aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-02-17 01:46:27 +0100
committerVirtualTam <virtualtam@flibidi.net>2018-05-29 22:53:54 +0200
commit63ea23c2a67d2a1cf6cda79fa2fe49a143571cde (patch)
tree984bc2b373f1a0d190df3f2bbda74b63b1c9b949
parent49f183231662c642ca9df6ceabf43fe128a5ffc1 (diff)
downloadShaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.gz
Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.zst
Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.zip
Refactor user credential validation at login time
Changed: - move login/password verification to LoginManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
-rw-r--r--application/LoginManager.php109
-rw-r--r--index.php144
-rw-r--r--tests/LoginManagerTest.php4
3 files changed, 146 insertions, 111 deletions
diff --git a/application/LoginManager.php b/application/LoginManager.php
index 397bc6e3..8f6bf0da 100644
--- a/application/LoginManager.php
+++ b/application/LoginManager.php
@@ -8,20 +8,123 @@ class LoginManager
8{ 8{
9 protected $globals = []; 9 protected $globals = [];
10 protected $configManager = null; 10 protected $configManager = null;
11 protected $sessionManager = null;
11 protected $banFile = ''; 12 protected $banFile = '';
13 protected $isLoggedIn = false;
14 protected $openShaarli = false;
12 15
13 /** 16 /**
14 * Constructor 17 * Constructor
15 * 18 *
16 * @param array $globals The $GLOBALS array (reference) 19 * @param array $globals The $GLOBALS array (reference)
17 * @param ConfigManager $configManager Configuration Manager instance. 20 * @param ConfigManager $configManager Configuration Manager instance
21 * @param SessionManager $sessionManager SessionManager instance
18 */ 22 */
19 public function __construct(& $globals, $configManager) 23 public function __construct(& $globals, $configManager, $sessionManager)
20 { 24 {
21 $this->globals = &$globals; 25 $this->globals = &$globals;
22 $this->configManager = $configManager; 26 $this->configManager = $configManager;
27 $this->sessionManager = $sessionManager;
23 $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php'); 28 $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php');
24 $this->readBanFile(); 29 $this->readBanFile();
30 if ($this->configManager->get('security.open_shaarli')) {
31 $this->openShaarli = true;
32 }
33 }
34
35 /**
36 * Check user session state and validity (expiration)
37 *
38 * @param array $server The $_SERVER array
39 * @param array $session The $_SESSION array (reference)
40 * @param array $cookie The $_COOKIE array
41 * @param string $webPath Path on the server in which the cookie will be available on
42 * @param string $token Session token
43 *
44 * @return bool true if the user session is valid, false otherwise
45 */
46 public function checkLoginState($server, & $session, $cookie, $webPath, $token)
47 {
48 if (! $this->configManager->exists('credentials.login')) {
49 // Shaarli is not configured yet
50 $this->isLoggedIn = false;
51 return;
52 }
53
54 if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
55 && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
56 ) {
57 $this->sessionManager->storeLoginInfo($server);
58 $this->isLoggedIn = true;
59 }
60
61 // Logout when:
62 // - the session does not exist on the server side
63 // - the session has expired
64 // - the client IP address has changed
65 if (empty($session['uid'])
66 || ($this->configManager->get('security.session_protection_disabled') === false
67 && $session['ip'] != client_ip_id($server))
68 || time() >= $session['expires_on']
69 ) {
70 $this->sessionManager->logout($webPath);
71 $this->isLoggedIn = false;
72 return;
73 }
74
75 // Extend session validity
76 if (! empty($session['longlastingsession'])) {
77 // "Stay signed in" is enabled
78 $session['expires_on'] = time() + $session['longlastingsession'];
79 } else {
80 $session['expires_on'] = time() + SessionManager::$INACTIVITY_TIMEOUT;
81 }
82 }
83
84 /**
85 * Return whether the user is currently logged in
86 *
87 * @return true when the user is logged in, false otherwise
88 */
89 public function isLoggedIn()
90 {
91 if ($this->openShaarli) {
92 return true;
93 }
94 return $this->isLoggedIn;
95 }
96
97 /**
98 * Check user credentials are valid
99 *
100 * @param array $server The $_SERVER array
101 * @param string $login Username
102 * @param string $password Password
103 *
104 * @return bool true if the provided credentials are valid, false otherwise
105 */
106 public function checkCredentials($server, $login, $password)
107 {
108 $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
109
