Pass the client IP ID to LoginManager
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
This commit is contained in:
parent
c7721487b2
commit
8474208474
2 changed files with 16 additions and 17 deletions
|
@ -48,15 +48,15 @@ public function __construct(& $globals, $configManager, $sessionManager)
|
||||||
/**
|
/**
|
||||||
* Check user session state and validity (expiration)
|
* Check user session state and validity (expiration)
|
||||||
*
|
*
|
||||||
* @param array $server The $_SERVER array
|
* @param array $session The $_SESSION array (reference)
|
||||||
* @param array $session The $_SESSION array (reference)
|
* @param array $cookie The $_COOKIE array
|
||||||
* @param array $cookie The $_COOKIE array
|
* @param string $webPath Path on the server in which the cookie will be available on
|
||||||
* @param string $webPath Path on the server in which the cookie will be available on
|
* @param string $clientIpId Client IP address identifier
|
||||||
* @param string $token Session token
|
* @param string $token Session token
|
||||||
*
|
*
|
||||||
* @return bool true if the user session is valid, false otherwise
|
* @return bool true if the user session is valid, false otherwise
|
||||||
*/
|
*/
|
||||||
public function checkLoginState($server, & $session, $cookie, $webPath, $token)
|
public function checkLoginState(& $session, $cookie, $webPath, $clientIpId, $token)
|
||||||
{
|
{
|
||||||
if (! $this->configManager->exists('credentials.login')) {
|
if (! $this->configManager->exists('credentials.login')) {
|
||||||
// Shaarli is not configured yet
|
// Shaarli is not configured yet
|
||||||
|
@ -64,8 +64,6 @@ public function checkLoginState($server, & $session, $cookie, $webPath, $token)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$clientIpId = client_ip_id($server);
|
|
||||||
|
|
||||||
if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
|
if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
|
||||||
&& $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
|
&& $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
|
||||||
) {
|
) {
|
||||||
|
@ -100,13 +98,14 @@ public function isLoggedIn()
|
||||||
/**
|
/**
|
||||||
* Check user credentials are valid
|
* Check user credentials are valid
|
||||||
*
|
*
|
||||||
* @param array $server The $_SERVER array
|
* @param string $remoteIp Remote client IP address
|
||||||
* @param string $login Username
|
* @param string $clientIpId Client IP address identifier
|
||||||
* @param string $password Password
|
* @param string $login Username
|
||||||
|
* @param string $password Password
|
||||||
*
|
*
|
||||||
* @return bool true if the provided credentials are valid, false otherwise
|
* @return bool true if the provided credentials are valid, false otherwise
|
||||||
*/
|
*/
|
||||||
public function checkCredentials($server, $login, $password)
|
public function checkCredentials($remoteIp, $clientIpId, $login, $password)
|
||||||
{
|
{
|
||||||
$hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
|
$hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
|
||||||
|
|
||||||
|
@ -115,17 +114,16 @@ public function checkCredentials($server, $login, $password)
|
||||||
) {
|
) {
|
||||||
logm(
|
logm(
|
||||||
$this->configManager->get('resource.log'),
|
$this->configManager->get('resource.log'),
|
||||||
$server['REMOTE_ADDR'],
|
$remoteIp,
|
||||||
'Login failed for user ' . $login
|
'Login failed for user ' . $login
|
||||||
);
|
);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$clientIpId = client_ip_id($server);
|
|
||||||
$this->sessionManager->storeLoginInfo($clientIpId);
|
$this->sessionManager->storeLoginInfo($clientIpId);
|
||||||
logm(
|
logm(
|
||||||
$this->configManager->get('resource.log'),
|
$this->configManager->get('resource.log'),
|
||||||
$server['REMOTE_ADDR'],
|
$remoteIp,
|
||||||
'Login successful'
|
'Login successful'
|
||||||
);
|
);
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -123,6 +123,7 @@
|
||||||
$conf = new ConfigManager();
|
$conf = new ConfigManager();
|
||||||
$sessionManager = new SessionManager($_SESSION, $conf);
|
$sessionManager = new SessionManager($_SESSION, $conf);
|
||||||
$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
|
$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
|
||||||
|
$clientIpId = client_ip_id($_SERVER);
|
||||||
|
|
||||||
// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
|
// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
|
||||||
if (! defined('LC_MESSAGES')) {
|
if (! defined('LC_MESSAGES')) {
|
||||||
|
@ -178,7 +179,7 @@
|
||||||
// a token depending of deployment salt, user password, and the current ip
|
// a token depending of deployment salt, user password, and the current ip
|
||||||
define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
|
define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
|
||||||
|
|
||||||
$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN);
|
$loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adapter function for PageBuilder
|
* Adapter function for PageBuilder
|
||||||
|
@ -200,7 +201,7 @@ function isLoggedIn()
|
||||||
}
|
}
|
||||||
if (isset($_POST['password'])
|
if (isset($_POST['password'])
|
||||||
&& $sessionManager->checkToken($_POST['token'])
|
&& $sessionManager->checkToken($_POST['token'])
|
||||||
&& $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password'])
|
&& $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
|
||||||
) {
|
) {
|
||||||
// Login/password is OK.
|
// Login/password is OK.
|
||||||
$loginManager->handleSuccessfulLogin($_SERVER);
|
$loginManager->handleSuccessfulLogin($_SERVER);
|
||||||
|
|
Loading…
Reference in a new issue