aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/LoginManager.php
diff options
context:
space:
mode:
Diffstat (limited to 'application/LoginManager.php')
-rw-r--r--application/LoginManager.php27
1 files changed, 10 insertions, 17 deletions
diff --git a/application/LoginManager.php b/application/LoginManager.php
index d81c6c05..347fb3b9 100644
--- a/application/LoginManager.php
+++ b/application/LoginManager.php
@@ -1,6 +1,8 @@
1<?php 1<?php
2namespace Shaarli; 2namespace Shaarli;
3 3
4use Shaarli\Config\ConfigManager;
5
4/** 6/**
5 * User login management 7 * User login management
6 */ 8 */
@@ -62,34 +64,24 @@ class LoginManager
62 return; 64 return;
63 } 65 }
64 66
67 $clientIpId = client_ip_id($server);
68
65 if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE]) 69 if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
66 && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token 70 && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
67 ) { 71 ) {
68 $this->sessionManager->storeLoginInfo($server); 72 $this->sessionManager->storeLoginInfo($clientIpId);
69 $this->isLoggedIn = true; 73 $this->isLoggedIn = true;
70 } 74 }
71 75
72 // Logout when: 76 if ($this->sessionManager->hasSessionExpired()
73 // - the session does not exist on the server side 77 || $this->sessionManager->hasClientIpChanged($clientIpId)
74 // - the session has expired
75 // - the client IP address has changed
76 if (empty($session['uid'])
77 || ($this->configManager->get('security.session_protection_disabled') === false
78 && $session['ip'] != client_ip_id($server))
79 || time() >= $session['expires_on']
80 ) { 78 ) {
81 $this->sessionManager->logout($webPath); 79 $this->sessionManager->logout($webPath);
82 $this->isLoggedIn = false; 80 $this->isLoggedIn = false;
83 return; 81 return;
84 } 82 }
85 83
86 // Extend session validity 84 $this->sessionManager->extendSession();
87 if (! empty($session['longlastingsession'])) {
88 // "Stay signed in" is enabled
89 $session['expires_on'] = time() + $session['longlastingsession'];
90 } else {
91 $session['expires_on'] = time() + SessionManager::$INACTIVITY_TIMEOUT;
92 }
93 } 85 }
94 86
95 /** 87 /**
@@ -129,7 +121,8 @@ class LoginManager
129 return false; 121 return false;
130 } 122 }
131 123
132 $this->sessionManager->storeLoginInfo($server); 124 $clientIpId = client_ip_id($server);
125 $this->sessionManager->storeLoginInfo($clientIpId);
133 logm( 126 logm(
134 $this->configManager->get('resource.log'), 127 $this->configManager->get('resource.log'),
135 $server['REMOTE_ADDR'], 128 $server['REMOTE_ADDR'],