X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FLogin.php;h=ad5d5ad0b6acbc66d5e6d9eb6a2294a54d3010b4;hb=947cc98cc43a82cb3e67b51a897009a7bd2629a0;hp=790fc3de8e08520d14de2623734c42e92841e997;hpb=dc366bf1f7b5b7b0fc1c1a86772783074b301993;p=friendica.git diff --git a/src/Module/Login.php b/src/Module/Login.php index 790fc3de8e..ad5d5ad0b6 100644 --- a/src/Module/Login.php +++ b/src/Module/Login.php @@ -4,27 +4,25 @@ */ namespace Friendica\Module; +use Exception; use Friendica\BaseModule; use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; -use Friendica\Database\DBM; +use Friendica\Database\DBA; use Friendica\Model\User; +use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; -use Friendica\Util\Temporal; -use dba; -use Exception; use LightOpenID; require_once 'boot.php'; -require_once 'include/datetime.php'; require_once 'include/security.php'; require_once 'include/text.php'; /** * Login module * - * @author Hypolite Petovan mrpetovan@gmail.com + * @author Hypolite Petovan */ class Login extends BaseModule { @@ -44,7 +42,7 @@ class Login extends BaseModule goaway(self::getApp()->get_baseurl()); } - return self::form(self::getApp()->get_baseurl(), $a->config['register_policy'] != REGISTER_CLOSED); + return self::form(self::getApp()->get_baseurl(), intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED); } public static function post() @@ -52,87 +50,117 @@ class Login extends BaseModule session_unset(); // OpenId Login if ( - !x($_POST, 'password') + empty($_POST['password']) && ( - x($_POST, 'openid_url') - || x($_POST, 'username') + !empty($_POST['openid_url']) + || !empty($_POST['username']) ) ) { - $noid = Config::get('system', 'no_openid'); - - $openid_url = trim($_POST['openid_url'] ? : $_POST['username']); + $openid_url = trim(defaults($_POST, 'openid_url', $_POST['username'])); - // if it's an email address or doesn't resolve to a URL, fail. - if ($noid || strpos($openid_url, '@') || !Network::isUrlValid($openid_url)) { - notice(L10n::t('Login failed.') . EOL); - goaway(self::getApp()->get_baseurl()); - // NOTREACHED - } - - // Otherwise it's probably an openid. - try { - $openid = new LightOpenID; - $openid->identity = $openid_url; - $_SESSION['openid'] = $openid_url; - $_SESSION['remember'] = $_POST['remember']; - $openid->returnUrl = self::getApp()->get_baseurl(true) . '/openid'; - goaway($openid->authUrl()); - } catch (Exception $e) { - notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . L10n::t('The error message was:') . ' ' . $e->getMessage()); - } - // NOTREACHED + self::openIdAuthentication($openid_url, !empty($_POST['remember'])); } if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') { - $record = null; + self::passwordAuthentication( + trim($_POST['username']), + trim($_POST['password']), + !empty($_POST['remember']) + ); + } + } - $addon_auth = [ - 'username' => trim($_POST['username']), - 'password' => trim($_POST['password']), - 'authenticated' => 0, - 'user_record' => null - ]; + /** + * Attempts to authenticate using OpenId + * + * @param string $openid_url OpenID URL string + * @param bool $remember Whether to set the session remember flag + */ + private static function openIdAuthentication($openid_url, $remember) + { + $noid = Config::get('system', 'no_openid'); - /* - * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record - * Addons should never set 'authenticated' except to indicate success - as hooks may be chained - * and later addons should not interfere with an earlier one that succeeded. - */ - Addon::callHooks('authenticate', $addon_auth); + // if it's an email address or doesn't resolve to a URL, fail. + if ($noid || strpos($openid_url, '@') || !Network::isUrlValid($openid_url)) { + notice(L10n::t('Login failed.') . EOL); + goaway(self::getApp()->get_baseurl()); + // NOTREACHED + } - if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) { - $record = $addon_auth['user_record']; - } else { - $user_id = User::authenticate(trim($_POST['username']), trim($_POST['password'])); - if ($user_id) { - $record = dba::selectFirst('user', [], ['uid' => $user_id]); - } - } + // Otherwise it's probably an openid. + try { + $a = get_app(); + $openid = new LightOpenID($a->get_hostname()); + $openid->identity = $openid_url; + $_SESSION['openid'] = $openid_url; + $_SESSION['remember'] = $remember; + $openid->returnUrl = self::getApp()->get_baseurl(true) . '/openid'; + goaway($openid->authUrl()); + } catch (Exception $e) { + notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . L10n::t('The error message was:') . ' ' . $e->getMessage()); + } + } - if (!