/** @var string User sign-in token depending on remote IP and credentials */
protected $staySignedInToken = '';
+ protected $lastErrorReason = '';
+ protected $lastErrorIsBanishable = false;
+
/**
* Constructor
*
*/
public function checkLoginState($cookie, $clientIpId)
{
- if (! $this->configManager->exists('credentials.login')) {
+ if (! $this->configManager->exists('credentials.login') || (isset($_SESSION['username']) && $_SESSION['username'] && $this->configManager->get('credentials.login') !== $_SESSION['username'])) {
// Shaarli is not configured yet
$this->isLoggedIn = false;
return;
// The user client has a valid stay-signed-in cookie
// Session information is updated with the current client information
$this->sessionManager->storeLoginInfo($clientIpId);
- $this->isLoggedIn = true;
} elseif ($this->sessionManager->hasSessionExpired()
|| $this->sessionManager->hasClientIpChanged($clientIpId)
return;
}
+ $this->isLoggedIn = true;
$this->sessionManager->extendSession();
}
*/
public function checkCredentials($remoteIp, $clientIpId, $login, $password)
{
- $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
+ $this->lastErrorIsBanishable = false;
+
+ if ($this->configManager->getUserSpace() !== null && $this->configManager->getUserSpace() !== $login) {
+ logm($this->configManager->get('resource.log'),
+ $remoteIp,
+ 'Trying to login to wrong user space');
+ $this->lastErrorReason = 'You’re trying to access the wrong account.';
+ return false;
+ }
- if ($login != $this->configManager->get('credentials.login')
- || $hash != $this->configManager->get('credentials.hash')
- ) {
+ logm($this->configManager->get('resource.log'),
+ $remoteIp,
+ 'Trying LDAP connection');
+ $result = $this->configManager->findLDAPUser($login, $password);
+ if ($result === false) {
logm(
$this->configManager->get('resource.log'),
$remoteIp,
- 'Login failed for user ' . $login
+ 'Impossible to connect to LDAP'
);
+ $this->lastErrorReason = 'Server error.';
+ return false;
+ } else if (is_null($result)) {
+ logm(
+ $this->configManager->get('resource.log'),
+ $remoteIp,
+ 'Login failed for user ' . $login
+ );
+ $this->lastErrorIsBanishable = true;
+ $this->lastErrorReason = 'Wrong login/password.';
return false;
}
- $this->sessionManager->storeLoginInfo($clientIpId);
+ $this->sessionManager->storeLoginInfo($clientIpId, $login);
logm(
$this->configManager->get('resource.log'),
$remoteIp,
*/
public function handleFailedLogin($server)
{
+ if (!$this->lastErrorIsBanishable) {
+ return $this->lastErrorReason ?: 'Error during login.';
+ };
+
$ip = $server['REMOTE_ADDR'];
$trusted = $this->configManager->get('security.trusted_proxies', []);
);
}
$this->writeBanFile();
+ return $this->lastErrorReason ?: 'Error during login.';
}
/**