API tools faq
paste
Guest User

fuelphpusermodel

a guest
May 4th, 2013
105
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.92 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3.  * User model
  4.  *
  5.  * @package  app
  6.  * @extends  Model
  7.  */
  8.  
  9. namespace Model;
  10.  
  11. class User extends \Model
  12. {
  13.     protected static $user = null;
  14.  
  15.     public static function _init()
  16.     {
  17.         // load langauge strings
  18.         \Lang::load('errors', 'validation');
  19.     }
  20.  
  21.     public static function check_username_availability($username)
  22.     {
  23.         $cleanUsername = \Security::xss_clean($username);
  24.         $result = \DB::select('username')->from('users')->where('username', $cleanUsername)->execute()->current();
  25.         return (count($result) == 0) ? "AVAILABLE" : "NOT AVAILABLE";
  26.     }
  27.    
  28.     public static function fetch_user_hash_token($username)
  29.     {
  30.         $result = \DB::select('hash_token')->from('users')->where('username', $username)->execute()->current();
  31.         return $result['hash_token'];
  32.     }
  33.    
  34.     public static function confirm_account($token)
  35.     {
  36.         $result = \DB::select('activation_token', 'account_status')->from('users')->where('activation_token', $token)->limit(1)->execute()->current();
  37.        
  38.         if(!$token)
  39.             return 'MISSING_TOKEN';
  40.         else
  41.         {
  42.             if(!$result)
  43.                 return 'INVALID_TOKEN';
  44.             else if($result['account_status'] == 'pending_activation')
  45.             {
  46.                 \DB::update('users')
  47.                 ->value('account_status', 'active')
  48.                 ->where('activation_token', '=', $token)
  49.                 ->execute();
  50.            
  51.                 return 'CONFIRMED';
  52.             }
  53.             else
  54.                 return 'ALREADY_CONFIRMED';
  55.         }
  56.     }
  57.        
  58.    
  59.     public static function process_registration($email, $username, $password, $confirmPassword)
  60.     {      
  61.         // perform server side validation as a fail-safe to client side validation
  62.         $cleanEmail = \Security::xss_clean($email);
  63.         $cleanUsername = \Security::xss_clean($username);
  64.         $cleanPassword = \Security::xss_clean($password);
  65.         $cleanConfirmedPassword = \Security::xss_clean($confirmPassword);
  66.        
  67.         $usernameFilter = "/^[A-Za-z0-9 ]+$/";
  68.        
  69.         preg_match($usernameFilter, $cleanUsername, $usernameMatches);
  70.         $existingEmail = \DB::select('email')->from('users')->where('email', $cleanEmail)->limit(1)->execute()->current();
  71.  
  72.         if(strlen($cleanEmail) == 0)
  73.             return __('errors.validation.COMPLETE_REQUIRED_FIELDS');
  74.         if(strlen($cleanUsername) == 0)
  75.             return __('errors.validation.COMPLETE_REQUIRED_FIELDS');
  76.         if(strlen($cleanPassword) == 0)
  77.             return __('errors.validation.COMPLETE_REQUIRED_FIELDS');
  78.         if(strlen($cleanConfirmedPassword) == 0)
  79.             return __('errors.validation.COMPLETE_REQUIRED_FIELDS');
  80.         if(!filter_var($cleanEmail, FILTER_VALIDATE_EMAIL))
  81.             return __('errors.validation.INVALID_EMAIL');
  82.         if($cleanPassword != $cleanConfirmedPassword)
  83.             return __('errors.validation.PASSWORD_MISMATCH');
  84.         if(count($usernameMatches) == 0)
  85.             return __('errors.validation.INVALID_USERNAME');
  86.         if(strlen($cleanUsername) < 5)
  87.             return __('errors.validation.USERNAME_MIN_LEN');
  88.         if(count($existingEmail) > 0)
  89.             return __('errors.validation.EXISTING_EMAIL');
  90.         if(static::check_username_availability($cleanUsername) == "NOT AVAILABLE")
  91.             return __('errors.validation.USERNAME_NOT_AVAILABLE');
  92.  
  93.         // all good!  
