diff options
| author | VirtualTam <virtualtam@flibidi.net> | 2018-04-18 23:09:45 +0200 |
|---|---|---|
| committer | VirtualTam <virtualtam@flibidi.net> | 2018-06-02 16:46:06 +0200 |
| commit | 847420847455c1339f3302b1b67568ee0f382a11 (patch) | |
| tree | b84194d0f048d12357479c57d16eff40263e8a03 | |
| parent | c7721487b2459e6760cae9d6292b7d39c306d3d6 (diff) | |
| download | Shaarli-847420847455c1339f3302b1b67568ee0f382a11.tar.gz Shaarli-847420847455c1339f3302b1b67568ee0f382a11.tar.zst Shaarli-847420847455c1339f3302b1b67568ee0f382a11.zip | |
Pass the client IP ID to LoginManager
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
| -rw-r--r-- | application/LoginManager.php | 28 | ||||
| -rw-r--r-- | index.php | 5 |
2 files changed, 16 insertions, 17 deletions
diff --git a/application/LoginManager.php b/application/LoginManager.php index 347fb3b9..5ce836fa 100644 --- a/application/LoginManager.php +++ b/application/LoginManager.php | |||
| @@ -48,15 +48,15 @@ class LoginManager | |||
| 48 | /** | 48 | /** |
| 49 | * Check user session state and validity (expiration) | 49 | * Check user session state and validity (expiration) |
| 50 | * | 50 | * |
| 51 | * @param array $server The $_SERVER array | 51 | * @param array $session The $_SESSION array (reference) |
| 52 | * @param array $session The $_SESSION array (reference) | 52 | * @param array $cookie The $_COOKIE array |
| 53 | * @param array $cookie The $_COOKIE array | 53 | * @param string $webPath Path on the server in which the cookie will be available on |
| 54 | * @param string $webPath Path on the server in which the cookie will be available on | 54 | * @param string $clientIpId Client IP address identifier |
| 55 | * @param string $token Session token | 55 | * @param string $token Session token |
| 56 | * | 56 | * |
| 57 | * @return bool true if the user session is valid, false otherwise | 57 | * @return bool true if the user session is valid, false otherwise |
| 58 | */ | 58 | */ |
| 59 | public function checkLoginState($server, & $session, $cookie, $webPath, $token) | 59 | public function checkLoginState(& $session, $cookie, $webPath, $clientIpId, $token) |
| 60 | { | 60 | { |
| 61 | if (! $this->configManager->exists('credentials.login')) { | 61 | if (! $this->configManager->exists('credentials.login')) { |
| 62 | // Shaarli is not configured yet | 62 | // Shaarli is not configured yet |
| @@ -64,8 +64,6 @@ class LoginManager | |||
| 64 | return; | 64 | return; |
| 65 | } | 65 | } |
| 66 | 66 | ||
| 67 | $clientIpId = client_ip_id($server); | ||
| 68 | |||
| 69 | if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE]) | 67 | if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE]) |
| 70 | && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token | 68 | && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token |
| 71 | ) { | 69 | ) { |
| @@ -100,13 +98,14 @@ class LoginManager | |||
| 100 | /** | 98 | /** |
| 101 | * Check user credentials are valid | 99 | * Check user credentials are valid |
| 102 | * | 100 | * |
| 103 | * @param array $server The $_SERVER array | 101 | * @param string $remoteIp Remote client IP address |
| 104 | * @param string $login Username | 102 | * @param string $clientIpId Client IP address identifier |
| 105 | * @param string $password Password | 103 | * @param string $login Username |
| 104 | * @param string $password Password | ||
| 106 | * | 105 | * |
| 107 | * @return bool true if the provided credentials are valid, false otherwise | 106 | * @return bool true if the provided credentials are valid, false otherwise |
| 108 | */ | 107 | */ |
| 109 | public function checkCredentials($server, $login, $password) | 108 | public function checkCredentials($remoteIp, $clientIpId, $login, $password) |
| 110 | { | 109 | { |
| 111 | $hash = sha1($password . $login . $this->configManager->get('credentials.salt')); | 110 | $hash = sha1($password . $login . $this->configManager->get('credentials.salt')); |
| 112 | 111 | ||
| @@ -115,17 +114,16 @@ class LoginManager | |||
| 115 | ) { | 114 | ) { |
| 116 | logm( | 115 | logm( |
| 117 | $this->configManager->get('resource.log'), | 116 | $this->configManager->get('resource.log'), |
| 118 | $server['REMOTE_ADDR'], | 117 | $remoteIp, |
| 119 | 'Login failed for user ' . $login | 118 | 'Login failed for user ' . $login |
| 120 | ); | 119 | ); |
| 121 | return false; | 120 | return false; |
| 122 | } | 121 | } |
| 123 | 122 | ||
| 124 | $clientIpId = client_ip_id($server); | ||
| 125 | $this->sessionManager->storeLoginInfo($clientIpId); | 123 | $this->sessionManager->storeLoginInfo($clientIpId); |
| 126 | logm( | 124 | logm( |
| 127 | $this->configManager->get('resource.log'), | 125 | $this->configManager->get('resource.log'), |
| 128 | $server['REMOTE_ADDR'], | 126 | $remoteIp, |
| 129 | 'Login successful' | 127 | 'Login successful' |
| 130 | ); | 128 | ); |
| 131 | return true; | 129 | return true; |
| @@ -123,6 +123,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) | |||
| 123 | $conf = new ConfigManager(); | 123 | $conf = new ConfigManager(); |
| 124 | $sessionManager = new SessionManager($_SESSION, $conf); | 124 | $sessionManager = new SessionManager($_SESSION, $conf); |
| 125 | $loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); | 125 | $loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); |
| 126 | $clientIpId = client_ip_id($_SERVER); | ||
| 126 | 127 | ||
| 127 | // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. | 128 | // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. |
| 128 | if (! defined('LC_MESSAGES')) { | 129 | if (! defined('LC_MESSAGES')) { |
| @@ -178,7 +179,7 @@ if (! is_file($conf->getConfigFileExt())) { | |||
| 178 | // a token depending of deployment salt, user password, and the current ip | 179 | // a token depending of deployment salt, user password, and the current ip |
| 179 | define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); | 180 | define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); |
| 180 | 181 | ||
| 181 | $loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN); | 182 | $loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN); |
| 182 | 183 | ||
| 183 | /** | 184 | /** |
| 184 | * Adapter function for PageBuilder | 185 | * Adapter function for PageBuilder |
| @@ -200,7 +201,7 @@ if (isset($_POST['login'])) { | |||
| 200 | } | 201 | } |
| 201 | if (isset($_POST['password']) | 202 | if (isset($_POST['password']) |
| 202 | && $sessionManager->checkToken($_POST['token']) | 203 | && $sessionManager->checkToken($_POST['token']) |
| 203 | && $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password']) | 204 | && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password']) |
| 204 | ) { | 205 | ) { |
| 205 | // Login/password is OK. | 206 | // Login/password is OK. |
| 206 | $loginManager->handleSuccessfulLogin($_SERVER); | 207 | $loginManager->handleSuccessfulLogin($_SERVER); |