConnect && WCF::getSession()->getVar('__twitterData')) {
$twitterData = WCF::getSession()->getVar('__twitterData');
$updateParameters['authData'] = 'twitter:' . $twitterData['user_id'];
$success[] = 'wcf.user.3rdparty.twitter.connect.success';
WCF::getSession()->unregister('__twitterData');
WCF::getSession()->unregister('__twitterUsername');
}
}
if ($this->twitterDisconnect && StringUtil::startsWith(WCF::getUser()->authData, 'twitter:')) {
$updateParameters['authData'] = '';
$success[] = 'wcf.user.3rdparty.twitter.disconnect.success';
}
if (FACEBOOK_PUBLIC_KEY !== '' && FACEBOOK_PRIVATE_KEY !== '') {
if ($this->facebookConnect && WCF::getSession()->getVar('__facebookData')) {
$facebookData = WCF::getSession()->getVar('__facebookData');
$updateParameters['authData'] = 'facebook:' . $facebookData['id'];
$success[] = 'wcf.user.3rdparty.facebook.connect.success';
WCF::getSession()->unregister('__facebookData');
WCF::getSession()->unregister('__facebookUsername');
}
}
if ($this->facebookDisconnect && StringUtil::startsWith(WCF::getUser()->authData, 'facebook:')) {
$updateParameters['authData'] = '';
$success[] = 'wcf.user.3rdparty.facebook.disconnect.success';
}
if (GOOGLE_PUBLIC_KEY !== '' && GOOGLE_PRIVATE_KEY !== '') {
if ($this->googleConnect && WCF::getSession()->getVar('__googleData')) {
$googleData = WCF::getSession()->getVar('__googleData');
$updateParameters['authData'] = 'google:' . $googleData['id'];
$success[] = 'wcf.user.3rdparty.google.connect.success';
WCF::getSession()->unregister('__googleData');
WCF::getSession()->unregister('__googleUsername');
}
}
if ($this->googleDisconnect && StringUtil::startsWith(WCF::getUser()->authData, 'google:')) {
$updateParameters['authData'] = '';
$success[] = 'wcf.user.3rdparty.google.disconnect.success';
}
$data = array();
if (!empty($updateParameters) || !empty($this->additionalFields)) {
$data['data'] = array_merge($this->additionalFields, $updateParameters);
}
$this->objectAction = new UserAction(array(WCF::getUser()), 'update', $data);
$this->objectAction->executeAction();
// update cookie
if (isset($_COOKIE[COOKIE_PREFIX . 'password']) && isset($updateParameters['password'])) {
// reload user
$user = new User(WCF::getUser()->userID);
HeaderUtil::setCookie('password', PasswordUtil::getSaltedHash($updateParameters['password'], $user->password), TIME_NOW + 365 * 24 * 3600);
}
$this->saved();
$success = array_merge($success, WCF::getTPL()->get('success') ?: array());
// show success message
WCF::getTPL()->assign('success', $success);
// reset password
$this->password = '';
$this->newPassword = $this->confirmNewPassword = '';
}
/**
* Changes the user stored in the session, this method is different from changeUser() because it
* attempts to re-use sessions unless there are other virtual sessions for the same user (userID != 0).
* In reverse, logging out attempts to re-use the current session or spawns a new session depending
* on other virtual sessions.
*
* @param \wcf\data\user\User $user
*/
protected function changeUserVirtual(User $user)
{
$sessionTable = call_user_func(array($this->sessionClassName, 'getDatabaseTableName'));
switch ($user->userID) {
//
// user -> guest (logout)
//
case 0:
// delete virtual session
if ($this->virtualSession) {
$virtualSessionEditor = new SessionVirtualEditor($this->virtualSession);
$virtualSessionEditor->delete();
}
// there are still other virtual sessions, create a new session
if (SessionVirtual::countVirtualSessions($this->session->sessionID)) {
// save session
$sessionData = array('sessionID' => StringUtil::getRandomID(), 'userID' => $user->userID, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => !empty($_SERVER['REQUEST_METHOD']) ? substr($_SERVER['REQUEST_METHOD'], 0, 7) : '');
$this->session = call_user_func(array($this->sessionEditorClassName, 'create'), $sessionData);
HeaderUtil::setCookie('cookieHash', $this->session->sessionID);
} else {
// this was the last virtual session, re-use current session
// update session
$sessionEditor = new $this->sessionEditorClassName($this->session);
$sessionEditor->update(array('userID' => $user->userID));
}
break;
//
// guest -> user (login)
//
//
// guest -> user (login)
//
default:
// find existing session for this user
$session = call_user_func(array($this->sessionClassName, 'getSessionByUserID'), $user->userID);
// no session exists, re-use current session
if ($session === null) {
// update session
$sessionEditor = new $this->sessionEditorClassName($this->session);
try {
$this->register('__changeSessionID', true);
$sessionEditor->update(array('userID' => $user->userID));
} catch (DatabaseException $e) {
// MySQL error 23000 = unique key
// do not check against the message itself, some weird systems localize them
if ($e->getCode() == 23000) {
// delete guest session
$sessionEditor = new $this->sessionEditorClassName($this->session);
$sessionEditor->delete();
// inherit existing session
$this->session = $session;
} else {
// not our business
throw $e;
}
}
} else {
// delete guest session
$sessionEditor = new $this->sessionEditorClassName($this->session);
$sessionEditor->delete();
// inherit existing session
$this->session = $session;
// inherit security token
$variables = @unserialize($this->session->sessionVariables);
if (is_array($variables) && !empty($variables['__SECURITY_TOKEN'])) {
$this->register('__SECURITY_TOKEN', $variables['__SECURITY_TOKEN']);
}
HeaderUtil::setCookie('cookieHash', $this->session->sessionID);
}
break;
}
$this->user = $user;
$this->loadVirtualSession(true);
}
