aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-02-17 01:46:27 +0100
committerVirtualTam <virtualtam@flibidi.net>2018-05-29 22:53:54 +0200
commit63ea23c2a67d2a1cf6cda79fa2fe49a143571cde (patch)
tree984bc2b373f1a0d190df3f2bbda74b63b1c9b949 /application
parent49f183231662c642ca9df6ceabf43fe128a5ffc1 (diff)
downloadShaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.gz
Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.tar.zst
Shaarli-63ea23c2a67d2a1cf6cda79fa2fe49a143571cde.zip
Refactor user credential validation at login time
Changed: - move login/password verification to LoginManager - code cleanup Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'application')
-rw-r--r--application/LoginManager.php109
1 files changed, 106 insertions, 3 deletions
diff --git a/application/LoginManager.php b/application/LoginManager.php
index 397bc6e3..8f6bf0da 100644
--- a/application/LoginManager.php
+++ b/application/LoginManager.php
@@ -8,20 +8,123 @@ class LoginManager
8{ 8{
9 protected $globals = []; 9 protected $globals = [];
10 protected $configManager = null; 10 protected $configManager = null;
11 protected $sessionManager = null;
11 protected $banFile = ''; 12 protected $banFile = '';
13 protected $isLoggedIn = false;
14 protected $openShaarli = false;
12 15
13 /** 16 /**
14 * Constructor 17 * Constructor
15 * 18 *
16 * @param array $globals The $GLOBALS array (reference) 19 * @param array $globals The $GLOBALS array (reference)
17 * @param ConfigManager $configManager Configuration Manager instance. 20 * @param ConfigManager $configManager Configuration Manager instance
21 * @param SessionManager $sessionManager SessionManager instance
18 */ 22 */
19 public function __construct(& $globals, $configManager) 23 public function __construct(& $globals, $configManager, $sessionManager)
20 { 24 {
21 $this->globals = &$globals; 25 $this->globals = &$globals;
22 $this->configManager = $configManager; 26 $this->configManager = $configManager;
27 $this->sessionManager = $sessionManager;
23 $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php'); 28 $this->banFile = $this->configManager->get('resource.ban_file', 'data/ipbans.php');
24 $this->readBanFile(); 29 $this->readBanFile();
30 if ($this->configManager->get('security.open_shaarli')) {
31 $this->openShaarli = true;
32 }
33 }
34
35 /**
36 * Check user session state and validity (expiration)
37 *
38 * @param array $server The $_SERVER array
39 * @param array $session The $_SESSION array (reference)
40 * @param array $cookie The $_COOKIE array
41 * @param string $webPath Path on the server in which the cookie will be available on
42 * @param string $token Session token
43 *
44 * @return bool true if the user session is valid, false otherwise
45 */
46 public function checkLoginState($server, & $session, $cookie, $webPath, $token)
47 {
48 if (! $this->configManager->exists('credentials.login')) {
49 // Shaarli is not configured yet
50 $this->isLoggedIn = false;
51 return;
52 }
53
54 if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
55 && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
56 ) {
57 $this->sessionManager->storeLoginInfo($server);
58 $this->isLoggedIn = true;
59 }
60
61 // Logout when:
62 // - the session does not exist on the server side
63 // - the session has expired
64 // - the client IP address has changed
65 if (empty($session['uid'])
66 || ($this->configManager->get('security.session_protection_disabled') === false
67 && $session['ip'] != client_ip_id($server))
68 || time() >= $session['expires_on']
69 ) {
70 $this->sessionManager->logout($webPath);
71 $this->isLoggedIn = false;
72 return;
73 }
74
75 // Extend session validity
76 if (! empty($session['longlastingsession'])) {
77 // "Stay signed in" is enabled
78 $session['expires_on'] = time() + $session['longlastingsession'];
79 } else {
80 $session['expires_on'] = time() + SessionManager::$INACTIVITY_TIMEOUT;
81 }
82 }
83
84 /**
85 * Return whether the user is currently logged in
86 *
87 * @return true when the user is logged in, false otherwise
88 */
89 public function isLoggedIn()
90 {
91 if ($this->openShaarli) {
92 return true;
93 }
94 return $this->isLoggedIn;
95 }
96
97 /**
98 * Check user credentials are valid
99 *
100 * @param array $server The $_SERVER array
101 * @param string $login Username
102 * @param string $password Password
103 *
104 * @return bool true if the provided credentials are valid, false otherwise
105 */
106 public function checkCredentials($server, $login, $password)
107 {
108 $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
109
110 if ($login != $this->configManager->get('credentials.login')
111 || $hash != $this->configManager->get('credentials.hash')
112 ) {
113 logm(
114 $this->configManager->get('resource.log'),
115 $server['REMOTE_ADDR'],
116 'Login failed for user ' . $login
117 );
118 return false;
119 }
120
121 $this->sessionManager->storeLoginInfo($server);
122 logm(
123 $this->configManager->get('resource.log'),
124 $server['REMOTE_ADDR'],
125 'Login successful'
126 );
127 return true;
25 } 128 }
26 129
27 /** 130 /**