Updated stay signed in system for a real (working) system
Thanks to Sbgodin for his work on Shaarli and Leed, which I adapted. Please note that if you already have a working instance of BouffeATUlm, you have to update manually your database. You have to set a new field for User database (at the end of the database). This field has to be called "stay_signed_in_token" and to be VARCHAR(32).
This commit is contained in:
Phyks
parent
21b7b7e64c
commit
3047a39acd
@ -3,7 +3,7 @@ require_once('data/config.php');
|
||||
require_once('Storage.class.php');
|
||||
|
||||
class User extends Storage {
|
||||
protected $id = 0, $login, $email, $display_name, $password, $admin, $json_token, $notifications;
|
||||
protected $id = 0, $login, $email, $display_name, $password, $admin, $json_token, $notifications, $stay_signed_in_token;
|
||||
protected $TABLE_NAME = "Users";
|
||||
protected $fields = array(
|
||||
'id'=>'key',
|
||||
@ -13,11 +13,13 @@ class User extends Storage {
|
||||
'password'=>'password',
|
||||
'admin'=>'bool',
|
||||
'json_token'=>'string',
|
||||
'notifications'=>'int'
|
||||
'notifications'=>'int',
|
||||
'stay_signed_in_token'=>'string'
|
||||
);
|
||||
|
||||
public function __construct() {
|
||||
parent::__construct();
|
||||
$stay_signed_in_token = 0;
|
||||
}
|
||||
|
||||
// Getters
|
||||
@ -50,6 +52,10 @@ class User extends Storage {
|
||||
return $this->notifications;
|
||||
}
|
||||
|
||||
public function getStaySignedInToken() {
|
||||
return $this->stay_signed_in_token;
|
||||
}
|
||||
|
||||
// Setters
|
||||
// =======
|
||||
public function setId($id) {
|
||||
@ -106,6 +112,10 @@ class User extends Storage {
|
||||
}
|
||||
}
|
||||
|
||||
public function setStaySignedInToken($token) {
|
||||
$this->stay_signed_in_token = $token;
|
||||
}
|
||||
|
||||
// Password functions
|
||||
// ==================
|
||||
public function encrypt($text) {
|
||||
@ -139,10 +149,10 @@ class User extends Storage {
|
||||
// ===============
|
||||
public function sessionStore($serialize = true) {
|
||||
if($serialize) {
|
||||
return serialize(array('id'=>$this->id, 'login'=>$this->login, 'email'=>$this->email, 'display_name'=>$this->display_name, 'password'=>$this->password, 'admin'=>$this->admin, 'json_token'=>$this->json_token, 'notifications'=>$this->notifications));
|
||||
return serialize(array('id'=>$this->id, 'login'=>$this->login, 'email'=>$this->email, 'display_name'=>$this->display_name, 'password'=>$this->password, 'admin'=>$this->admin, 'json_token'=>$this->json_token, 'notifications'=>$this->notifications, 'stay_signed_in_token'=>$this->stay_signed_in_token));
|
||||
}
|
||||
else {
|
||||
return array('id'=>$this->id, 'login'=>$this->login, 'email'=>$this->email, 'display_name'=>$this->display_name, 'password'=>$this->password, 'admin'=>$this->admin, 'json_token'=>$this->json_token, 'notifications'=>$this->notifications);
|
||||
return array('id'=>$this->id, 'login'=>$this->login, 'email'=>$this->email, 'display_name'=>$this->display_name, 'password'=>$this->password, 'admin'=>$this->admin, 'json_token'=>$this->json_token, 'notifications'=>$this->notifications, 'stay_signed_in_token'=>$this->stay_signed_in_token);
|
||||
}
|
||||
}
|
