Process login through Slim controller

author: ArthurHoaro <arthur@hoa.ro> 2020-07-21 20:33:33 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2020-07-23 21:19:21 +0200
commit: a8c11451e8d885a243c1ad52012093ba8d121e2c (patch)
tree: 19caf0ed75f5b26c34f3f979f2b95d3f1232dbae /index.php
parent: c4ad3d4f061d05a01db25aa54dda830ba776792d (diff)
download: Shaarli-a8c11451e8d885a243c1ad52012093ba8d121e2c.tar.gz
Shaarli-a8c11451e8d885a243c1ad52012093ba8d121e2c.tar.zst
Shaarli-a8c11451e8d885a243c1ad52012093ba8d121e2c.zip
1 files changed, 1 insertions, 83 deletions
diff --git a/index.php b/index.php
index 4627438e..1a121f37 100644
--- a/index.php
+++ b/index.php
@@ -160,89 +160,6 @@ header("Pragma: no-cache");
 $loginManager->checkLoginState($clientIpId);
 // ------------------------------------------------------------------------------------------
-// Process login form: Check if login/password is correct.
-if (isset($_POST['login'])) {
-    if (! $loginManager->canLogin($_SERVER)) {
-        die(t('I said: NO. You are banned for the moment. Go away.'));
-    }
-    if (isset($_POST['password'])
-        && $sessionManager->checkToken($_POST['token'])
-        && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
-    ) {
-        $loginManager->handleSuccessfulLogin($_SERVER);
-        $cookiedir = '';
-        if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
-            // Note: Never forget the trailing slash on the cookie path!
-            $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/';
-        }
-        if (!empty($_POST['longlastingsession'])) {
-            // Keep the session cookie even after the browser closes
-            $sessionManager->setStaySignedIn(true);
-            $expirationTime = $sessionManager->extendSession();
-            setcookie(
-                CookieManager::STAY_SIGNED_IN,
-                $loginManager->getStaySignedInToken(),
-                $expirationTime,
-                WEB_PATH
-            );
-        } else {
-            // Standard session expiration (=when browser closes)
-            $expirationTime = 0;
-        }
-        // Send cookie with the new expiration date to the browser
-        session_destroy();
-        session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']);
-        session_start();
-        session_regenerate_id(true);
-        // Optional redirect after login:
-        if (isset($_GET['post'])) {
-            $uri = './?post='. urlencode($_GET['post']);
-            foreach (array('description', 'source', 'title', 'tags') as $param) {
-                if (!empty($_GET[$param])) {
-                    $uri .= '&'.$param.'='.urlencode($_GET[$param]);
-                }
-            }
-            header('Location: '. $uri);
-            exit;
-        }
-        if (isset($_GET['edit_link'])) {
-            header('Location: ./?edit_link='. escape($_GET['edit_link']));
-            exit;
-        }
-        if (isset($_POST['returnurl'])) {
-            // Prevent loops over login screen.
-            if (strpos($_POST['returnurl'], '/login') === false) {
-                header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST']));
-                exit;
-            }
-        }
-        header('Location: ./?');
-        exit;
-    } else {
-        $loginManager->handleFailedLogin($_SERVER);
-        $redir = '?username='. urlencode($_POST['login']);
-        if (isset($_GET['post'])) {
-            $redir .= '&post=' . urlencode($_GET['post']);
-            foreach (array('description', 'source', 'title', 'tags') as $param) {
-                if (!empty($_GET[$param])) {
-                    $redir .= '&' . $param . '=' . urlencode($_GET[$param]);
-                }
-            }
-        }
-        // Redirect to login screen.
-        echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'./login'.$redir.'\';</script>';
-        exit;
-    }
-}
-// ------------------------------------------------------------------------------------------
 // Token management for XSRF protection
 // Token should be used in any form which acts on data (create,update,delete,import...).
