summaryrefslogtreecommitdiff
path: root/classes/userhelper.php
diff options
context:
space:
mode:
Diffstat (limited to 'classes/userhelper.php')
-rw-r--r--classes/userhelper.php141
1 files changed, 141 insertions, 0 deletions
diff --git a/classes/userhelper.php b/classes/userhelper.php
new file mode 100644
index 000000000..2ae1f7b83
--- /dev/null
+++ b/classes/userhelper.php
@@ -0,0 +1,141 @@
+<?php
+class UserHelper {
+
+ static function authenticate($login, $password, $check_only = false, $service = false) {
+
+ if (!SINGLE_USER_MODE) {
+ $user_id = false;
+ $auth_module = false;
+
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_AUTH_USER) as $plugin) {
+
+ $user_id = (int) $plugin->authenticate($login, $password, $service);
+
+ if ($user_id) {
+ $auth_module = strtolower(get_class($plugin));
+ break;
+ }
+ }
+
+ if ($user_id && !$check_only) {
+
+ session_start();
+ session_regenerate_id(true);
+
+ $_SESSION["uid"] = $user_id;
+ $_SESSION["auth_module"] = $auth_module;
+
+ $pdo = Db::pdo();
+ $sth = $pdo->prepare("SELECT login,access_level,pwd_hash FROM ttrss_users
+ WHERE id = ?");
+ $sth->execute([$user_id]);
+ $row = $sth->fetch();
+
+ $_SESSION["name"] = $row["login"];
+ $_SESSION["access_level"] = $row["access_level"];
+ $_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
+
+ $usth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
+ $usth->execute([$user_id]);
+
+ $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
+ $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
+ $_SESSION["pwd_hash"] = $row["pwd_hash"];
+
+ Pref_Prefs::initialize_user_prefs($_SESSION["uid"]);
+
+ return true;
+ }
+
+ return false;
+
+ } else {
+
+ $_SESSION["uid"] = 1;
+ $_SESSION["name"] = "admin";
+ $_SESSION["access_level"] = 10;
+
+ $_SESSION["hide_hello"] = true;
+ $_SESSION["hide_logout"] = true;
+
+ $_SESSION["auth_module"] = false;
+
+ if (!$_SESSION["csrf_token"])
+ $_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
+
+ $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
+
+ Pref_Prefs::initialize_user_prefs($_SESSION["uid"]);
+
+ return true;
+ }
+ }
+
+ static function load_user_plugins($owner_uid, $pluginhost = false) {
+
+ if (!$pluginhost) $pluginhost = PluginHost::getInstance();
+
+ if ($owner_uid && SCHEMA_VERSION >= 100 && !$_SESSION["safe_mode"]) {
+ $plugins = get_pref("_ENABLED_PLUGINS", $owner_uid);
+
+ $pluginhost->load($plugins, PluginHost::KIND_USER, $owner_uid);
+
+ if (get_schema_version() > 100) {
+ $pluginhost->load_data();
+ }
+ }
+ }
+
+ static function login_sequence() {
+ $pdo = Db::pdo();
+
+ if (SINGLE_USER_MODE) {
+ @session_start();
+ UserHelper::authenticate("admin", null);
+ startup_gettext();
+ UserHelper::load_user_plugins($_SESSION["uid"]);
+ } else {
+ if (!validate_session()) $_SESSION["uid"] = false;
+
+ if (!$_SESSION["uid"]) {
+
+ if (AUTH_AUTO_LOGIN && UserHelper::authenticate(null, null)) {
+ $_SESSION["ref_schema_version"] = get_schema_version(true);
+ } else {
+ UserHelper::authenticate(null, null, true);
+ }
+
+ if (!$_SESSION["uid"]) {
+ Pref_Users::logout_user();
+
+ Handler_Public::render_login_form();
+ exit;
+ }
+
+ } else {
+ /* bump login timestamp */
+ $sth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
+ $sth->execute([$_SESSION['uid']]);
+
+ $_SESSION["last_login_update"] = time();
+ }
+
+ if ($_SESSION["uid"]) {
+ startup_gettext();
+ UserHelper::load_user_plugins($_SESSION["uid"]);
+ }
+ }
+ }
+
+ static function print_user_stylesheet() {
+ $value = get_pref('USER_STYLESHEET');
+
+ if ($value) {
+ print "<style type='text/css' id='user_css_style'>";
+ print str_replace("<br/>", "\n", $value);
+ print "</style>";
+ }
+
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 14:43:44 +0000