||||
|
||||
@ -160,6 +170,7 @@ class User extends Storage {
|
||||
$this->setAdmin($user_data['admin']);
|
||||
$this->setJsonToken($user_data['json_token']);
|
||||
$this->setNotifications($user_data['notifications']);
|
||||
$this->setStaySignedInToken($user_data['stay_signed_in_token']);
|
||||
}
|
||||
|
||||
// Check wether a user already exists or not
|
||||
|
||||
@ -1,4 +1,10 @@
|
||||
<?php
|
||||
function logout() {
|
||||
setcookie('bouffeatulm_staySignedIn', FALSE, 0, WEB_PATH);
|
||||
setcookie('bouffeatulm_login', $_COOKIE['bouffeatulm_login'], 0, WEB_PATH);
|
||||
session_destroy();
|
||||
}
|
||||
|
||||
function getNotice() {
|
||||
if(!file_exists('data/notice')) {
|
||||
file_put_contents('data/notice');
|
||||
|
||||
71
index.php
71
index.php
@ -27,6 +27,13 @@
|
||||
require_once('inc/functions.php');
|
||||
require_once('inc/Ban.inc.php');
|
||||
require_once('inc/CSRF.inc.php');
|
||||
|
||||
session_start();
|
||||
|
||||
// Long lasting session inspired by the work from sbgodin for shaarli
|
||||
define('WEB_PATH', substr($_SERVER["REQUEST_URI"], 0, 1+strrpos($_SERVER["REQUEST_URI"], '/', 0)));
|
||||
define('STAY_SIGNED_IN_TOKEN', sha1(SALT.$_SERVER["REMOTE_ADDR"].SALT));
|
||||
|
||||
if(!empty($_GET['json'])) {
|
||||
raintpl::$tpl_dir = 'tpl/json/';
|
||||
$get_redir = 'json=1';
|
||||
@ -47,28 +54,45 @@
|
||||
$tpl->assign('currency', htmlspecialchars(CURRENCY));
|
||||
$tpl->assign('email_webmaster', htmlspecialchars(EMAIL_WEBMASTER));
|
||||
|
||||
// Set sessions parameters
|
||||
ini_set('session.use_cookies', 1);
|
||||
ini_set('session.use_only_cookies', 1);
|
||||
ini_set('session.use_trans_sid', false);
|
||||
session_name('bouffeatulm');
|
||||
|
||||
// Regenerate session if needed
|
||||
$cookie = session_get_cookie_params();
|
||||
$cookie_dir = ''; if(dirname($_SERVER['SCRIPT_NAME']) != '/') $cookie_dir = dirname($_SERVER['SCRIPT_NAME']);
|
||||
session_set_cookie_params($cookie['lifetime'], $cookie_dir, $_SERVER['HTTP_HOST']);
|
||||
session_regenerate_id(true);
|
||||
|
||||
// Handle current user status
|
||||
if(session_id() == '') session_start();
|
||||
|
||||
$current_user = new User();
|
||||
if(isset($_SESSION['current_user'])) {
|
||||
$current_user->sessionRestore($_SESSION['current_user'], true);
|
||||
}
|
||||
else {
|
||||
if(!empty($_COOKIE['bouffeatulm_staySignedIn']) && !empty($_COOKIE['bouffeatulm_login'])) {
|
||||
// Connect back
|
||||
$user = new User();
|
||||
$user->setLogin($_COOKIE['bouffeatulm_login']);
|
||||
|
||||
if(ban_canLogin() == false) {
|
||||
setcookie('bouffeatulm_login', $_COOKIE['bouffeatulm_login'], 0, WEB_PATH);
|
||||
setcookie('bouffeatulm_staySignedIn', STAY_SIGNED_IN_TOKEN, 0, WEB_PATH);
|
||||
exit($errors['unknown_username_password'][LANG]);
|
||||
}
|
||||
else {
|
||||
$user = $user->exists($_COOKIE['bouffeatulm_login']);
|
||||
if($_COOKIE['bouffeatulm_staySignedIn'] === md5($user->getStaySignedInToken().$_SERVER['REMOTE_ADDR'])) {
|
||||
ban_loginOk();
|
||||
$_SESSION['current_user'] = $user->sessionStore();
|
||||
$_SESSION['ip'] = user_ip();
|
||||
setcookie('bouffeatulm_login', $_COOKIE['bouffeatulm_login'], time()+31536000, WEB_PATH);
|
||||
