aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php5
1 files changed, 3 insertions, 2 deletions
diff --git a/index.php b/index.php
index 5e15b9c2..04b0e4ba 100644
--- a/index.php
+++ b/index.php
@@ -123,6 +123,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli']))
123$conf = new ConfigManager(); 123$conf = new ConfigManager();
124$sessionManager = new SessionManager($_SESSION, $conf); 124$sessionManager = new SessionManager($_SESSION, $conf);
125$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); 125$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
126$clientIpId = client_ip_id($_SERVER);
126 127
127// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. 128// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
128if (! defined('LC_MESSAGES')) { 129if (! defined('LC_MESSAGES')) {
@@ -178,7 +179,7 @@ if (! is_file($conf->getConfigFileExt())) {
178// a token depending of deployment salt, user password, and the current ip 179// a token depending of deployment salt, user password, and the current ip
179define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); 180define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
180 181
181$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN); 182$loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN);
182 183
183/** 184/**
184 * Adapter function for PageBuilder 185 * Adapter function for PageBuilder
@@ -200,7 +201,7 @@ if (isset($_POST['login'])) {
200 } 201 }
201 if (isset($_POST['password']) 202 if (isset($_POST['password'])
202 && $sessionManager->checkToken($_POST['token']) 203 && $sessionManager->checkToken($_POST['token'])
203 && $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password']) 204 && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
204 ) { 205 ) {
205 // Login/password is OK. 206 // Login/password is OK.
206 $loginManager->handleSuccessfulLogin($_SERVER); 207 $loginManager->handleSuccessfulLogin($_SERVER);