110 if ($login != $this->configManager->get('credentials.login')
111 || $hash != $this->configManager->get('credentials.hash')
112 ) {
113 logm(
114 $this->configManager->get('resource.log'),
115 $server['REMOTE_ADDR'],
116 'Login failed for user ' . $login
117 );
118 return false;
119 }
120
121 $this->sessionManager->storeLoginInfo($server);
122 logm(
123 $this->configManager->get('resource.log'),
124 $server['REMOTE_ADDR'],
125 'Login successful'
126 );
127 return true;
25 } 128 }
26 129
27 /** 130 /**
diff --git a/index.php b/index.php
index 34785209..5e15b9c2 100644
--- a/index.php
+++ b/index.php
@@ -121,8 +121,8 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli']))
121} 121}
122 122
123$conf = new ConfigManager(); 123$conf = new ConfigManager();
124$loginManager = new LoginManager($GLOBALS, $conf);
125$sessionManager = new SessionManager($_SESSION, $conf); 124$sessionManager = new SessionManager($_SESSION, $conf);
125$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
126 126
127// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. 127// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
128if (! defined('LC_MESSAGES')) { 128if (! defined('LC_MESSAGES')) {
@@ -178,88 +178,20 @@ if (! is_file($conf->getConfigFileExt())) {
178// a token depending of deployment salt, user password, and the current ip 178// a token depending of deployment salt, user password, and the current ip
179define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 179define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
180 180
181/** 181$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN);
182 * Checking session state (i.e. is the user still logged in)
183 *
184 * @param ConfigManager $conf Configuration Manager instance.
185 * @param SessionManager $sessionManager SessionManager instance
186 *
187 * @return bool true if the user is logged in, false otherwise.
188 */
189function setup_login_state($conf, $sessionManager)
190{
191 if ($conf->get('security.open_shaarli')) {
192 return true;
193 }
194 $userIsLoggedIn = false; // By default, we do not consider the user as logged in;
195 $loginFailure = false; // If set to true, every attempt to authenticate the user will fail. This indicates that an important condition isn't met.
196 if (! $conf->exists('credentials.login')) {
197 $userIsLoggedIn = false; // Shaarli is not configured yet.
198 $loginFailure = true;
199 }
200 if (isset($_COOKIE[SessionManager::$LOGGED_IN_COOKIE])
201 && $_COOKIE[SessionManager::$LOGGED_IN_COOKIE] === STAY_SIGNED_IN_TOKEN
202 && !$loginFailure
203 ) {
204 $sessionManager->storeLoginInfo($_SERVER);
205 $userIsLoggedIn = true;
206 }
207 // If session does not exist on server side, or IP address has changed, or session has expired, logout.
208 if (empty($_SESSION['uid'])
209 || ($conf->get('security.session_protection_disabled') === false && $_SESSION['ip'] != client_ip_id($_SERVER))
210 || time() >= $_SESSION['expires_on'])
211 {
212 $sessionManager->logout(WEB_PATH);
213 $userIsLoggedIn = false;
214 $loginFailure = true;
215 }
216 if (!empty($_SESSION['longlastingsession'])) {
217 $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // In case of "Stay signed in" checked.
218 } else {
219 $_SESSION['expires_on'] = time() + $sessionManager::$INACTIVITY_TIMEOUT;
220 }
221 if (!$loginFailure) {
222 $userIsLoggedIn = true;
223 }
224
225 return $userIsLoggedIn;
226}
227
228$userIsLoggedIn = setup_login_state($conf, $sessionManager);
229
230// ------------------------------------------------------------------------------------------
231// Session management
232 182
233/** 183/**
234 * Check that user/password is correct. 184 * Adapter function for PageBuilder
235 *
236 * @param string $login Username
237 * @param string $password User password
238 * @param ConfigManager $conf Configuration Manager instance.
239 * @param SessionManager $sessionManager SessionManager instance
240 * 185 *
241 * @return bool: authentication successful or not. 186 * TODO: update PageBuilder and tests
242 */ 187 */
243function check_auth($login, $password, $conf, $sessionManager)
244{
245 $hash = sha1($password . $login . $conf->get('credentials.salt'));
246 if ($login == $conf->get('credentials.login') && $hash == $conf->get('credentials.hash')) {
247 // Login/password is correct.
248 $sessionManager->storeLoginInfo($_SERVER);
249 logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login successful');
250 return true;
251 }
252 logm($conf->get('resource.log'), $_SERVER['REMOTE_ADDR'], 'Login failed for user '.$login);
253 return false;
254}
255
256// Returns true if the user is logged in.
