aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-05-06 17:06:36 +0200
committerVirtualTam <virtualtam@flibidi.net>2018-06-02 16:46:06 +0200
commitc689e108639a4f6aa9e15928422e14db7cbe30ca (patch)
tree4c118404cc33f2542c01787b638581ba02bbb8bb /index.php
parent51f0128cdba52099c40693379e72f094b42a6f80 (diff)
downloadShaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.gz
Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.tar.zst
Shaarli-c689e108639a4f6aa9e15928422e14db7cbe30ca.zip
Refactor LoginManager stay-signed-in token management
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'index.php')
-rw-r--r--index.php12
1 files changed, 5 insertions, 7 deletions
diff --git a/index.php b/index.php
index 8e3bade0..c34434dd 100644
--- a/index.php
+++ b/index.php
@@ -123,6 +123,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli']))
123$conf = new ConfigManager(); 123$conf = new ConfigManager();
124$sessionManager = new SessionManager($_SESSION, $conf); 124$sessionManager = new SessionManager($_SESSION, $conf);
125$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); 125$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
126$loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']);
126$clientIpId = client_ip_id($_SERVER); 127$clientIpId = client_ip_id($_SERVER);
127 128
128// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. 129// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
@@ -176,10 +177,7 @@ if (! is_file($conf->getConfigFileExt())) {
176 install($conf, $sessionManager); 177 install($conf, $sessionManager);
177} 178}
178 179
179// a token depending of deployment salt, user password, and the current ip 180$loginManager->checkLoginState($_COOKIE, $clientIpId);
180define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
181
182$loginManager->checkLoginState($_COOKIE, $clientIpId, STAY_SIGNED_IN_TOKEN);
183 181
184/** 182/**
185 * Adapter function to ensure compatibility with third-party templates 183 * Adapter function to ensure compatibility with third-party templates
@@ -219,8 +217,8 @@ if (isset($_POST['login'])) {
219 $expirationTime = $sessionManager->extendSession(); 217 $expirationTime = $sessionManager->extendSession();
220 218
221 setcookie( 219 setcookie(
222 $sessionManager::$LOGGED_IN_COOKIE, 220 $loginManager::$STAY_SIGNED_IN_COOKIE,
223 STAY_SIGNED_IN_TOKEN, 221 $loginManager->getStaySignedInToken(),
224 $expirationTime, 222 $expirationTime,
225 WEB_PATH 223 WEB_PATH
226 ); 224 );
@@ -595,7 +593,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager,
595 { 593 {
596 invalidateCaches($conf->get('resource.page_cache')); 594 invalidateCaches($conf->get('resource.page_cache'));
597 $sessionManager->logout(); 595 $sessionManager->logout();
598 setcookie(SessionManager::$LOGGED_IN_COOKIE, 'false', 0, WEB_PATH); 596 setcookie(LoginManager::$STAY_SIGNED_IN_COOKIE, 'false', 0, WEB_PATH);
599 header('Location: ?'); 597 header('Location: ?');
600 exit; 598 exit;
601 } 599 }