  94.         $randSeed = substr(number_format(\Date::forge()->get_timestamp() * rand(),0,'',''),0,10);
  95.         list($insert_id, $rows_affected) = \DB::insert('users')->set(array(
  96.             'username'   => $cleanUsername,
  97.             'password'   => \Crypt::encode($cleanPassword . $randSeed, $randSeed),
  98.             'group'      => 1,
  99.             'email'      => $cleanEmail,
  100.             'last_login' => '',
  101.             'login_hash' => '',
  102.             'hash_token' => $randSeed,
  103.             'created_at' => \Date::forge()->get_timestamp(),
  104.             'account_status' => 'pending_activation',
  105.             'activation_token' => substr(\Crypt::encode($cleanUsername . $randSeed, $randSeed), 0, 30),
  106.             'force_password_reset' => 1
  107.         ))->execute();
  108.  
  109.                 if(!$insert_id)
  110.                     return __('errors.validation.REGISTRATION_FAILED');
  111.  
  112.                 // retrieve activation token && send the mail
  113.                 $result = \DB::select('activation_token')->from('users')->where('id', $insert_id)->limit(1)->execute()->current(); 
  114.         $email = \Email::forge();
  115.         $data = array('activation_token' => $result['activation_token']);
  116.        
  117.         $email->to($cleanEmail);
  118.         $email->subject('Activate your PoochFinder account');
  119.         $email->body(\View::forge('templates/email/activation', $data));
  120.         $email->send();
  121.  
  122.         return 'SUCCESS';
  123.     }
  124.    
  125.     public static function process_login($username, $password, $rememberMe)
  126.     {      
  127.         // perform server side validation as a fail-safe to client side validation
  128.         $cleanUsername = \Security::xss_clean($username);
  129.         $cleanPassword = \Security::xss_clean($password);
  130.         $cleanRemember = \Security::xss_clean($rememberMe);
  131.        
  132.         $usernameFilter = "/^[A-Za-z0-9 ]+$/";
  133.        
  134.         preg_match($usernameFilter, $cleanUsername, $usernameMatches);
  135.  
  136.         if(strlen($cleanUsername) == 0)
  137.             return __('errors.validation.COMPLETE_REQUIRED_FIELDS');
  138.         if(strlen($cleanPassword) == 0)
  139.             return __('errors.validation.COMPLETE_REQUIRED_FIELDS');
  140.         if(count($usernameMatches) == 0)
  141.             return __('errors.validation.INVALID_USERNAME');
  142.  
  143.         // check login details
  144.         $hashToken = static::fetch_user_hash_token($cleanUsername);
  145.        
  146.         static::$user = \DB::select_array(array('username', 'login_hash'))
  147.             ->from('users')
  148.             ->where('username', '=', $cleanUsername)
  149.             ->where('password', '=', \Crypt::encode($cleanPassword . $hashToken, $hashToken))
  150.             ->limit(1)->execute()->current();
  151.            
  152.         // FAIL!
  153.         if(!static::$user)
  154.             return __('errors.validation.INVALID_USERNAME_OR_PASSWORD');
  155.            
  156.         // log em in
  157.         $last_login = \Date::forge()->get_timestamp();
  158.         $login_hash = \Crypt::encode($cleanUsername . $last_login . $hashToken, $hashToken);
  159.  
  160.         \DB::update('users')
  161.             ->set(array('last_login' => $last_login, 'login_hash' => $login_hash))
  162.             ->where('username', '=', $cleanUsername)
  163.             ->execute();
  164.                        
  165.         $session = \Session::instance();
  166.        
  167.         if($cleanRemember == '1')
  168.         {
  169.             $session->set_config('expiration_time', 604800);
  170.             $session->set_config('expire_on_close', false);
  171.         }
  172.        
  173.         $session->set('username', $cleanUsername);
  174.         $session->set('login_hash', $login_hash);
  175.         $session->rotate();
  176.        
  177.         return 'SUCCESS';
  178.     }
  179.    
  180.     public static function initiate_password_reset($email)
  181.     {
  182.         // we start by cleaning & validating the e-mail address
  183.         $cleanEmail = \Security::xss_clean($email);
  184.         $result = \DB::select('id', 'hash_token')->from('users')->where('email', $cleanEmail)->execute()->current();
  185.        
  186.         if(strlen($cleanEmail) == 0)
  187.             return __('errors.validation.COMPLETE_REQUIRED_FIELDS');
  188.         if(!filter_var($cleanEmail, FILTER_VALIDATE_EMAIL))
  189.             return __('errors.validation.INVALID_EMAIL');
  190.         if(count($result) == 0)
  191.             return __('errors.validation.EMAIL_NOT_FOUND');
  192.        
