Signed-off-by: VirtualTam <virtualtam@flibidi.net>
/**
* Check user session state and validity (expiration)
*
/**
* Check user session state and validity (expiration)
*
- * @param array $server The $_SERVER array
- * @param array $session The $_SESSION array (reference)
- * @param array $cookie The $_COOKIE array
- * @param string $webPath Path on the server in which the cookie will be available on
- * @param string $token Session token
+ * @param array $session The $_SESSION array (reference)
+ * @param array $cookie The $_COOKIE array
+ * @param string $webPath Path on the server in which the cookie will be available on
+ * @param string $clientIpId Client IP address identifier
+ * @param string $token Session token
*
* @return bool true if the user session is valid, false otherwise
*/
*
* @return bool true if the user session is valid, false otherwise
*/
- public function checkLoginState($server, & $session, $cookie, $webPath, $token)
+ public function checkLoginState(& $session, $cookie, $webPath, $clientIpId, $token)
{
if (! $this->configManager->exists('credentials.login')) {
// Shaarli is not configured yet
{
if (! $this->configManager->exists('credentials.login')) {
// Shaarli is not configured yet
- $clientIpId = client_ip_id($server);
-
if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
&& $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
) {
if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
&& $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
) {
/**
* Check user credentials are valid
*
/**
* Check user credentials are valid
*
- * @param array $server The $_SERVER array
- * @param string $login Username
- * @param string $password Password
+ * @param string $remoteIp Remote client IP address
+ * @param string $clientIpId Client IP address identifier
+ * @param string $login Username
+ * @param string $password Password
*
* @return bool true if the provided credentials are valid, false otherwise
*/
*
* @return bool true if the provided credentials are valid, false otherwise
*/
- public function checkCredentials($server, $login, $password)
+ public function checkCredentials($remoteIp, $clientIpId, $login, $password)
{
$hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
{
$hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
) {
logm(
$this->configManager->get('resource.log'),
) {
logm(
$this->configManager->get('resource.log'),
- $server['REMOTE_ADDR'],
'Login failed for user ' . $login
);
return false;
}
'Login failed for user ' . $login
);
return false;
}
- $clientIpId = client_ip_id($server);
$this->sessionManager->storeLoginInfo($clientIpId);
logm(
$this->configManager->get('resource.log'),
$this->sessionManager->storeLoginInfo($clientIpId);
logm(
$this->configManager->get('resource.log'),
- $server['REMOTE_ADDR'],
'Login successful'
);
return true;
'Login successful'
);
return true;
$conf = new ConfigManager();
$sessionManager = new SessionManager($_SESSION, $conf);
$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
$conf = new ConfigManager();
$sessionManager = new SessionManager($_SESSION, $conf);
$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
+$clientIpId = client_ip_id($_SERVER);
// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
if (! defined('LC_MESSAGES')) {
// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
if (! defined('LC_MESSAGES')) {
// a token depending of deployment salt, user password, and the current ip
define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
// a token depending of deployment salt, user password, and the current ip
define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
-$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN);
+$loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN);
/**
* Adapter function for PageBuilder
/**
* Adapter function for PageBuilder
}
if (isset($_POST['password'])
&& $sessionManager->checkToken($_POST['token'])
}
if (isset($_POST['password'])
&& $sessionManager->checkToken($_POST['token'])
- && $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password'])
+ && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
) {
// Login/password is OK.
$loginManager->handleSuccessfulLogin($_SERVER);
) {
// Login/password is OK.
$loginManager->handleSuccessfulLogin($_SERVER);