diff options
Diffstat (limited to 'classes/userhelper.php')
-rw-r--r-- | classes/userhelper.php | 55 |
1 files changed, 37 insertions, 18 deletions
diff --git a/classes/userhelper.php b/classes/userhelper.php index 1cdd320a1..90d073d55 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -17,7 +17,22 @@ class UserHelper { self::HASH_ALGO_SHA1 ]; - static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) { + /** forbidden to login */ + const ACCESS_LEVEL_DISABLED = -2; + + /** can't subscribe to new feeds, feeds are not updated */ + const ACCESS_LEVEL_READONLY = -1; + + /** no restrictions, regular user */ + const ACCESS_LEVEL_USER = 0; + + /** not used, same as regular user */ + const ACCESS_LEVEL_POWERUSER = 5; + + /** has administrator permissions */ + const ACCESS_LEVEL_ADMIN = 10; + + static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null): bool { if (!Config::get(Config::SINGLE_USER_MODE)) { $user_id = false; $auth_module = false; @@ -41,7 +56,7 @@ class UserHelper { $user = ORM::for_table('ttrss_users')->find_one($user_id); - if ($user) { + if ($user && $user->access_level != self::ACCESS_LEVEL_DISABLED) { $_SESSION["uid"] = $user_id; $_SESSION["auth_module"] = $auth_module; $_SESSION["name"] = $user->login; @@ -68,7 +83,7 @@ class UserHelper { $_SESSION["uid"] = 1; $_SESSION["name"] = "admin"; - $_SESSION["access_level"] = 10; + $_SESSION["access_level"] = self::ACCESS_LEVEL_ADMIN; $_SESSION["hide_hello"] = true; $_SESSION["hide_logout"] = true; @@ -84,7 +99,7 @@ class UserHelper { } } - static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null) { + static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null): void { if (!$pluginhost) $pluginhost = PluginHost::getInstance(); @@ -99,7 +114,7 @@ class UserHelper { } } - static function login_sequence() { + static function login_sequence(): void { $pdo = Db::pdo(); if (Config::get(Config::SINGLE_USER_MODE)) { @@ -144,7 +159,7 @@ class UserHelper { } } - static function print_user_stylesheet() { + static function print_user_stylesheet(): void { $value = get_pref(Prefs::USER_STYLESHEET); if ($value) { @@ -155,7 +170,7 @@ class UserHelper { } - static function get_user_ip() { + static function get_user_ip(): ?string { foreach (["HTTP_X_REAL_IP", "REMOTE_ADDR"] as $hdr) { if (isset($_SERVER[$hdr])) return $_SERVER[$hdr]; @@ -164,7 +179,7 @@ class UserHelper { return null; } - static function get_login_by_id(int $id) { + static function get_login_by_id(int $id): ?string { $user = ORM::for_table('ttrss_users') ->find_one($id); @@ -174,7 +189,7 @@ class UserHelper { return null; } - static function find_user_by_login(string $login) { + static function find_user_by_login(string $login): ?int { $user = ORM::for_table('ttrss_users') ->where('login', $login) ->find_one(); @@ -185,7 +200,7 @@ class UserHelper { return null; } - static function logout() { + static function logout(): void { if (session_status() === PHP_SESSION_ACTIVE) session_destroy(); @@ -196,11 +211,11 @@ class UserHelper { session_commit(); } - static function get_salt() { + static function get_salt(): string { return substr(bin2hex(get_random_bytes(125)), 0, 250); } - static function reset_password($uid, $format_output = false, $new_password = "") { + static function reset_password(int $uid, bool $format_output = false, string $new_password = ""): void { $user = ORM::for_table('ttrss_users')->find_one($uid); $message = ""; @@ -283,7 +298,7 @@ class UserHelper { } } - static function get_otp_secret(int $owner_uid, bool $show_if_enabled = false) { + static function get_otp_secret(int $owner_uid, bool $show_if_enabled = false): ?string { $user = ORM::for_table('ttrss_users')->find_one($owner_uid); if ($user) { @@ -318,7 +333,9 @@ class UserHelper { return null; } - static function is_default_password() { + static function is_default_password(): bool { + + /** @var Auth_Internal|false $authenticator -- this is only here to make check_password() visible to static analyzer */ $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); if ($authenticator && @@ -330,10 +347,12 @@ class UserHelper { return false; } - static function hash_password(string $pass, string $salt, string $algo = "") { - - if (!$algo) $algo = self::HASH_ALGOS[0]; - + /** + * @param string $algo should be one of UserHelper::HASH_ALGO_* + * + * @return false|string False if the password couldn't be hashed, otherwise the hash string. + */ + static function hash_password(string $pass, string $salt, string $algo = self::HASH_ALGOS[0]) { $pass_hash = ""; switch ($algo) { |