From c689e108639a4f6aa9e15928422e14db7cbe30ca Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sun, 6 May 2018 17:06:36 +0200 Subject: Refactor LoginManager stay-signed-in token management Signed-off-by: VirtualTam --- index.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 8e3bade0..c34434dd 100644 --- a/index.php +++ b/index.php @@ -123,6 +123,7 @@ if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) $conf = new ConfigManager(); $sessionManager = new SessionManager($_SESSION, $conf); $loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); +$loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']); $clientIpId = client_ip_id($_SERVER); // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. @@ -176,10 +177,7 @@ if (! is_file($conf->getConfigFileExt())) { install($conf, $sessionManager); } -// a token depending of deployment salt, user password, and the current ip -define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); - -$loginManager->checkLoginState($_COOKIE, $clientIpId, STAY_SIGNED_IN_TOKEN); +$loginManager->checkLoginState($_COOKIE, $clientIpId); /** * Adapter function to ensure compatibility with third-party templates @@ -219,8 +217,8 @@ if (isset($_POST['login'])) { $expirationTime = $sessionManager->extendSession(); setcookie( - $sessionManager::$LOGGED_IN_COOKIE, - STAY_SIGNED_IN_TOKEN, + $loginManager::$STAY_SIGNED_IN_COOKIE, + $loginManager->getStaySignedInToken(), $expirationTime, WEB_PATH ); @@ -595,7 +593,7 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history, $sessionManager, { invalidateCaches($conf->get('resource.page_cache')); $sessionManager->logout(); - setcookie(SessionManager::$LOGGED_IN_COOKIE, 'false', 0, WEB_PATH); + setcookie(LoginManager::$STAY_SIGNED_IN_COOKIE, 'false', 0, WEB_PATH); header('Location: ?'); exit; } -- cgit v1.2.3