aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--application/LoginManager.php28
-rw-r--r--index.php5
2 files changed, 16 insertions, 17 deletions
diff --git a/application/LoginManager.php b/application/LoginManager.php
index 347fb3b9..5ce836fa 100644
--- a/application/LoginManager.php
+++ b/application/LoginManager.php
@@ -48,15 +48,15 @@ class LoginManager
48 /** 48 /**
49 * Check user session state and validity (expiration) 49 * Check user session state and validity (expiration)
50 * 50 *
51 * @param array $server The $_SERVER array 51 * @param array $session The $_SESSION array (reference)
52 * @param array $session The $_SESSION array (reference) 52 * @param array $cookie The $_COOKIE array
53 * @param array $cookie The $_COOKIE array 53 * @param string $webPath Path on the server in which the cookie will be available on
54 * @param string $webPath Path on the server in which the cookie will be available on 54 * @param string $clientIpId Client IP address identifier
55 * @param string $token Session token 55 * @param string $token Session token
56 * 56 *
57 * @return bool true if the user session is valid, false otherwise 57 * @return bool true if the user session is valid, false otherwise
58 */ 58 */
59 public function checkLoginState($server, & $session, $cookie, $webPath, $token) 59 public function checkLoginState(& $session, $cookie, $webPath, $clientIpId, $token)
60 { 60 {
61 if (! $this->configManager->exists('credentials.login')) { 61 if (! $this->configManager->exists('credentials.login')) {
62 // Shaarli is not configured yet 62 // Shaarli is not configured yet
@@ -64,8 +64,6 @@ class LoginManager
64 return; 64 return;
65 } 65 }
66 66
67 $clientIpId = client_ip_id($server);
68
69 if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE]) 67 if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
70 && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token 68 && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
71 ) { 69 ) {
@@ -100,13 +98,14 @@ class LoginManager
100 /** 98 /**
101 * Check user credentials are valid 99 * Check user credentials are valid
102 * 100 *
103 * @param array $server The $_SERVER array 101 * @param string $remoteIp Remote client IP address
104 * @param string $login Username 102 * @param string $clientIpId Client IP address identifier
105 * @param string $password Password 103 * @param string $login Username
104 * @param string $password Password
106 * 105 *
107 * @return bool true if the provided credentials are valid, false otherwise 106 * @return bool true if the provided credentials are valid, false otherwise
108 */ 107 */
109 public function checkCredentials($server, $login, $password) 108 public function checkCredentials($remoteIp, $clientIpId, $login, $password)
110 { 109 {
111 $hash = sha1($password . $login . $this->configManager->get('credentials.salt')); 110 $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
112 111
@@ -115,17 +114,16 @@ class LoginManager
115 ) { 114 ) {
116 logm( 115 logm(
117 $this->configManager->get('resource.log'), 116 $this->configManager->get('resource.log'),
118 $server['REMOTE_ADDR'], 117 $remoteIp,
119 'Login failed for user ' . $login 118 'Login failed for user ' . $login
120 ); 119 );
121 return false; 120 return false;
122 } 121 }
123 122
124 $clientIpId = client_ip_id($server);
125 $this->sessionManager->storeLoginInfo($clientIpId); 123 $this->sessionManager->storeLoginInfo($clientIpId);
126 logm( 124 logm(
127 $this->configManager->get('resource.log'), 125 $this->configManager->get('resource.log'),
128 $server['REMOTE_ADDR'], 126 $remoteIp,
129 'Login successful' 127 'Login successful'
130 ); 128 );
131 return true; 129 return true;
diff --git a/index.php b/index.php
index 5e15b9c2..04b0e4ba 100644
--- a/index.php
+++ b/index.php
@@ -123,6 +123,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli']))
123$conf = new ConfigManager(); 123$conf = new ConfigManager();
124$sessionManager = new SessionManager($_SESSION, $conf); 124$sessionManager = new SessionManager($_SESSION, $conf);
125$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); 125$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
126$clientIpId = client_ip_id($_SERVER);
126 127
127// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. 128// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
128if (! defined('LC_MESSAGES')) { 129if (! defined('LC_MESSAGES')) {
@@ -178,7 +179,7 @@ if (! is_file($conf->getConfigFileExt())) {
178// a token depending of deployment salt, user password, and the current ip 179// a token depending of deployment salt, user password, and the current ip
179define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 180define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
180 181
181$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN); 182$loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN);
182 183
183/** 184/**
184 * Adapter function for PageBuilder 185 * Adapter function for PageBuilder
@@ -200,7 +201,7 @@ if (isset($_POST['login'])) {
200 } 201 }
201 if (isset($_POST['password']) 202 if (isset($_POST['password'])
202 && $sessionManager->checkToken($_POST['token']) 203 && $sessionManager->checkToken($_POST['token'])
203 && $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password']) 204 && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
204 ) { 205 ) {
205 // Login/password is OK. 206 // Login/password is OK.
206 $loginManager->handleSuccessfulLogin($_SERVER); 207 $loginManager->handleSuccessfulLogin($_SERVER);