<?php
namespace Shaarli;
+use Shaarli\Config\ConfigManager;
+
/**
* User login management
*/
/**
* Check user session state and validity (expiration)
*
- * @param array $server The $_SERVER array
- * @param array $session The $_SESSION array (reference)
- * @param array $cookie The $_COOKIE array
- * @param string $webPath Path on the server in which the cookie will be available on
- * @param string $token Session token
+ * @param array $cookie The $_COOKIE array
+ * @param string $webPath Path on the server in which the cookie will be available on
+ * @param string $clientIpId Client IP address identifier
+ * @param string $token Session token
*
* @return bool true if the user session is valid, false otherwise
*/
- public function checkLoginState($server, & $session, $cookie, $webPath, $token)
+ public function checkLoginState($cookie, $webPath, $clientIpId, $token)
{
if (! $this->configManager->exists('credentials.login')) {
// Shaarli is not configured yet
if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
&& $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
) {
- $this->sessionManager->storeLoginInfo($server);
+ $this->sessionManager->storeLoginInfo($clientIpId);
$this->isLoggedIn = true;
}
- // Logout when:
- // - the session does not exist on the server side
- // - the session has expired
- // - the client IP address has changed
- if (empty($session['uid'])
- || ($this->configManager->get('security.session_protection_disabled') === false
- && $session['ip'] != client_ip_id($server))
- || time() >= $session['expires_on']
+ if ($this->sessionManager->hasSessionExpired()
+ || $this->sessionManager->hasClientIpChanged($clientIpId)
) {
$this->sessionManager->logout($webPath);
$this->isLoggedIn = false;
return;
}
- // Extend session validity
- if (! empty($session['longlastingsession'])) {
- // "Stay signed in" is enabled
- $session['expires_on'] = time() + $session['longlastingsession'];
- } else {
- $session['expires_on'] = time() + SessionManager::$INACTIVITY_TIMEOUT;
- }
+ $this->sessionManager->extendSession();
}
/**
/**
* Check user credentials are valid
*
- * @param array $server The $_SERVER array
- * @param string $login Username
- * @param string $password Password
+ * @param string $remoteIp Remote client IP address
+ * @param string $clientIpId Client IP address identifier
+ * @param string $login Username
+ * @param string $password Password
*
* @return bool true if the provided credentials are valid, false otherwise
*/
- public function checkCredentials($server, $login, $password)
+ public function checkCredentials($remoteIp, $clientIpId, $login, $password)
{
$hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
) {
logm(
$this->configManager->get('resource.log'),
- $server['REMOTE_ADDR'],
+ $remoteIp,
'Login failed for user ' . $login
);
return false;
}
- $this->sessionManager->storeLoginInfo($server);
+ $this->sessionManager->storeLoginInfo($clientIpId);
logm(
$this->configManager->get('resource.log'),
- $server['REMOTE_ADDR'],
+ $remoteIp,
'Login successful'
);
return true;