257function isLoggedIn() 188function isLoggedIn()
258{ 189{
259 global $userIsLoggedIn; 190 global $loginManager;
260 return $userIsLoggedIn; 191 return $loginManager->isLoggedIn();
261} 192}
262 193
194
263// ------------------------------------------------------------------------------------------ 195// ------------------------------------------------------------------------------------------
264// Process login form: Check if login/password is correct. 196// Process login form: Check if login/password is correct.
265if (isset($_POST['login'])) { 197if (isset($_POST['login'])) {
@@ -268,7 +200,7 @@ if (isset($_POST['login'])) {
268 } 200 }
269 if (isset($_POST['password']) 201 if (isset($_POST['password'])
270 && $sessionManager->checkToken($_POST['token']) 202 && $sessionManager->checkToken($_POST['token'])
271 && (check_auth($_POST['login'], $_POST['password'], $conf, $sessionManager)) 203 && $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password'])
272 ) { 204 ) {
273 // Login/password is OK. 205 // Login/password is OK.
274 $loginManager->handleSuccessfulLogin($_SERVER); 206 $loginManager->handleSuccessfulLogin($_SERVER);
@@ -347,15 +279,16 @@ if (!isset($_SESSION['tokens'])) $_SESSION['tokens']=array(); // Token are atta
347 * Gives the last 7 days (which have links). 279 * Gives the last 7 days (which have links).
348 * This RSS feed cannot be filtered. 280 * This RSS feed cannot be filtered.
349 * 281 *
350 * @param ConfigManager $conf Configuration Manager instance. 282 * @param ConfigManager $conf Configuration Manager instance
283 * @param LoginManager $loginManager LoginManager instance
351 */ 284 */
352function showDailyRSS($conf) { 285function showDailyRSS($conf, $loginManager) {
353 // Cache system 286 // Cache system
354 $query = $_SERVER['QUERY_STRING']; 287 $query = $_SERVER['QUERY_STRING'];
355 $cache = new CachedPage( 288 $cache = new CachedPage(
356 $conf->get('config.PAGE_CACHE'), 289 $conf->get('config.PAGE_CACHE'),
357 page_url($_SERVER), 290 page_url($_SERVER),
358 startsWith($query,'do=dailyrss') && !isLoggedIn() 291 startsWith($query,'do=dailyrss') && !$loginManager->isLoggedIn()
359 ); 292 );
360 $cached = $cache->cachedVersion(); 293 $cached = $cache->cachedVersion();
361 if (!empty($cached)) { 294 if (!empty($cached)) {
@@ -367,7 +300,7 @@ function showDailyRSS($conf) {
367 // Read links from database (and filter private links if used it not logged in). 300 // Read links from database (and filter private links if used it not logged in).
368 $LINKSDB = new LinkDB( 301 $LINKSDB = new LinkDB(
369 $conf->get('resource.datastore'), 302 $conf->get('resource.datastore'),
370 isLoggedIn(), 303 $loginManager->isLoggedIn(),
371 $conf->get('privacy.hide_public_links'), 304 $conf->get('privacy.hide_public_links'),
372 $conf->get('redirector.url'), 305 $conf->get('redirector.url'),
373 $conf->get('redirector.encode_url') 306 $conf->get('redirector.encode_url')
@@ -509,7 +442,7 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
509 442
510 /* Hook is called before column construction so that plugins don't have 443 /* Hook is called before column construction so that plugins don't have
511 to deal with columns. */ 444 to deal with columns. */
512 $pluginManager->executeHooks('render_daily', $data, array('loggedin' => isLoggedIn())); 445 $pluginManager->executeHooks('render_daily', $data, array('loggedin' => $loginManager->isLoggedIn()));
513 446
514 /* We need to spread the articles on 3 columns. 447 /* We need to spread the articles on 3 columns.
515 I did not want to use a JavaScript lib like http://masonry.desandro.com/ 448 I did not want to use a JavaScript lib like http://masonry.desandro.com/
@@ -553,8 +486,8 @@ function showDaily($pageBuilder, $LINKSDB, $conf, $pluginManager)
553 * @param ConfigManager $conf Configuration Manager instance. 486 * @param ConfigManager $conf Configuration Manager instance.
554 * @param PluginManager $pluginManager Plugin Manager instance. 487 * @param PluginManager $pluginManager Plugin Manager instance.
