X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2FLoginManager.php;h=27d067051f8c9980e9257a4eddcb9e566fb364ab;hb=68dcaccfa46649addc66674b627a83064798bbc0;hp=d81c6c05811e178e747a097cb46a5ad2aa36808c;hpb=1b28c66cc77b59f716aa47e6207142a7f86c2c2d;p=github%2Fshaarli%2FShaarli.git

diff --git a/application/LoginManager.php b/application/LoginManager.php
index d81c6c05..27d06705 100644
--- a/application/LoginManager.php
+++ b/application/LoginManager.php
@@ -1,6 +1,8 @@
 <?php
 namespace Shaarli;
 
+use Shaarli\Config\ConfigManager;
+
 /**
  * User login management
  */
@@ -46,15 +48,14 @@ class LoginManager
     /**
      * Check user session state and validity (expiration)
      *
-     * @param array  $server  The $_SERVER array
-     * @param array  $session The $_SESSION array (reference)
-     * @param array  $cookie  The $_COOKIE array
-     * @param string $webPath Path on the server in which the cookie will be available on
-     * @param string $token   Session token
+     * @param array  $cookie     The $_COOKIE array
+     * @param string $webPath    Path on the server in which the cookie will be available on
+     * @param string $clientIpId Client IP address identifier
+     * @param string $token      Session token
      *
      * @return bool true if the user session is valid, false otherwise
      */
-    public function checkLoginState($server, & $session, $cookie, $webPath, $token)
+    public function checkLoginState($cookie, $webPath, $clientIpId, $token)
     {
         if (! $this->configManager->exists('credentials.login')) {
             // Shaarli is not configured yet
@@ -65,31 +66,19 @@ class LoginManager
         if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
             && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
         ) {
-            $this->sessionManager->storeLoginInfo($server);
+            $this->sessionManager->storeLoginInfo($clientIpId);
             $this->isLoggedIn = true;
         }
 
-        // Logout when:
-        // - the session does not exist on the server side
-        // - the session has expired
-        // - the client IP address has changed
-        if (empty($session['uid'])
-            || ($this->configManager->get('security.session_protection_disabled') === false
-                && $session['ip'] != client_ip_id($server))
-            || time() >= $session['expires_on']
+        if ($this->sessionManager->hasSessionExpired()
+            || $this->sessionManager->hasClientIpChanged($clientIpId)
         ) {
             $this->sessionManager->logout($webPath);
             $this->isLoggedIn = false;
             return;
         }
 
-        // Extend session validity
-        if (! empty($session['longlastingsession'])) {
-            // "Stay signed in" is enabled
-            $session['expires_on'] = time() + $session['longlastingsession'];
-        } else {
-            $session['expires_on'] = time() + SessionManager::$INACTIVITY_TIMEOUT;
-        }
+        $this->sessionManager->extendSession();
     }
 
     /**
@@ -108,13 +97,14 @@ class LoginManager
     /**
      * Check user credentials are valid
      *
-     * @param array  $server   The $_SERVER array
-     * @param string $login    Username
-     * @param string $password Password
+     * @param string $remoteIp   Remote client IP address
+     * @param string $clientIpId Client IP address identifier
+     * @param string $login      Username
+     * @param string $password   Password
      *
      * @return bool true if the provided credentials are valid, false otherwise
      */
-    public function checkCredentials($server, $login, $password)
+    public function checkCredentials($remoteIp, $clientIpId, $login, $password)
     {
         $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
 
@@ -123,16 +113,16 @@ class LoginManager
         ) {
             logm(
                 $this->configManager->get('resource.log'),
-                $server['REMOTE_ADDR'],
+                $remoteIp,
                 'Login failed for user ' . $login
             );
             return false;
         }
 
-        $this->sessionManager->storeLoginInfo($server);
+        $this->sessionManager->storeLoginInfo($clientIpId);
         logm(
             $this->configManager->get('resource.log'),
-            $server['REMOTE_ADDR'],
+            $remoteIp,
             'Login successful'
         );
         return true;