From 74568df4ff7b7788991636f6fb2ed62012f85c3b Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 22 Sep 2020 09:04:33 +0300 Subject: remove a lot of stuff from global context (functions.php), add a few helper classes instead --- classes/userhelper.php | 141 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 classes/userhelper.php (limited to 'classes/userhelper.php') diff --git a/classes/userhelper.php b/classes/userhelper.php new file mode 100644 index 000000000..2ae1f7b83 --- /dev/null +++ b/classes/userhelper.php @@ -0,0 +1,141 @@ +get_hooks(PluginHost::HOOK_AUTH_USER) as $plugin) { + + $user_id = (int) $plugin->authenticate($login, $password, $service); + + if ($user_id) { + $auth_module = strtolower(get_class($plugin)); + break; + } + } + + if ($user_id && !$check_only) { + + session_start(); + session_regenerate_id(true); + + $_SESSION["uid"] = $user_id; + $_SESSION["auth_module"] = $auth_module; + + $pdo = Db::pdo(); + $sth = $pdo->prepare("SELECT login,access_level,pwd_hash FROM ttrss_users + WHERE id = ?"); + $sth->execute([$user_id]); + $row = $sth->fetch(); + + $_SESSION["name"] = $row["login"]; + $_SESSION["access_level"] = $row["access_level"]; + $_SESSION["csrf_token"] = bin2hex(get_random_bytes(16)); + + $usth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?"); + $usth->execute([$user_id]); + + $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; + $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']); + $_SESSION["pwd_hash"] = $row["pwd_hash"]; + + Pref_Prefs::initialize_user_prefs($_SESSION["uid"]); + + return true; + } + + return false; + + } else { + + $_SESSION["uid"] = 1; + $_SESSION["name"] = "admin"; + $_SESSION["access_level"] = 10; + + $_SESSION["hide_hello"] = true; + $_SESSION["hide_logout"] = true; + + $_SESSION["auth_module"] = false; + + if (!$_SESSION["csrf_token"]) + $_SESSION["csrf_token"] = bin2hex(get_random_bytes(16)); + + $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; + + Pref_Prefs::initialize_user_prefs($_SESSION["uid"]); + + return true; + } + } + + static function load_user_plugins($owner_uid, $pluginhost = false) { + + if (!$pluginhost) $pluginhost = PluginHost::getInstance(); + + if ($owner_uid && SCHEMA_VERSION >= 100 && !$_SESSION["safe_mode"]) { + $plugins = get_pref("_ENABLED_PLUGINS", $owner_uid); + + $pluginhost->load($plugins, PluginHost::KIND_USER, $owner_uid); + + if (get_schema_version() > 100) { + $pluginhost->load_data(); + } + } + } + + static function login_sequence() { + $pdo = Db::pdo(); + + if (SINGLE_USER_MODE) { + @session_start(); + UserHelper::authenticate("admin", null); + startup_gettext(); + UserHelper::load_user_plugins($_SESSION["uid"]); + } else { + if (!validate_session()) $_SESSION["uid"] = false; + + if (!$_SESSION["uid"]) { + + if (AUTH_AUTO_LOGIN && UserHelper::authenticate(null, null)) { + $_SESSION["ref_schema_version"] = get_schema_version(true); + } else { + UserHelper::authenticate(null, null, true); + } + + if (!$_SESSION["uid"]) { + Pref_Users::logout_user(); + + Handler_Public::render_login_form(); + exit; + } + + } else { + /* bump login timestamp */ + $sth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?"); + $sth->execute([$_SESSION['uid']]); + + $_SESSION["last_login_update"] = time(); + } + + if ($_SESSION["uid"]) { + startup_gettext(); + UserHelper::load_user_plugins($_SESSION["uid"]); + } + } + } + + static function print_user_stylesheet() { + $value = get_pref('USER_STYLESHEET'); + + if ($value) { + print ""; + } + + } + +} -- cgit v1.2.3