555 */ 488 */
556function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager) { 489function showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager) {
557 buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager); // Compute list of links to display 490 buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager, $loginManager);
558 $PAGE->renderPage('linklist'); 491 $PAGE->renderPage('linklist');
559} 492}
560 493
@@ -574,7 +507,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
574 read_updates_file($conf->get('resource.updates')), 507 read_updates_file($conf->get('resource.updates')),
575 $LINKSDB, 508 $LINKSDB,
576 $conf, 509 $conf,
577 isLoggedIn() 510 $loginManager->isLoggedIn()
578 ); 511 );
579 try { 512 try {
580 $newUpdates = $updater->update(); 513 $newUpdates = $updater->update();
@@ -596,11 +529,11 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
596 529
597 // Determine which page will be rendered. 530 // Determine which page will be rendered.
598 $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : ''; 531 $query = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : '';
599 $targetPage = Router::findPage($query, $_GET, isLoggedIn()); 532 $targetPage = Router::findPage($query, $_GET, $loginManager->isLoggedIn());
600 533
601 if ( 534 if (
602 // if the user isn't logged in 535 // if the user isn't logged in
603 !isLoggedIn() && 536 !$loginManager->isLoggedIn() &&
604 // and Shaarli doesn't have public content... 537 // and Shaarli doesn't have public content...
605 $conf->get('privacy.hide_public_links') && 538 $conf->get('privacy.hide_public_links') &&
606 // and is configured to enforce the login 539 // and is configured to enforce the login
@@ -628,7 +561,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
628 $pluginManager->executeHooks('render_' . $name, $plugin_data, 561 $pluginManager->executeHooks('render_' . $name, $plugin_data,
629 array( 562 array(
630 'target' => $targetPage, 563 'target' => $targetPage,
631 'loggedin' => isLoggedIn() 564 'loggedin' => $loginManager->isLoggedIn()
632 ) 565 )
633 ); 566 );
634 $PAGE->assign('plugins_' . $name, $plugin_data); 567 $PAGE->assign('plugins_' . $name, $plugin_data);
@@ -680,7 +613,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
680 $data = array( 613 $data = array(
681 'linksToDisplay' => $linksToDisplay, 614 'linksToDisplay' => $linksToDisplay,
682 ); 615 );
683 $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => isLoggedIn())); 616 $pluginManager->executeHooks('render_picwall', $data, array('loggedin' => $loginManager->isLoggedIn()));
684 617
685 foreach ($data as $key => $value) { 618 foreach ($data as $key => $value) {
686 $PAGE->assign($key, $value); 619 $PAGE->assign($key, $value);
@@ -727,7 +660,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
727 'search_tags' => $searchTags, 660 'search_tags' => $searchTags,
728 'tags' => $tagList, 661 'tags' => $tagList,
729 ); 662 );
730 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => isLoggedIn())); 663 $pluginManager->executeHooks('render_tagcloud', $data, array('loggedin' => $loginManager->isLoggedIn()));
731 664
732 foreach ($data as $key => $value) { 665 foreach ($data as $key => $value) {
733 $PAGE->assign($key, $value); 666 $PAGE->assign($key, $value);
@@ -760,7 +693,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
760 'search_tags' => $searchTags, 693 'search_tags' => $searchTags,
761 'tags' => $tags, 694 'tags' => $tags,
762 ]; 695 ];
763 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => isLoggedIn()]); 696 $pluginManager->executeHooks('render_taglist', $data, ['loggedin' => $loginManager->isLoggedIn()]);
764 697
765 foreach ($data as $key => $value) { 698 foreach ($data as $key => $value) {
766 $PAGE->assign($key, $value); 699 $PAGE->assign($key, $value);
@@ -787,7 +720,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
787 $cache = new CachedPage( 720 $cache = new CachedPage(
788 $conf->get('resource.page_cache'), 721 $conf->get('resource.page_cache'),
789 page_url($_SERVER), 722 page_url($_SERVER),
790 startsWith($query,'do='. $targetPage) && !isLoggedIn() 723 startsWith($query,'do='. $targetPage) && !$loginManager->isLoggedIn()
791 ); 724 );
792 $cached = $cache->cachedVersion(); 725 $cached = $cache->cachedVersion();
793 if (!empty($cached)) { 726 if (!empty($cached)) {
@@ -796,15 +729,15 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
796 } 729 }
797 730
798 // Generate data. 731 // Generate data.