 if (!isset($_SESSION['tokens'])) {
@@ -283,6 +200,7 @@ $app->group('', function () {
    $this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index');
    $this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink');
    $this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login');
+    $this->post('/login', '\Shaarli\Front\Controller\Visitor\LoginController:login')->setName('processLogin');
    $this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index');
    $this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud');
    $this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list');
author	ArthurHoaro <arthur@hoa.ro>	2020-07-21 20:33:33 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2020-07-23 21:19:21 +0200
commit	a8c11451e8d885a243c1ad52012093ba8d121e2c (patch)
tree	19caf0ed75f5b26c34f3f979f2b95d3f1232dbae /index.php
parent	c4ad3d4f061d05a01db25aa54dda830ba776792d (diff)
download	Shaarli-a8c11451e8d885a243c1ad52012093ba8d121e2c.tar.gz Shaarli-a8c11451e8d885a243c1ad52012093ba8d121e2c.tar.zst Shaarli-a8c11451e8d885a243c1ad52012093ba8d121e2c.zip

diff --git a/index.php b/index.php index 4627438e..1a121f37 100644 --- a/index.php +++ b/index.php
@@ -160,89 +160,6 @@ header("Pragma: no-cache");
160	$loginManager->checkLoginState($clientIpId);	160	$loginManager->checkLoginState($clientIpId);
161		161
162	// ------------------------------------------------------------------------------------------	162	// ------------------------------------------------------------------------------------------
163	// Process login form: Check if login/password is correct.
164	if (isset($_POST['login'])) {
165	if (! $loginManager->canLogin($_SERVER)) {
166	die(t('I said: NO. You are banned for the moment. Go away.'));
167	}
168	if (isset($_POST['password'])
169	&& $sessionManager->checkToken($_POST['token'])
170	&& $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
171	) {
172	$loginManager->handleSuccessfulLogin($_SERVER);
173
174	$cookiedir = '';
175	if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
176	// Note: Never forget the trailing slash on the cookie path!
177	$cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/';
178	}
179
180	if (!empty($_POST['longlastingsession'])) {
181	// Keep the session cookie even after the browser closes
182	$sessionManager->setStaySignedIn(true);
183	$expirationTime = $sessionManager->extendSession();
184
185	setcookie(
186	CookieManager::STAY_SIGNED_IN,
187	$loginManager->getStaySignedInToken(),
188	$expirationTime,
189	WEB_PATH
190	);
191	} else {
192	// Standard session expiration (=when browser closes)
193	$expirationTime = 0;
194	}
195
196	// Send cookie with the new expiration date to the browser
197	session_destroy();
198	session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']);
199	session_start();
200	session_regenerate_id(true);
201
202	// Optional redirect after login:
203	if (isset($_GET['post'])) {
204	$uri = './?post='. urlencode($_GET['post']);
205	foreach (array('description', 'source', 'title', 'tags') as $param) {
206	if (!empty($_GET[$param])) {
207	$uri .= '&'.$param.'='.urlencode($_GET[$param]);
208	}
209	}
210	header('Location: '. $uri);
211	exit;
212	}
213
214	if (isset($_GET['edit_link'])) {
215	header('Location: ./?edit_link='. escape($_GET['edit_link']));
216	exit;
217	}
218
219	if (isset($_POST['returnurl'])) {
220	// Prevent loops over login screen.
221	if (strpos($_POST['returnurl'], '/login') === false) {
222	header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST']));
223	exit;
224	}
225	}
226	header('Location: ./?');
227	exit;
228	} else {
229	$loginManager->handleFailedLogin($_SERVER);
230	$redir = '?username='. urlencode($_POST['login']);
231	if (isset($_GET['post'])) {
232	$redir .= '&post=' . urlencode($_GET['post']);
233	foreach (array('description', 'source', 'title', 'tags') as $param) {
234	if (!empty($_GET[$param])) {
235	$redir .= '&' . $param . '=' . urlencode($_GET[$param]);
236	}
237	}
238	}
239	// Redirect to login screen.
240	echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'./login'.$redir.'\';</script>';
241	exit;
242	}
243	}
244
245	// ------------------------------------------------------------------------------------------
246	// Token management for XSRF protection	163	// Token management for XSRF protection
247	// Token should be used in any form which acts on data (create,update,delete,import...).	164	// Token should be used in any form which acts on data (create,update,delete,import...).
248	if (!isset($_SESSION['tokens'])) {	165	if (!isset($_SESSION['tokens'])) {
@@ -283,6 +200,7 @@ $app->group('', function () {
283	$this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index');	200	$this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index');
284	$this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink');	201	$this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink');
285	$this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login');	202	$this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login');
		203	$this->post('/login', '\Shaarli\Front\Controller\Visitor\LoginController:login')->setName('processLogin');
286	$this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index');	204	$this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index');
287	$this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud');	205	$this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud');
288	$this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list');	206	$this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list');