  193.         list($insert_id, $rows_affected) = \DB::insert('pw_reset_requests')->set(array(
  194.             'request_id'    => '',
  195.             'user_id'       => $result['id'],
  196.             'request_token' => substr(\Crypt::encode($cleanEmail . $result['hash_token'], $result['hash_token']), 0, 30),
  197.             'timestamp'     => \Date::forge()->get_timestamp()
  198.         ))->execute();
  199.        
  200.         if(!$insert_id)
  201.                     return __('errors.validation.REQUEST_FAILED');
  202.                        
  203.                 // retrieve reset token && send the mail
  204.                 $result = \DB::select('request_token')->from('pw_reset_requests')->where('request_id', $insert_id)->limit(1)->execute()->current();
  205.         $email = \Email::forge();
  206.         $data = array('request_token' => $result['request_token']);
  207.        
  208.         $email->to($cleanEmail);
  209.         $email->subject('Reset your password');
  210.         $email->body(\View::forge('templates/email/confirmPwReset', $data));
  211.         $email->send();
  212.        
  213.                 return 'SUCCESS';
  214.     }
  215.    
  216.     public static function complete_password_reset($token)
  217.     {
  218.         $result = \DB::select('request_token', 'user_id', 'timestamp')->from('pw_reset_requests')->where('request_token', $token)->limit(1)->execute()->current();
  219.         $userResult = \DB::select('email')->from('users')->where('id', '=', $result['user_id'])->limit(1)->execute()->current();
  220.        
  221.         if(!$token)
  222.             return 'MISSING_TOKEN';
  223.         else
  224.         {
  225.             if(!$result)
  226.                 return 'INVALID_TOKEN';
  227.             else
  228.             {  
  229.                 // is token still valid?
  230.                 if((\Date::forge()->get_timestamp() - $result['timestamp']) > 86400)
  231.                     return 'EXPIRED_TOKEN';
  232.                
  233.                 // generate && set a random 7 character alpha-numeric password
  234.                 $randSeed = substr(number_format(\Date::forge()->get_timestamp() * rand(),0,'',''),0,10);
  235.                 $randPw = substr(md5(rand(0, 1000000)), 0, 10);
  236.                
  237.                 \DB::update('users')
  238.                 ->set(array(
  239.                     'force_password_update' => 1,
  240.                     'hash_token' => $randSeed,
  241.                     'password'   => \Crypt::encode($randPw . $randSeed, $randSeed)
  242.                 ))
  243.                 ->where('id', '=', $result['user_id'])
  244.                 ->execute();
  245.                
  246.                 // delete the reset request as it is complete
  247.                 \DB::delete('pw_reset_requests')->where('request_token', '=', $result['request_token'])->execute();
  248.                
  249.                 // email temporary password
  250.                 $email = \Email::forge();
  251.                 $data = array('tempPw' => $randPw);
  252.        
  253.                 $email->to($userResult['email']);
  254.                 $email->subject('Your temporary password');
  255.                 $email->body(\View::forge('templates/email/tempPw', $data));
  256.                 $email->send();
  257.            
  258.                 return 'SUCCESS';
  259.             }
  260.         }
  261.     }
  262.    
  263.     public static function logged_in()
  264.     {
  265.         $session = \Session::instance();
  266.         $username    = $session->get('username');
  267.         $login_hash  = $session->get('login_hash');
  268.        
  269.         // only worth checking if there's both a username and login-hash
  270.         if (!empty($username) and !empty($login_hash))
  271.         {
  272.             if (is_null(static::$user) or static::$user['username'] != $username)
  273.             {
  274.                 static::$user = \DB::select_array(array('username', 'login_hash'))
  275.                     ->from('users')
  276.                     ->where('username', '=', $username)
  277.                     ->limit(1)->execute()->current();
  278.             }
  279.  
  280.             // return true when login was verified
  281.             if (static::$user and static::$user['login_hash'] === $login_hash)
  282.             {
  283.                 return true;
  284.             }
  285.         }
  286.  
  287.         // no valid login when still here, ensure empty session and optionally set guest_login
  288.         static::$user = null;
  289.         \Session::delete('username');
  290.         \Session::delete('login_hash');
  291.  
  292.         return false;
  293.     }        
  294. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!