X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=src%2FModule%2FLogin.php;h=92b0daed13d2c40abc77f1bccd6227f76728d0ac;hb=2ef81108b37a85642e1f3380044a03cb1cd8719a;hp=b0b5a4947de4716f49ba87f427711dc19cd619b7;hpb=dad58e0f6fdff5e1ff8a002bb31119a38f08268b;p=friendica.git diff --git a/src/Module/Login.php b/src/Module/Login.php index b0b5a4947d..92b0daed13 100644 --- a/src/Module/Login.php +++ b/src/Module/Login.php @@ -4,26 +4,26 @@ */ namespace Friendica\Module; +use Exception; use Friendica\BaseModule; use Friendica\Core\Addon; +use Friendica\Core\Authentication; use Friendica\Core\Config; use Friendica\Core\L10n; -use Friendica\Database\DBM; +use Friendica\Core\System; +use Friendica\Database\DBA; use Friendica\Model\User; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; -use dba; -use Exception; use LightOpenID; require_once 'boot.php'; -require_once 'include/security.php'; require_once 'include/text.php'; /** * Login module * - * @author Hypolite Petovan mrpetovan@gmail.com + * @author Hypolite Petovan */ class Login extends BaseModule { @@ -40,98 +40,135 @@ class Login extends BaseModule } if (local_user()) { - goaway(self::getApp()->get_baseurl()); + $a->redirect(); } - return self::form(self::getApp()->get_baseurl(), $a->config['register_policy'] != REGISTER_CLOSED); + return self::form($_SESSION['return_url'], intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED); } public static function post() { + $return_url = $_SESSION['return_url']; session_unset(); + $_SESSION['return_url'] = $return_url; + // OpenId Login if ( - !x($_POST, 'password') + empty($_POST['password']) && ( - x($_POST, 'openid_url') - || x($_POST, 'username') + !empty($_POST['openid_url']) + || !empty($_POST['username']) ) ) { - $noid = Config::get('system', 'no_openid'); + $openid_url = trim(defaults($_POST, 'openid_url', $_POST['username'])); - $openid_url = trim($_POST['openid_url'] ? : $_POST['username']); + self::openIdAuthentication($openid_url, !empty($_POST['remember'])); + } - // if it's an email address or doesn't resolve to a URL, fail. - if ($noid || strpos($openid_url, '@') || !Network::isUrlValid($openid_url)) { - notice(L10n::t('Login failed.') . EOL); - goaway(self::getApp()->get_baseurl()); - // NOTREACHED - } + if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') { + self::passwordAuthentication( + trim($_POST['username']), + trim($_POST['password']), + !empty($_POST['remember']) + ); + } + } - // Otherwise it's probably an openid. - try { - $openid = new LightOpenID; - $openid->identity = $openid_url; - $_SESSION['openid'] = $openid_url; - $_SESSION['remember'] = $_POST['remember']; - $openid->returnUrl = self::getApp()->get_baseurl(true) . '/openid'; - goaway($openid->authUrl()); - } catch (Exception $e) { - notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . L10n::t('The error message was:') . ' ' . $e->getMessage()); - } + /** + * Attempts to authenticate using OpenId + * + * @param string $openid_url OpenID URL string + * @param bool $remember Whether to set the session remember flag + */ + private static function openIdAuthentication($openid_url, $remember) + { + $noid = Config::get('system', 'no_openid'); + + $a = self::getApp(); + + // if it's an email address or doesn't resolve to a URL, fail. + if ($noid || strpos($openid_url, '@') || !Network::isUrlValid($openid_url)) { + notice(L10n::t('Login failed.') . EOL); + $a->redirect(); // NOTREACHED } - if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') { - $record = null; - - $addon_auth = [ - 'username' => trim($_POST['username']), - 'password' => trim($_POST['password']), - 'authenticated' => 0, - 'user_record' => null - ]; + // Otherwise it's probably an openid. + try { + $a = get_app(); + $openid = new LightOpenID($a->getHostName()); + $openid->identity = $openid_url; + $_SESSION['openid'] = $openid_url; + $_SESSION['remember'] = $remember; + $openid->returnUrl = self::getApp()->getBaseURL(true) . '/openid'; + $a->redirect($openid->authUrl()); + } catch (Exception $e) { + notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . L10n::t('The error message was:') . ' ' . $e->getMessage()); + } + } - /* - * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record - * Addons should never set 'authenticated' except to indicate success - as hooks may be chained - * and later addons should not interfere with an earlier one that succeeded. - */ - Addon::callHooks('authenticate', $addon_auth); + /** + * Attempts to authenticate using login/password + * + * @param string $username User name + * @param string $password Clear password + * @param bool $remember Whether to set the session remember flag + */ + private static function passwordAuthentication($username, $password, $remember) + { + $record = null; - if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) { - $record = $addon_auth['user_record']; - } else { - $user_id = User::authenticate(trim($_POST['username']), trim($_POST['password'])); - if ($user_id) { - $record = dba::selectFirst('user', [], ['uid' => $user_id]); - } - } + $addon_auth = [ + 'username' => $username, + 'password' => $password, + 'authenticated' => 0, + 'user_record' => null + ]; - if (!$record || !count($record)) { - logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); - notice(L10n::t('Login failed.') . EOL); - goaway(self::getApp()->get_baseurl()); - } + $a = self::getApp(); - if (!