summaryrefslogtreecommitdiff
path: root/classes/userhelper.php
diff options
context:
space:
mode:
Diffstat (limited to 'classes/userhelper.php')
-rw-r--r--classes/userhelper.php55
1 files changed, 37 insertions, 18 deletions
diff --git a/classes/userhelper.php b/classes/userhelper.php
index 1cdd320a1..90d073d55 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -17,7 +17,22 @@ class UserHelper {
self::HASH_ALGO_SHA1
];
- static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) {
+ /** forbidden to login */
+ const ACCESS_LEVEL_DISABLED = -2;
+
+ /** can't subscribe to new feeds, feeds are not updated */
+ const ACCESS_LEVEL_READONLY = -1;
+
+ /** no restrictions, regular user */
+ const ACCESS_LEVEL_USER = 0;
+
+ /** not used, same as regular user */
+ const ACCESS_LEVEL_POWERUSER = 5;
+
+ /** has administrator permissions */
+ const ACCESS_LEVEL_ADMIN = 10;
+
+ static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null): bool {
if (!Config::get(Config::SINGLE_USER_MODE)) {
$user_id = false;
$auth_module = false;
@@ -41,7 +56,7 @@ class UserHelper {
$user = ORM::for_table('ttrss_users')->find_one($user_id);
- if ($user) {
+ if ($user && $user->access_level != self::ACCESS_LEVEL_DISABLED) {
$_SESSION["uid"] = $user_id;
$_SESSION["auth_module"] = $auth_module;
$_SESSION["name"] = $user->login;
@@ -68,7 +83,7 @@ class UserHelper {
$_SESSION["uid"] = 1;
$_SESSION["name"] = "admin";
- $_SESSION["access_level"] = 10;
+ $_SESSION["access_level"] = self::ACCESS_LEVEL_ADMIN;
$_SESSION["hide_hello"] = true;
$_SESSION["hide_logout"] = true;
@@ -84,7 +99,7 @@ class UserHelper {
}
}
- static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null) {
+ static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null): void {
if (!$pluginhost) $pluginhost = PluginHost::getInstance();
@@ -99,7 +114,7 @@ class UserHelper {
}
}
- static function login_sequence() {
+ static function login_sequence(): void {
$pdo = Db::pdo();
if (Config::get(Config::SINGLE_USER_MODE)) {
@@ -144,7 +159,7 @@ class UserHelper {
}
}
- static function print_user_stylesheet() {
+ static function print_user_stylesheet(): void {
$value = get_pref(Prefs::USER_STYLESHEET);
if ($value) {
@@ -155,7 +170,7 @@ class UserHelper {
}
- static function get_user_ip() {
+ static function get_user_ip(): ?string {
foreach (["HTTP_X_REAL_IP", "REMOTE_ADDR"] as $hdr) {
if (isset($_SERVER[$hdr]))
return $_SERVER[$hdr];
@@ -164,7 +179,7 @@ class UserHelper {
return null;
}
- static function get_login_by_id(int $id) {
+ static function get_login_by_id(int $id): ?string {
$user = ORM::for_table('ttrss_users')
->find_one($id);
@@ -174,7 +189,7 @@ class UserHelper {
return null;
}
- static function find_user_by_login(string $login) {
+ static function find_user_by_login(string $login): ?int {
$user = ORM::for_table('ttrss_users')
->where('login', $login)
->find_one();
@@ -185,7 +200,7 @@ class UserHelper {
return null;
}
- static function logout() {
+ static function logout(): void {
if (session_status() === PHP_SESSION_ACTIVE)
session_destroy();
@@ -196,11 +211,11 @@ class UserHelper {
session_commit();
}
- static function get_salt() {
+ static function get_salt(): string {
return substr(bin2hex(get_random_bytes(125)), 0, 250);
}
- static function reset_password($uid, $format_output = false, $new_password = "") {
+ static function reset_password(int $uid, bool $format_output = false, string $new_password = ""): void {
$user = ORM::for_table('ttrss_users')->find_one($uid);
$message = "";
@@ -283,7 +298,7 @@ class UserHelper {
}
}
- static function get_otp_secret(int $owner_uid, bool $show_if_enabled = false) {
+ static function get_otp_secret(int $owner_uid, bool $show_if_enabled = false): ?string {
$user = ORM::for_table('ttrss_users')->find_one($owner_uid);
if ($user) {
@@ -318,7 +333,9 @@ class UserHelper {
return null;
}
- static function is_default_password() {
+ static function is_default_password(): bool {
+
+ /** @var Auth_Internal|false $authenticator -- this is only here to make check_password() visible to static analyzer */
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
if ($authenticator &&
@@ -330,10 +347,12 @@ class UserHelper {
return false;
}
- static function hash_password(string $pass, string $salt, string $algo = "") {
-
- if (!$algo) $algo = self::HASH_ALGOS[0];
-
+ /**
+ * @param string $algo should be one of UserHelper::HASH_ALGO_*
+ *
+ * @return false|string False if the password couldn't be hashed, otherwise the hash string.
+ */
+ static function hash_password(string $pass, string $salt, string $algo = self::HASH_ALGOS[0]) {
$pass_hash = "";
switch ($algo) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-11 11:55:45 +0000