From a8c11451e8d885a243c1ad52012093ba8d121e2c Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 21 Jul 2020 20:33:33 +0200 Subject: Process login through Slim controller --- index.php | 84 +-------------------------------------------------------------- 1 file changed, 1 insertion(+), 83 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 4627438e..1a121f37 100644 --- a/index.php +++ b/index.php @@ -159,89 +159,6 @@ header("Pragma: no-cache"); $loginManager->checkLoginState($clientIpId); -// ------------------------------------------------------------------------------------------ -// Process login form: Check if login/password is correct. -if (isset($_POST['login'])) { - if (! $loginManager->canLogin($_SERVER)) { - die(t('I said: NO. You are banned for the moment. Go away.')); - } - if (isset($_POST['password']) - && $sessionManager->checkToken($_POST['token']) - && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password']) - ) { - $loginManager->handleSuccessfulLogin($_SERVER); - - $cookiedir = ''; - if (dirname($_SERVER['SCRIPT_NAME']) != '/') { - // Note: Never forget the trailing slash on the cookie path! - $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; - } - - if (!empty($_POST['longlastingsession'])) { - // Keep the session cookie even after the browser closes - $sessionManager->setStaySignedIn(true); - $expirationTime = $sessionManager->extendSession(); - - setcookie( - CookieManager::STAY_SIGNED_IN, - $loginManager->getStaySignedInToken(), - $expirationTime, - WEB_PATH - ); - } else { - // Standard session expiration (=when browser closes) - $expirationTime = 0; - } - - // Send cookie with the new expiration date to the browser - session_destroy(); - session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']); - session_start(); - session_regenerate_id(true); - - // Optional redirect after login: - if (isset($_GET['post'])) { - $uri = './?post='. urlencode($_GET['post']); - foreach (array('description', 'source', 'title', 'tags') as $param) { - if (!empty($_GET[$param])) { - $uri .= '&'.$param.'='.urlencode($_GET[$param]); - } - } - header('Location: '. $uri); - exit; - } - - if (isset($_GET['edit_link'])) { - header('Location: ./?edit_link='. escape($_GET['edit_link'])); - exit; - } - - if (isset($_POST['returnurl'])) { - // Prevent loops over login screen. - if (strpos($_POST['returnurl'], '/login') === false) { - header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST'])); - exit; - } - } - header('Location: ./?'); - exit; - } else { - $loginManager->handleFailedLogin($_SERVER); - $redir = '?username='. urlencode($_POST['login']); - if (isset($_GET['post'])) { - $redir .= '&post=' . urlencode($_GET['post']); - foreach (array('description', 'source', 'title', 'tags') as $param) { - if (!empty($_GET[$param])) { - $redir .= '&' . $param . '=' . urlencode($_GET[$param]); - } - } - } - // Redirect to login screen. - echo ''; - exit; - } -} - // ------------------------------------------------------------------------------------------ // Token management for XSRF protection // Token should be used in any form which acts on data (create,update,delete,import...). @@ -283,6 +200,7 @@ $app->group('', function () { $this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index'); $this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink'); $this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login'); + $this->post('/login', '\Shaarli\Front\Controller\Visitor\LoginController:login')->setName('processLogin'); $this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index'); $this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud'); $this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list'); -- cgit v1.2.3