diff options
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 84 |
1 files changed, 1 insertions, 83 deletions
@@ -160,89 +160,6 @@ header("Pragma: no-cache"); | |||
160 | $loginManager->checkLoginState($clientIpId); | 160 | $loginManager->checkLoginState($clientIpId); |
161 | 161 | ||
162 | // ------------------------------------------------------------------------------------------ | 162 | // ------------------------------------------------------------------------------------------ |
163 | // Process login form: Check if login/password is correct. | ||
164 | if (isset($_POST['login'])) { | ||
165 | if (! $loginManager->canLogin($_SERVER)) { | ||
166 | die(t('I said: NO. You are banned for the moment. Go away.')); | ||
167 | } | ||
168 | if (isset($_POST['password']) | ||
169 | && $sessionManager->checkToken($_POST['token']) | ||
170 | && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password']) | ||
171 | ) { | ||
172 | $loginManager->handleSuccessfulLogin($_SERVER); | ||
173 | |||
174 | $cookiedir = ''; | ||
175 | if (dirname($_SERVER['SCRIPT_NAME']) != '/') { | ||
176 | // Note: Never forget the trailing slash on the cookie path! | ||
177 | $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; | ||
178 | } | ||
179 | |||
180 | if (!empty($_POST['longlastingsession'])) { | ||
181 | // Keep the session cookie even after the browser closes | ||
182 | $sessionManager->setStaySignedIn(true); | ||
183 | $expirationTime = $sessionManager->extendSession(); | ||
184 | |||
185 | setcookie( | ||
186 | CookieManager::STAY_SIGNED_IN, | ||
187 | $loginManager->getStaySignedInToken(), | ||
188 | $expirationTime, | ||
189 | WEB_PATH | ||
190 | ); | ||
191 | } else { | ||
192 | // Standard session expiration (=when browser closes) | ||
193 | $expirationTime = 0; | ||
194 | } | ||
195 | |||
196 | // Send cookie with the new expiration date to the browser | ||
197 | session_destroy(); | ||
198 | session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']); | ||
199 | session_start(); | ||
200 | session_regenerate_id(true); | ||
201 | |||
202 | // Optional redirect after login: | ||
203 | if (isset($_GET['post'])) { | ||
204 | $uri = './?post='. urlencode($_GET['post']); | ||
205 | foreach (array('description', 'source', 'title', 'tags') as $param) { | ||
206 | if (!empty($_GET[$param])) { | ||
207 | $uri .= '&'.$param.'='.urlencode($_GET[$param]); | ||
208 | } | ||
209 | } | ||
210 | header('Location: '. $uri); | ||
211 | exit; | ||
212 | } | ||
213 | |||
214 | if (isset($_GET['edit_link'])) { | ||
215 | header('Location: ./?edit_link='. escape($_GET['edit_link'])); | ||
216 | exit; | ||
217 | } | ||
218 | |||
219 | if (isset($_POST['returnurl'])) { | ||
220 | // Prevent loops over login screen. | ||
221 | if (strpos($_POST['returnurl'], '/login') === false) { | ||
222 | header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST'])); | ||
223 | exit; | ||
224 | } | ||
225 | } | ||
226 | header('Location: ./?'); | ||
227 | exit; | ||
228 | } else { | ||
229 | $loginManager->handleFailedLogin($_SERVER); | ||
230 | $redir = '?username='. urlencode($_POST['login']); | ||
231 | if (isset($_GET['post'])) { | ||
232 | $redir .= '&post=' . urlencode($_GET['post']); | ||
233 | foreach (array('description', 'source', 'title', 'tags') as $param) { | ||
234 | if (!empty($_GET[$param])) { | ||
235 | $redir .= '&' . $param . '=' . urlencode($_GET[$param]); | ||
236 | } | ||
237 | } | ||
238 | } | ||
239 | // Redirect to login screen. | ||
240 | echo '<script>alert("'. t("Wrong login/password.") .'");document.location=\'./login'.$redir.'\';</script>'; | ||
241 | exit; | ||
242 | } | ||
243 | } | ||
244 | |||
245 | // ------------------------------------------------------------------------------------------ | ||
246 | // Token management for XSRF protection | 163 | // Token management for XSRF protection |
247 | // Token should be used in any form which acts on data (create,update,delete,import...). | 164 | // Token should be used in any form which acts on data (create,update,delete,import...). |
248 | if (!isset($_SESSION['tokens'])) { | 165 | if (!isset($_SESSION['tokens'])) { |
@@ -283,6 +200,7 @@ $app->group('', function () { | |||
283 | $this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index'); | 200 | $this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index'); |
284 | $this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink'); | 201 | $this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink'); |
285 | $this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login'); | 202 | $this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login'); |
203 | $this->post('/login', '\Shaarli\Front\Controller\Visitor\LoginController:login')->setName('processLogin'); | ||
286 | $this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index'); | 204 | $this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index'); |
287 | $this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud'); | 205 | $this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud'); |
288 | $this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list'); | 206 | $this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list'); |