1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
<?php
/**
***********************************************************************************************
* @copyright 2004-2016 The Admidio Team
* @see http://www.admidio.org/
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License v2.0 only
***********************************************************************************************
*/
/**
* @class AutoLogin
* @brief Handle auto login with Admidio and manage it in the database
*
* The class search in the database table @b adm_auto_login for the session id.
* If there is an entry for that id then it reads the user id and set this
* user to the current session. Now the current session has become a valid user
* that is automatically login.
* @par Examples
* @code // create a valid user login for a Admidio session from auto login
* $autoLogin = new AutoLogin($gDb, $gSessionId);
* $autoLogin->setValidLogin($gCurrentSession, $_COOKIE['ADMIDIO_ID']);@endcode
* @code // delete an auto login
* $autoLogin = new AutoLogin($gDb, $gSessionId);
* $autoLogin->delete(); @endcode
*/
class AutoLogin extends TableAccess
{
/**
* Constructor that will create an object of a recordset of the table adm_auto_login.
* If the id is set than the specific auto login will be loaded.
* @param \Database $database Object of the class Database. This should be the default global object @b $gDb.
* @param string|int $session The recordset of the auto login with this session will be loaded.
* If session isn't set than an empty object of the table is created.
*/
public function __construct(&$database, $session = 0)
{
parent::__construct($database, TBL_AUTO_LOGIN, 'atl');
// if not numeric than the session id is commited
if(is_numeric($session))
{
$this->readDataById($session);
}
else
{
$this->readDataByColumns(array('atl_auto_login_id' => $session));
}
}
/**
* Creates a new unique auto login id for this user.
* @param int $userId The id of the current user.
* @return string Returns the auto login id.
*/
public function generateAutoLoginId($userId)
{
$loginId = '';
try
{
$loginId = $userId.':'.PasswordHashing::genRandomPassword(40);
}
catch(AdmException $e)
{
$e->showText();
// => EXIT
}
return $loginId;
}
/**
* Save all changed columns of the recordset in table of database. Therefore the class remembers if it's
* a new record or if only an update is necessary. The update statement will only update the changed columns.
* If the table has columns for creator or editor than these column with their timestamp will be updated.
* The current organization, last login and ip adress will be set per default.
* @param bool $updateFingerPrint Default @b true. Will update the creator or editor of the recordset
* if table has columns like @b usr_id_create or @b usr_id_changed
* @return bool If an update or insert into the database was done then return true, otherwise false.
*/
public function save($updateFingerPrint = true)
{
if($this->new_record)
{
// Insert
global $gCurrentOrganization;
$this->setValue('atl_org_id', $gCurrentOrganization->getValue('org_id'));
$this->setValue('atl_last_login', DATETIME_NOW);
$this->setValue('atl_ip_address', $_SERVER['REMOTE_ADDR']);
// Tabelle aufraeumen, wenn ein neuer Datensatz geschrieben wird
$this->tableCleanup();
}
else
{
// Update
$this->setValue('atl_last_login', DATETIME_NOW);
$this->setValue('atl_ip_address', $_SERVER['REMOTE_ADDR']);
}
return parent::save($updateFingerPrint);
}
/**
* Method will clean the database table @b adm_auto_login.
* All login that had their last login one year ago will be deleted.
* All counted wrong auto login ids from this user will be reset.
*/
public function tableCleanup()
{
// Zeitpunkt bestimmen, ab dem die Auto-Logins geloescht werden, mind. 1 Jahr alt
$currDateTime = new DateTime();
$oneYearDateInterval = new DateInterval('P1Y');
$oneYearBeforeDateTime = $currDateTime->sub($oneYearDateInterval);
$date_session_delete = $oneYearBeforeDateTime->format('Y.m.d H:i:s');
$sql = 'DELETE FROM '.TBL_AUTO_LOGIN.'
WHERE atl_last_login < \''. $date_session_delete. '\'';
$this->db->query($sql);
// reset all counted wrong auto login ids from this user to prevent
// a deadlock if user has auto login an several devices and they were
// set invalid fpr security reasons
$sql = 'UPDATE '.TBL_AUTO_LOGIN.' SET atl_number_invalid = 0
WHERE atl_usr_id = '.$this->getValue('atl_usr_id');
$this->db->query($sql);
}
}