From a05d277a2c1d09c08fcee56aabc124320b5f6819 Mon Sep 17 00:00:00 2001 From: Marco Date: Sun, 26 Feb 2017 13:03:52 +0100 Subject: [PATCH] Read status from 'users' table and provide read access in session --- src/Auth.php | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/src/Auth.php b/src/Auth.php index efa9cf1..1f2c53b 100644 --- a/src/Auth.php +++ b/src/Auth.php @@ -24,6 +24,7 @@ final class Auth extends UserManager { const SESSION_FIELD_USER_ID = 'auth_user_id'; const SESSION_FIELD_EMAIL = 'auth_email'; const SESSION_FIELD_USERNAME = 'auth_username'; + const SESSION_FIELD_STATUS = 'auth_status'; const SESSION_FIELD_REMEMBERED = 'auth_remembered'; const COOKIE_CONTENT_SEPARATOR = '~'; const COOKIE_NAME_REMEMBER = 'auth_remember'; @@ -111,7 +112,7 @@ final class Auth extends UserManager { if (isset($parts[0]) && isset($parts[1])) { try { $rememberData = $this->db->selectRow( - 'SELECT a.user, a.token, a.expires, b.email, b.username FROM users_remembered AS a JOIN users AS b ON a.user = b.id WHERE a.selector = ?', + 'SELECT a.user, a.token, a.expires, b.email, b.username, b.status FROM users_remembered AS a JOIN users AS b ON a.user = b.id WHERE a.selector = ?', [ $parts[0] ] ); } @@ -122,7 +123,7 @@ final class Auth extends UserManager { if (!empty($rememberData)) { if ($rememberData['expires'] >= time()) { if (password_verify($parts[1], $rememberData['token'])) { - $this->onLoginSuccessful($rememberData['user'], $rememberData['email'], $rememberData['username'], true); + $this->onLoginSuccessful($rememberData['user'], $rememberData['email'], $rememberData['username'], $rememberData['status'], true); } } } @@ -326,10 +327,11 @@ final class Auth extends UserManager { * @param int $userId the ID of the user who has just logged in * @param string $email the email address of the user who has just logged in * @param string $username the username (if any) + * @param int $status the status as one of the constants from the {@see Status} class * @param bool $remembered whether the user was remembered ("remember me") or logged in actively * @throws AuthError if an internal problem occurred (do *not* catch) */ - private function onLoginSuccessful($userId, $email, $username, $remembered) { + private function onLoginSuccessful($userId, $email, $username, $status, $remembered) { try { $this->db->update( 'users', @@ -349,6 +351,7 @@ final class Auth extends UserManager { $this->setUserId($userId); $this->setEmail($email); $this->setUsername($username); + $this->setStatus($status); $this->setRemembered($remembered); } @@ -617,7 +620,7 @@ final class Auth extends UserManager { try { $userData = $this->getUserDataByEmailAddress( $email, - [ 'id', 'email', 'password', 'verified', 'username' ] + [ 'id', 'email', 'password', 'verified', 'username', 'status' ] ); } // if there is no user with the specified email address @@ -637,7 +640,7 @@ final class Auth extends UserManager { try { $userData = $this->getUserDataByUsername( $username, - [ 'id', 'email', 'password', 'verified', 'username' ] + [ 'id', 'email', 'password', 'verified', 'username', 'status' ] ); } // if there is no user with the specified username @@ -675,7 +678,7 @@ final class Auth extends UserManager { } if ($userData['verified'] === 1) { - $this->onLoginSuccessful($userData['id'], $userData['email'], $userData['username'], false); + $this->onLoginSuccessful($userData['id'], $userData['email'], $userData['username'], $userData['status'], false); // continue to support the old parameter format if ($rememberDuration === true) { @@ -1011,6 +1014,29 @@ final class Auth extends UserManager { } } + /** + * Sets the currently signed-in user's status and updates the session + * + * @param int $status the status as one of the constants from the {@see Status} class + */ + private function setStatus($status) { + $_SESSION[self::SESSION_FIELD_STATUS] = (int) $status; + } + + /** + * Returns the currently signed-in user's status by reading from the session + * + * @return int the status as one of the constants from the {@see Status} class + */ + public function getStatus() { + if (isset($_SESSION) && isset($_SESSION[self::SESSION_FIELD_STATUS])) { + return $_SESSION[self::SESSION_FIELD_STATUS]; + } + else { + return null; + } + } + /** * Sets whether the currently signed-in user has been remembered by a long-lived cookie *