From 847420847455c1339f3302b1b67568ee0f382a11 Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Wed, 18 Apr 2018 23:09:45 +0200
Subject: [PATCH] Pass the client IP ID to LoginManager

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 application/LoginManager.php | 28 +++++++++++++---------------
 index.php                    |  5 +++--
 2 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/application/LoginManager.php b/application/LoginManager.php
index 347fb3b9..5ce836fa 100644
--- a/application/LoginManager.php
+++ b/application/LoginManager.php
@@ -48,15 +48,15 @@ class LoginManager
     /**
      * Check user session state and validity (expiration)
      *
-     * @param array  $server  The $_SERVER array
-     * @param array  $session The $_SESSION array (reference)
-     * @param array  $cookie  The $_COOKIE array
-     * @param string $webPath Path on the server in which the cookie will be available on
-     * @param string $token   Session token
+     * @param array  $session    The $_SESSION array (reference)
+     * @param array  $cookie     The $_COOKIE array
+     * @param string $webPath    Path on the server in which the cookie will be available on
+     * @param string $clientIpId Client IP address identifier
+     * @param string $token      Session token
      *
      * @return bool true if the user session is valid, false otherwise
      */
-    public function checkLoginState($server, & $session, $cookie, $webPath, $token)
+    public function checkLoginState(& $session, $cookie, $webPath, $clientIpId, $token)
     {
         if (! $this->configManager->exists('credentials.login')) {
             // Shaarli is not configured yet
@@ -64,8 +64,6 @@ class LoginManager
             return;
         }
 
-        $clientIpId = client_ip_id($server);
-
         if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
             && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
         ) {
@@ -100,13 +98,14 @@ class LoginManager
     /**
      * Check user credentials are valid
      *
-     * @param array  $server   The $_SERVER array
-     * @param string $login    Username
-     * @param string $password Password
+     * @param string $remoteIp   Remote client IP address
+     * @param string $clientIpId Client IP address identifier
+     * @param string $login      Username
+     * @param string $password   Password
      *
      * @return bool true if the provided credentials are valid, false otherwise
      */
-    public function checkCredentials($server, $login, $password)
+    public function checkCredentials($remoteIp, $clientIpId, $login, $password)
     {
         $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
 
@@ -115,17 +114,16 @@ class LoginManager
         ) {
             logm(
                 $this->configManager->get('resource.log'),
-                $server['REMOTE_ADDR'],
+                $remoteIp,
                 'Login failed for user ' . $login
             );
             return false;
         }
 
-        $clientIpId = client_ip_id($server);
         $this->sessionManager->storeLoginInfo($clientIpId);
         logm(
             $this->configManager->get('resource.log'),
-            $server['REMOTE_ADDR'],
+            $remoteIp,
             'Login successful'
         );
         return true;
diff --git a/index.php b/index.php
index 5e15b9c2..04b0e4ba 100644
--- a/index.php
+++ b/index.php
@@ -123,6 +123,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli']))
 $conf = new ConfigManager();
 $sessionManager = new SessionManager($_SESSION, $conf);
 $loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
+$clientIpId = client_ip_id($_SERVER);
 
 // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
 if (! defined('LC_MESSAGES')) {
@@ -178,7 +179,7 @@ if (! is_file($conf->getConfigFileExt())) {
 // a token depending of deployment salt, user password, and the current ip
 define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
 
-$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN);
+$loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN);
 
 /**
  * Adapter function for PageBuilder
@@ -200,7 +201,7 @@ if (isset($_POST['login'])) {
     }
     if (isset($_POST['password'])
         && $sessionManager->checkToken($_POST['token'])
-        && $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password'])
+        && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
     ) {
         // Login/password is OK.
         $loginManager->handleSuccessfulLogin($_SERVER);
-- 
2.41.0