X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FLogin.php;h=41ea917cf3e8087c49e6ccbee8502afea1feefe5;hb=e2427eb9da8d32c35488b609f79e167786168ecc;hp=7d6470620acfda4f5b419b8b5b17452a23f8894b;hpb=78114c13d5ce27b36682a960859056d4ebf9d9be;p=friendica.git diff --git a/src/Module/Login.php b/src/Module/Login.php index 7d6470620a..41ea917cf3 100644 --- a/src/Module/Login.php +++ b/src/Module/Login.php @@ -4,26 +4,26 @@ */ namespace Friendica\Module; +use Exception; use Friendica\BaseModule; use Friendica\Core\Addon; +use Friendica\Core\Authentication; use Friendica\Core\Config; use Friendica\Core\L10n; -use Friendica\Database\DBM; +use Friendica\Core\Logger; +use Friendica\Core\Renderer; +use Friendica\Core\System; +use Friendica\Database\DBA; use Friendica\Model\User; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; -use dba; -use Exception; +use Friendica\Util\Strings; use LightOpenID; -require_once 'boot.php'; -require_once 'include/security.php'; -require_once 'include/text.php'; - /** * Login module * - * @author Hypolite Petovan mrpetovan@gmail.com + * @author Hypolite Petovan */ class Login extends BaseModule { @@ -31,24 +31,27 @@ class Login extends BaseModule { $a = self::getApp(); - if (x($_SESSION, 'theme')) { + if (!empty($_SESSION['theme'])) { unset($_SESSION['theme']); } - if (x($_SESSION, 'mobile-theme')) { + if (!empty($_SESSION['mobile-theme'])) { unset($_SESSION['mobile-theme']); } if (local_user()) { - goaway(self::getApp()->get_baseurl()); + $a->internalRedirect(); } - return self::form(self::getApp()->get_baseurl(), $a->config['register_policy'] != REGISTER_CLOSED); + return self::form(defaults($_SESSION, 'return_path', null), intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED); } public static function post() { + $return_path = defaults($_SESSION, 'return_path', ''); session_unset(); + $_SESSION['return_path'] = $return_path; + // OpenId Login if ( empty($_POST['password']) @@ -62,7 +65,7 @@ class Login extends BaseModule self::openIdAuthentication($openid_url, !empty($_POST['remember'])); } - if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') { + if (!empty($_POST['auth-params']) && $_POST['auth-params'] === 'login') { self::passwordAuthentication( trim($_POST['username']), trim($_POST['password']), @@ -81,22 +84,23 @@ class Login extends BaseModule { $noid = Config::get('system', 'no_openid'); + $a = self::getApp(); + // if it's an email address or doesn't resolve to a URL, fail. if ($noid || strpos($openid_url, '@') || !Network::isUrlValid($openid_url)) { notice(L10n::t('Login failed.') . EOL); - goaway(self::getApp()->get_baseurl()); + $a->internalRedirect(); // NOTREACHED } // Otherwise it's probably an openid. try { - $a = get_app(); - $openid = new LightOpenID($a->get_hostname()); + $openid = new LightOpenID($a->getHostName()); $openid->identity = $openid_url; $_SESSION['openid'] = $openid_url; $_SESSION['remember'] = $remember; - $openid->returnUrl = self::getApp()->get_baseurl(true) . '/openid'; - goaway($openid->authUrl()); + $openid->returnUrl = $a->getBaseURL(true) . '/openid'; + System::externalRedirect($openid->authUrl()); } catch (Exception $e) { notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . L10n::t('The error message was:') . ' ' . $e->getMessage()); } @@ -120,6 +124,8 @@ class Login extends BaseModule 'user_record' => null ]; + $a = self::getApp(); + /* * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record * Addons should never set 'authenticated' except to indicate success - as hooks may be chained @@ -135,33 +141,33 @@ class Login extends BaseModule throw new Exception(L10n::t('Login failed.')); } } else { - $record = dba::selectFirst('user', [], + $record = DBA::selectFirst('user', [], ['uid' => User::getIdFromPasswordAuthentication($username, $password)] ); } } catch (Exception $e) { - logger('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']); - notice($e->getMessage() . EOL); - goaway(self::getApp()->get_baseurl() . '/login'); + Logger::log('authenticate: failed login attempt: ' . Strings::escapeTags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']); + info('Login failed. Please check your credentials.' . EOL); + $a->internalRedirect(); } if (!$remember) { - new_cookie(0); // 0 means delete on browser exit + Authentication::setCookie(0); // 0 means delete on browser exit } // if we haven't failed up this point, log them in. $_SESSION['remember'] = $remember; $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); - authenticate_success($record, true, true); + Authentication::setAuthenticatedSessionForUser($record, true, true); - if (x($_SESSION, 'return_url')) { - $return_url = $_SESSION['return_url']; - unset($_SESSION['return_url']); + if (!empty($_SESSION['return_path'])) { + $return_path = $_SESSION['return_path']; + unset($_SESSION['return_path']); } else { - $return_url = ''; + $return_path = ''; } - goaway($return_url); + $a->internalRedirect($return_path); } /** @@ -171,12 +177,14 @@ class Login extends BaseModule */ public static function sessionAuth() { + $a = self::getApp(); + // When the "Friendica" cookie is set, take the value to authenticate and renew the cookie. if (isset($_COOKIE["Friendica"])) { $data = json_decode($_COOKIE["Friendica"]); if (isset($data->uid)) { - $user = dba::selectFirst('user', [], + $user = DBA::selectFirst('user', [], [ 'uid' => $data->uid, 'blocked' => false, @@ -185,22 +193,22 @@ class Login extends BaseModule 'verified' => true, ] ); - if (DBM::is_result($user)) { - if ($data->hash != cookie_hash($user)) { - logger("Hash for user " . $data->uid . " doesn't fit."); - nuke_session(); - goaway(self::getApp()->get_baseurl()); + if (DBA::isResult($user)) { + if ($data->hash != Authentication::getCookieHashForUser($user)) { + Logger::log("Hash for user " . $data->uid . " doesn't fit."); + Authentication::deleteSession(); + $a->internalRedirect(); } // Renew the cookie // Expires after 7 days by default, // can be set via system.auth_cookie_lifetime $authcookiedays = Config::get('system', 'auth_cookie_lifetime', 7); - new_cookie($authcookiedays * 24 * 60 * 60, $user); + Authentication::setCookie($authcookiedays * 24 * 60 * 60, $user); // Do the authentification if not done by now if (!isset($_SESSION) || !isset($_SESSION['authenticated'])) { - authenticate_success($user); + Authentication::setAuthenticatedSessionForUser($user); if (Config::get('system', 'paranoia')) { $_SESSION['addr'] = $data->ip; @@ -210,28 +218,26 @@ class Login extends BaseModule } } - if (isset($_SESSION) && x($_SESSION, 'authenticated')) { - if (x($_SESSION, 'visitor_id') && !x($_SESSION, 'uid')) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval($_SESSION['visitor_id']) - ); - if (DBM::is_result($r)) { - self::getApp()->contact = $r[0]; + if (!empty($_SESSION['authenticated'])) { + if (!empty($_SESSION['visitor_id']) && empty($_SESSION['uid'])) { + $contact = DBA::selectFirst('contact', [], ['id' => $_SESSION['visitor_id']]); + if (DBA::isResult($contact)) { + self::getApp()->contact = $contact; } } - if (x($_SESSION, 'uid')) { + if (!empty($_SESSION['uid'])) { // already logged in user returning $check = Config::get('system', 'paranoia'); // extra paranoia - if the IP changed, log them out if ($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) { - logger('Session address changed. Paranoid setting in effect, blocking session. ' . + Logger::log('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - nuke_session(); - goaway(self::getApp()->get_baseurl()); + Authentication::deleteSession(); + $a->internalRedirect(); } - $user = dba::selectFirst('user', [], + $user = DBA::selectFirst('user', [], [ 'uid' => $_SESSION['uid'], 'blocked' => false, @@ -240,22 +246,22 @@ class Login extends BaseModule 'verified' => true, ] ); - if (!DBM::is_result($user)) { - nuke_session(); - goaway(self::getApp()->get_baseurl()); + if (!DBA::isResult($user)) { + Authentication::deleteSession(); + $a->internalRedirect(); } // Make sure to refresh the last login time for the user if the user // stays logged in for a long time, e.g. with "Remember Me" $login_refresh = false; - if (!x($_SESSION['last_login_date'])) { + if (empty($_SESSION['last_login_date'])) { $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); } if (strcmp(DateTimeFormat::utc('now - 12 hours'), $_SESSION['last_login_date']) > 0) { $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); $login_refresh = true; } - authenticate_success($user, false, false, $login_refresh); + Authentication::setAuthenticatedSessionForUser($user, false, false, $login_refresh); } } } @@ -263,17 +269,17 @@ class Login extends BaseModule /** * @brief Wrapper for adding a login box. * - * @param string $return_url The url relative to the base the user should be sent + * @param string $return_path The path relative to the base the user should be sent * back to after login completes * @param bool $register If $register == true provide a registration link. - * This will most always depend on the value of $a->config['register_policy']. + * This will most always depend on the value of config.register_policy. * @param array $hiddens optional * * @return string Returns the complete html for inserting into the page * * @hooks 'login_hook' string $o */ - public static function form($return_url = null, $register = false, $hiddens = []) + public static function form($return_path = null, $register = false, $hiddens = []) { $a = self::getApp(); $o = ''; @@ -287,28 +293,28 @@ class Login extends BaseModule $noid = Config::get('system', 'no_openid'); - if (is_null($return_url)) { - $return_url = $a->query_string; + if (is_null($return_path)) { + $return_path = $a->query_string; } if (local_user()) { - $tpl = get_markup_template('logout.tpl'); + $tpl = Renderer::getMarkupTemplate('logout.tpl'); } else { - $a->page['htmlhead'] .= replace_macros( - get_markup_template('login_head.tpl'), + $a->page['htmlhead'] .= Renderer::replaceMacros( + Renderer::getMarkupTemplate('login_head.tpl'), [ - '$baseurl' => $a->get_baseurl(true) + '$baseurl' => $a->getBaseURL(true) ] ); - $tpl = get_markup_template('login.tpl'); - $_SESSION['return_url'] = $return_url; + $tpl = Renderer::getMarkupTemplate('login.tpl'); + $_SESSION['return_path'] = $return_path; } - $o .= replace_macros( + $o .= Renderer::replaceMacros( $tpl, [ - '$dest_url' => self::getApp()->get_baseurl(true) . '/login', + '$dest_url' => self::getApp()->getBaseURL(true) . '/login', '$logout' => L10n::t('Logout'), '$login' => L10n::t('Login'),