$_POST['remember']) { - new_cookie(0); // 0 means delete on browser exit - } + /* + * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record + * Addons should never set 'authenticated' except to indicate success - as hooks may be chained + * and later addons should not interfere with an earlier one that succeeded. + */ + Addon::callHooks('authenticate', $addon_auth); - // if we haven't failed up this point, log them in. - $_SESSION['remember'] = $_POST['remember']; - $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); - authenticate_success($record, true, true); + try { + if ($addon_auth['authenticated']) { + $record = $addon_auth['user_record']; - if (x($_SESSION, 'return_url')) { - $return_url = $_SESSION['return_url']; - unset($_SESSION['return_url']); + if (empty($record)) { + throw new Exception(L10n::t('Login failed.')); + } } else { - $return_url = ''; + $record = DBA::selectFirst('user', [], + ['uid' => User::getIdFromPasswordAuthentication($username, $password)] + ); } + } catch (Exception $e) { + logger('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']); + info('Login failed. Please check your credentials.' . EOL); + $a->redirect(); + } - goaway($return_url); + if (!$remember) { + Authentication::setCookie(0); // 0 means delete on browser exit } + + // if we haven't failed up this point, log them in. + $_SESSION['remember'] = $remember; + $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); + Authentication::setAuthenticatedSessionForUser($record, true, true); + + if (x($_SESSION, 'return_url')) { + $return_url = $_SESSION['return_url']; + unset($_SESSION['return_url']); + } else { + $return_url = ''; + } + + $a->redirect($return_url); } /** @@ -141,12 +178,14 @@ class Login extends BaseModule */ public static function sessionAuth() { + $a = self::getApp(); + // When the "Friendica" cookie is set, take the value to authenticate and renew the cookie. if (isset($_COOKIE["Friendica"])) { $data = json_decode($_COOKIE["Friendica"]); if (isset($data->uid)) { - $user = dba::selectFirst('user', [], + $user = DBA::selectFirst('user', [], [ 'uid' => $data->uid, 'blocked' => false, @@ -155,22 +194,22 @@ class Login extends BaseModule 'verified' => true, ] ); - if (DBM::is_result($user)) { - if ($data->hash != cookie_hash($user)) { + if (DBA::isResult($user)) { + if ($data->hash != Authentication::getCookieHashForUser($user)) { logger("Hash for user " . $data->uid . " doesn't fit."); - nuke_session(); - goaway(self::getApp()->get_baseurl()); + Authentication::deleteSession(); + $a->redirect(); } // Renew the cookie // Expires after 7 days by default, // can be set via system.auth_cookie_lifetime $authcookiedays = Config::get('system', 'auth_cookie_lifetime', 7); - new_cookie($authcookiedays * 24 * 60 * 60, $user); + Authentication::setCookie($authcookiedays * 24 * 60 * 60, $user); // Do the authentification if not done by now if (!isset($_SESSION) || !isset($_SESSION['authenticated'])) { - authenticate_success($user); + Authentication::setAuthenticatedSessionForUser($user); if (Config::get('system', 'paranoia')) { $_SESSION['addr'] = $data->ip; @@ -182,11 +221,9 @@ class Login extends BaseModule if (isset($_SESSION) && x($_SESSION, 'authenticated')) { if (x($_SESSION, 'visitor_id') && !x($_SESSION, 'uid')) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval($_SESSION['visitor_id']) - ); - if (DBM::is_result($r)) { - self::getApp()->contact = $r[0]; + $contact = DBA::selectFirst('contact', [], ['id' => $_SESSION['visitor_id']]); + if (DBA::isResult($contact)) { + self::getApp()->contact = $contact; } } @@ -197,11 +234,11 @@ class Login extends BaseModule if ($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) { logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - nuke_session(); - goaway(self::getApp()->get_baseurl()); + Authentication::deleteSession(); + $a->redirect(); } - $user = dba::selectFirst('user', [], + $user = DBA::selectFirst('user', [], [ 'uid' => $_SESSION['uid'], 'blocked' => false, @@ -210,22 +247,22 @@ class Login extends BaseModule 'verified' => true, ] ); - if (!DBM::is_result($user)) { - nuke_session(); - goaway(self::getApp()->get_baseurl()); + if (!DBA::isResult($user)) { + Authentication::deleteSession(); + $a->redirect(); } // Make sure to refresh the last login time for the user if the user // stays logged in for a long time, e.g. with "Remember Me" $login_refresh = false; - if (!x($_SESSION['last_login_date'])) { + if (empty($_SESSION['last_login_date'])) { $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); } if (strcmp(DateTimeFormat::utc('now - 12 hours'), $_SESSION['last_login_date']) > 0) { $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); $login_refresh = true; } - authenticate_success($user, false, false, $login_refresh); + Authentication::setAuthenticatedSessionForUser($user, false, false, $login_refresh); } } } @@ -236,7 +273,7 @@ class Login extends BaseModule * @param string $return_url The url relative to the base the user should be sent * back to after login completes * @param bool $register If $register == true provide a registration link. - * This will most always depend on the value of $a->config['register_policy']. + * This will most always depend on the value of config.register_policy. * @param array $hiddens optional * * @return string Returns the complete html for inserting into the page @@ -267,7 +304,7 @@ class Login extends BaseModule $a->page['htmlhead'] .= replace_macros( get_markup_template('login_head.tpl'), [ - '$baseurl' => $a->get_baseurl(true) + '$baseurl' => $a->getBaseURL(true) ] ); @@ -278,7 +315,7 @@ class Login extends BaseModule $o .= replace_macros( $tpl, [ - '$dest_url' => self::getApp()->get_baseurl(true) . '/login', + '$dest_url' => self::getApp()->getBaseURL(true) . '/login', '$logout' => L10n::t('Logout'), '$login' => L10n::t('Login'),