799 $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, isLoggedIn()); 732 $feedGenerator = new FeedBuilder($LINKSDB, $feedType, $_SERVER, $_GET, $loginManager->isLoggedIn());
800 $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0))); 733 $feedGenerator->setLocale(strtolower(setlocale(LC_COLLATE, 0)));
801 $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !isLoggedIn()); 734 $feedGenerator->setHideDates($conf->get('privacy.hide_timestamps') && !$loginManager->isLoggedIn());
802 $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks')); 735 $feedGenerator->setUsePermalinks(isset($_GET['permalinks']) || !$conf->get('feed.rss_permalinks'));
803 $data = $feedGenerator->buildData(); 736 $data = $feedGenerator->buildData();
804 737
805 // Process plugin hook. 738 // Process plugin hook.
806 $pluginManager->executeHooks('render_feed', $data, array( 739 $pluginManager->executeHooks('render_feed', $data, array(
807 'loggedin' => isLoggedIn(), 740 'loggedin' => $loginManager->isLoggedIn(),
808 'target' => $targetPage, 741 'target' => $targetPage,
809 )); 742 ));
810 743
@@ -952,7 +885,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
952 } 885 }
953 886
954 // -------- Handle other actions allowed for non-logged in users: 887 // -------- Handle other actions allowed for non-logged in users:
955 if (!isLoggedIn()) 888 if (!$loginManager->isLoggedIn())
956 { 889 {
957 // User tries to post new link but is not logged in: 890 // User tries to post new link but is not logged in:
958 // Show login screen, then redirect to ?post=... 891 // Show login screen, then redirect to ?post=...
@@ -968,7 +901,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
968 exit; 901 exit;
969 } 902 }
970 903
971 showLinkList($PAGE, $LINKSDB, $conf, $pluginManager); 904 showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager);
972 if (isset($_GET['edit_link'])) { 905 if (isset($_GET['edit_link'])) {
973 header('Location: ?do=login&edit_link='. escape($_GET['edit_link'])); 906 header('Location: ?do=login&edit_link='. escape($_GET['edit_link']));
974 exit; 907 exit;
@@ -1019,7 +952,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1019 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand())); 952 $conf->set('credentials.salt', sha1(uniqid('', true) .'_'. mt_rand()));
1020 $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt'))); 953 $conf->set('credentials.hash', sha1($_POST['setpassword'] . $conf->get('credentials.login') . $conf->get('credentials.salt')));
1021 try { 954 try {
1022 $conf->write(isLoggedIn()); 955 $conf->write($loginManager->isLoggedIn());
1023 } 956 }
1024 catch(Exception $e) { 957 catch(Exception $e) {
1025 error_log( 958 error_log(
@@ -1070,7 +1003,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1070 $conf->set('translation.language', escape($_POST['language'])); 1003 $conf->set('translation.language', escape($_POST['language']));
1071 1004
1072 try { 1005 try {
1073 $conf->write(isLoggedIn()); 1006 $conf->write($loginManager->isLoggedIn());
1074 $history->updateSettings(); 1007 $history->updateSettings();
1075 invalidateCaches($conf->get('resource.page_cache')); 1008 invalidateCaches($conf->get('resource.page_cache'));
1076 } 1009 }
@@ -1522,7 +1455,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1522 else { 1455 else {
1523 $conf->set('general.enabled_plugins', save_plugin_config($_POST)); 1456 $conf->set('general.enabled_plugins', save_plugin_config($_POST));
1524 } 1457 }
1525 $conf->write(isLoggedIn()); 1458 $conf->write($loginManager->isLoggedIn());
1526 $history->updateSettings(); 1459 $history->updateSettings();
1527 } 1460 }
1528 catch (Exception $e) { 1461 catch (Exception $e) {
@@ -1547,7 +1480,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1547 } 1480 }
1548 1481
1549 // -------- Otherwise, simply display search form and links: 1482 // -------- Otherwise, simply display search form and links:
1550 showLinkList($PAGE, $LINKSDB, $conf, $pluginManager); 1483 showLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager);
1551 exit; 1484 exit;
1552} 1485}
1553 1486
@@ -1559,8 +1492,9 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
1559 * @param LinkDB $LINKSDB LinkDB instance. 1492 * @param LinkDB $LINKSDB LinkDB instance.
1560 * @param ConfigManager $conf Configuration Manager instance. 1493 * @param ConfigManager $conf Configuration Manager instance.