setcookie('bouffeatulm_staySignedIn', STAY_SIGNED_IN_TOKEN, time()+31536000, WEB_PATH);
|
||||
header('location: index.php?'.$get_redir);
|
||||
exit();
|
||||
}
|
||||
else {
|
||||
ban_loginFailed();
|
||||
setcookie('bouffeatulm_login', $_COOKIE['bouffeatulm_login'], 0, WEB_PATH);
|
||||
setcookie('bouffeatulm_staySignedIn', STAY_SIGNED_IN_TOKEN, 0, WEB_PATH);
|
||||
exit($errors['unknown_username_password'][LANG]);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
$current_user = false;
|
||||
}
|
||||
}
|
||||
|
||||
$tpl->assign('current_user', secureDisplay($current_user));
|
||||
|
||||
if(!empty($_GET['json_token'])) {
|
||||
@ -96,7 +120,7 @@
|
||||
|
||||
// If IP has changed, logout
|
||||
if($current_user !== false && user_ip() != $_SESSION['ip']) {
|
||||
session_destroy();
|
||||
logout();
|
||||
header('location: index.php?do=connect&'.$get_redir);
|
||||
exit();
|
||||
}
|
||||
@ -128,15 +152,12 @@
|
||||
$_SESSION['ip'] = user_ip();
|
||||
|
||||
if(!empty($_POST['remember_me'])) { // Handle remember me cookie
|
||||
$_SESSION['remember_me'] = 31536000;
|
||||
$token = md5(uniqid(mt_rand(), true));
|
||||
$user->setStaySignedInToken($token);
|
||||
$user->save();
|
||||
setcookie('bouffeatulm_login', $_POST['login'], time()+31536000, WEB_PATH);
|
||||
setcookie('bouffeatulm_staySignedIn', md5($token.$_SERVER['REMOTE_ADDR']), time()+31536000, WEB_PATH);
|
||||
}
|
||||
else {
|
||||
$_SESSION['remember_me'] = 0;
|
||||
}
|
||||
|
||||
$cookie_dir = ''; if(dirname($_SERVER['SCRIPT_NAME']) != '/') $cookie_dir = dirname($_SERVER['SCRIPT_NAME']);
|
||||
session_set_cookie_params($_SESSION['remember_me'], $cookie_dir, $_SERVER['HTTP_HOST']);
|
||||
session_regenerate_id(true);
|
||||
|
||||
header('location: index.php?'.$get_redir);
|
||||
exit();
|
||||
@ -157,7 +178,7 @@
|
||||
|
||||
case 'disconnect':
|
||||
$current_user = false;
|
||||
session_destroy();
|
||||
logout();
|
||||
header('location: index.php?do=connect&'.$get_redir);
|
||||
exit();
|
||||
break;
|
||||
|
||||
@ -29,7 +29,7 @@
|
||||
$db = new PDO('mysql:host='.$mysql_host.';dbname='.$mysql_db, $mysql_login, $mysql_password);
|
||||
|
||||
//Create table "Users"
|
||||
$db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Users (id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, login VARCHAR(255), email VARCHAR(255), display_name VARCHAR(255), password VARCHAR(130), admin TINYINT(1), json_token VARCHAR(32), notifications TINYINT(1)) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
|
||||
$db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Users (id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, login VARCHAR(255), email VARCHAR(255), display_name VARCHAR(255), password VARCHAR(130), admin TINYINT(1), json_token VARCHAR(32), notifications TINYINT(1), stay_signed_in_token VARCHAR(32)) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
|
||||
|
||||
//Create table "Invoices"
|
||||
$db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Invoices (id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, date DATETIME, buyer INT(11), amount INT(11), what TEXT) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
|
||||
|
||||
Loading…
Reference in New Issue
Block a user