$record || !count($record)) { - logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); - notice(L10n::t('Login failed.') . EOL); - goaway(self::getApp()->get_baseurl()); - } + /** + * Attempts to authenticate using login/password + * + * @param string $username User name + * @param string $password Clear password + * @param bool $remember Whether to set the session remember flag + */ + private static function passwordAuthentication($username, $password, $remember) + { + $record = null; + + $addon_auth = [ + 'username' => $username, + 'password' => $password, + 'authenticated' => 0, + 'user_record' => null + ]; + + /* + * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record + * Addons should never set 'authenticated' except to indicate success - as hooks may be chained + * and later addons should not interfere with an earlier one that succeeded. + */ + Addon::callHooks('authenticate', $addon_auth); + + try { + if ($addon_auth['authenticated']) { + $record = $addon_auth['user_record']; - if (!$_POST['remember']) { - new_cookie(0); // 0 means delete on browser exit + if (empty($record)) { + throw new Exception(L10n::t('Login failed.')); + } + } else { + $record = DBA::selectFirst('user', [], + ['uid' => User::getIdFromPasswordAuthentication($username, $password)] + ); } + } catch (Exception $e) { + logger('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']); + info('Login failed. Please check your credentials.' . EOL); + goaway('/'); + } - // if we haven't failed up this point, log them in. - $_SESSION['remember'] = $_POST['remember']; - $_SESSION['last_login_date'] = Temporal::convert(); - authenticate_success($record, true, true); + if (!$remember) { + new_cookie(0); // 0 means delete on browser exit + } - if (x($_SESSION, 'return_url')) { - $return_url = $_SESSION['return_url']; - unset($_SESSION['return_url']); - } else { - $return_url = ''; - } + // if we haven't failed up this point, log them in. + $_SESSION['remember'] = $remember; + $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); + authenticate_success($record, true, true); - goaway($return_url); + if (x($_SESSION, 'return_url')) { + $return_url = $_SESSION['return_url']; + unset($_SESSION['return_url']); + } else { + $return_url = ''; } + + goaway($return_url); } /** @@ -147,7 +175,7 @@ class Login extends BaseModule $data = json_decode($_COOKIE["Friendica"]); if (isset($data->uid)) { - $user = dba::selectFirst('user', [], + $user = DBA::selectFirst('user', [], [ 'uid' => $data->uid, 'blocked' => false, @@ -156,7 +184,7 @@ class Login extends BaseModule 'verified' => true, ] ); - if (DBM::is_result($user)) { + if (DBA::isResult($user)) { if ($data->hash != cookie_hash($user)) { logger("Hash for user " . $data->uid . " doesn't fit."); nuke_session(); @@ -183,11 +211,9 @@ class Login extends BaseModule if (isset($_SESSION) && x($_SESSION, 'authenticated')) { if (x($_SESSION, 'visitor_id') && !x($_SESSION, 'uid')) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval($_SESSION['visitor_id']) - ); - if (DBM::is_result($r)) { - self::getApp()->contact = $r[0]; + $contact = DBA::selectFirst('contact', [], ['id' => $_SESSION['visitor_id']]); + if (DBA::isResult($contact)) { + self::getApp()->contact = $contact; } } @@ -202,7 +228,7 @@ class Login extends BaseModule goaway(self::getApp()->get_baseurl()); } - $user = dba::selectFirst('user', [], + $user = DBA::selectFirst('user', [], [ 'uid' => $_SESSION['uid'], 'blocked' => false, @@ -211,7 +237,7 @@ class Login extends BaseModule 'verified' => true, ] ); - if (!DBM::is_result($user)) { + if (!DBA::isResult($user)) { nuke_session(); goaway(self::getApp()->get_baseurl()); } @@ -219,11 +245,11 @@ class Login extends BaseModule // Make sure to refresh the last login time for the user if the user // stays logged in for a long time, e.g. with "Remember Me" $login_refresh = false; - if (!x($_SESSION['last_login_date'])) { - $_SESSION['last_login_date'] = Temporal::convert(); + if (empty($_SESSION['last_login_date'])) { + $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); } - if (strcmp(Temporal::convert('now - 12 hours'), $_SESSION['last_login_date']) > 0) { - $_SESSION['last_login_date'] = Temporal::convert(); + if (strcmp(DateTimeFormat::utc('now - 12 hours'), $_SESSION['last_login_date']) > 0) { + $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); $login_refresh = true; } authenticate_success($user, false, false, $login_refresh); @@ -237,7 +263,7 @@ class Login extends BaseModule * @param string $return_url The url relative to the base the user should be sent * back to after login completes * @param bool $register If $register == true provide a registration link. - * This will most always depend on the value of $a->config['register_policy']. + * This will most always depend on the value of config.register_policy. * @param array $hiddens optional * * @return string Returns the complete html for inserting into the page