1561 * @param PluginManager $pluginManager Plugin Manager instance. 1494 * @param PluginManager $pluginManager Plugin Manager instance.
1495 * @param LoginManager $loginManager LoginManager instance
1562 */ 1496 */
1563function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager) 1497function buildLinkList($PAGE, $LINKSDB, $conf, $pluginManager, $loginManager)
1564{ 1498{
1565 // Used in templates 1499 // Used in templates
1566 if (isset($_GET['searchtags'])) { 1500 if (isset($_GET['searchtags'])) {
@@ -1599,8 +1533,6 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
1599 $keys[] = $key; 1533 $keys[] = $key;
1600 } 1534 }
1601 1535
1602
1603
1604 // Select articles according to paging. 1536 // Select articles according to paging.
1605 $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']); 1537 $pagecount = ceil(count($keys) / $_SESSION['LINKS_PER_PAGE']);
1606 $pagecount = $pagecount == 0 ? 1 : $pagecount; 1538 $pagecount = $pagecount == 0 ? 1 : $pagecount;
@@ -1681,7 +1613,7 @@ function buildLinkList($PAGE,$LINKSDB, $conf, $pluginManager)
1681 $data['pagetitle'] .= '- '. $conf->get('general.title'); 1613 $data['pagetitle'] .= '- '. $conf->get('general.title');
1682 } 1614 }
1683 1615
1684 $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => isLoggedIn())); 1616 $pluginManager->executeHooks('render_linklist', $data, array('loggedin' => $loginManager->isLoggedIn()));
1685 1617
1686 foreach ($data as $key => $value) { 1618 foreach ($data as $key => $value) {
1687 $PAGE->assign($key, $value); 1619 $PAGE->assign($key, $value);
@@ -1952,7 +1884,7 @@ function install($conf, $sessionManager) {
1952 ); 1884 );
1953 try { 1885 try {
1954 // Everything is ok, let's create config file. 1886 // Everything is ok, let's create config file.
1955 $conf->write(isLoggedIn()); 1887 $conf->write($loginManager->isLoggedIn());
1956 } 1888 }
1957 catch(Exception $e) { 1889 catch(Exception $e) {
1958 error_log( 1890 error_log(
@@ -2216,7 +2148,7 @@ try {
2216 2148
2217$linkDb = new LinkDB( 2149$linkDb = new LinkDB(
2218 $conf->get('resource.datastore'), 2150 $conf->get('resource.datastore'),
2219 isLoggedIn(), 2151 $loginManager->isLoggedIn(),
2220 $conf->get('privacy.hide_public_links'), 2152 $conf->get('privacy.hide_public_links'),
2221 $conf->get('redirector.url'), 2153 $conf->get('redirector.url'),
2222 $conf->get('redirector.encode_url') 2154 $conf->get('redirector.encode_url')
diff --git a/tests/LoginManagerTest.php b/tests/LoginManagerTest.php
index 4159038e..27ca0db5 100644
--- a/tests/LoginManagerTest.php
+++ b/tests/LoginManagerTest.php
@@ -38,7 +38,7 @@ class LoginManagerTest extends TestCase
38 $this->globals = &$GLOBALS; 38 $this->globals = &$GLOBALS;
39 unset($this->globals['IPBANS']); 39 unset($this->globals['IPBANS']);
40 40
41 $this->loginManager = new LoginManager($this->globals, $this->configManager); 41 $this->loginManager = new LoginManager($this->globals, $this->configManager, null);
42 $this->server['REMOTE_ADDR'] = $this->ipAddr; 42 $this->server['REMOTE_ADDR'] = $this->ipAddr;
43 } 43 }
44 44
@@ -59,7 +59,7 @@ class LoginManagerTest extends TestCase
59 $this->banFile, 59 $this->banFile,
60 "<?php\n\$GLOBALS['IPBANS']=array('FAILURES' => array('127.0.0.1' => 99));\n?>" 60 "<?php\n\$GLOBALS['IPBANS']=array('FAILURES' => array('127.0.0.1' => 99));\n?>"
61 ); 61 );
62 new LoginManager($this->globals, $this->configManager); 62 new LoginManager($this->globals, $this->configManager, null);
63 $this->assertEquals(99, $this->globals['IPBANS']['FAILURES']['127.0.0.1']); 63 $this->assertEquals(99, $this->globals['IPBANS']['FAILURES']['127.0.0.1']);
64 } 64 }
65 65