X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FLogin.php;h=df918c44c8ed0aee91af7e6e2b774486f4e287f8;hb=2a881cc2e71b1677cc9ce98001ae3f157743e542;hp=fdfa6623fe2dafbc9679b233e1ba4ab0c9ea0ae3;hpb=30c1cc0e8cec5438fd8fe36bd4ea00991dc01934;p=friendica.git diff --git a/src/Module/Login.php b/src/Module/Login.php index fdfa6623fe..df918c44c8 100644 --- a/src/Module/Login.php +++ b/src/Module/Login.php @@ -4,23 +4,26 @@ */ namespace Friendica\Module; +use Exception; use Friendica\BaseModule; use Friendica\Core\Addon; +use Friendica\Core\Authentication; use Friendica\Core\Config; use Friendica\Core\L10n; -use Friendica\Database\DBM; +use Friendica\Core\System; +use Friendica\Database\DBA; use Friendica\Model\User; -use dba; +use Friendica\Util\DateTimeFormat; +use Friendica\Util\Network; +use LightOpenID; require_once 'boot.php'; -require_once 'include/datetime.php'; -require_once 'include/security.php'; require_once 'include/text.php'; /** * Login module * - * @author Hypolite Petovan mrpetovan@gmail.com + * @author Hypolite Petovan */ class Login extends BaseModule { @@ -37,99 +40,134 @@ class Login extends BaseModule } if (local_user()) { - goaway(self::getApp()->get_baseurl()); + $a->internalRedirect(); } - return self::form(self::getApp()->get_baseurl(), $a->config['register_policy'] != REGISTER_CLOSED); + return self::form($_SESSION['return_path'], intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED); } public static function post() { + $return_path = $_SESSION['return_path']; session_unset(); + $_SESSION['return_path'] = $return_path; + // OpenId Login if ( - !x($_POST, 'password') + empty($_POST['password']) && ( - x($_POST, 'openid_url') - || x($_POST, 'username') + !empty($_POST['openid_url']) + || !empty($_POST['username']) ) ) { - $noid = Config::get('system', 'no_openid'); + $openid_url = trim(defaults($_POST, 'openid_url', $_POST['username'])); - $openid_url = trim($_POST['openid_url'] ? : $_POST['username']); + self::openIdAuthentication($openid_url, !empty($_POST['remember'])); + } - // if it's an email address or doesn't resolve to a URL, fail. - if ($noid || strpos($openid_url, '@') || !validate_url($openid_url)) { - notice(L10n::t('Login failed.') . EOL); - goaway(self::getApp()->get_baseurl()); - // NOTREACHED - } + if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') { + self::passwordAuthentication( + trim($_POST['username']), + trim($_POST['password']), + !empty($_POST['remember']) + ); + } + } - // Otherwise it's probably an openid. - try { - require_once 'library/openid.php'; - $openid = new \LightOpenID; - $openid->identity = $openid_url; - $_SESSION['openid'] = $openid_url; - $_SESSION['remember'] = $_POST['remember']; - $openid->returnUrl = self::getApp()->get_baseurl(true) . '/openid'; - goaway($openid->authUrl()); - } catch (Exception $e) { - notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . L10n::t('The error message was:') . ' ' . $e->getMessage()); - } + /** + * Attempts to authenticate using OpenId + * + * @param string $openid_url OpenID URL string + * @param bool $remember Whether to set the session remember flag + */ + private static function openIdAuthentication($openid_url, $remember) + { + $noid = Config::get('system', 'no_openid'); + + $a = self::getApp(); + + // if it's an email address or doesn't resolve to a URL, fail. + if ($noid || strpos($openid_url, '@') || !Network::isUrlValid($openid_url)) { + notice(L10n::t('Login failed.') . EOL); + $a->internalRedirect(); // NOTREACHED } - if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') { - $record = null; - - $addon_auth = [ - 'username' => trim($_POST['username']), - 'password' => trim($_POST['password']), - 'authenticated' => 0, - 'user_record' => null - ]; + // Otherwise it's probably an openid. + try { + $openid = new LightOpenID($a->getHostName()); + $openid->identity = $openid_url; + $_SESSION['openid'] = $openid_url; + $_SESSION['remember'] = $remember; + $openid->returnUrl = $a->getBaseURL(true) . '/openid'; + System::externalRedirect($openid->authUrl()); + } catch (Exception $e) { + notice(L10n::t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . L10n::t('The error message was:') . ' ' . $e->getMessage()); + } + } - /* - * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record - * Addons should never set 'authenticated' except to indicate success - as hooks may be chained - * and later addons should not interfere with an earlier one that succeeded. - */ - Addon::callHooks('authenticate', $addon_auth); + /** + * Attempts to authenticate using login/password + * + * @param string $username User name + * @param string $password Clear password + * @param bool $remember Whether to set the session remember flag + */ + private static function passwordAuthentication($username, $password, $remember) + { + $record = null; - if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) { - $record = $addon_auth['user_record']; - } else { - $user_id = User::authenticate(trim($_POST['username']), trim($_POST['password'])); - if ($user_id) { - $record = dba::selectFirst('user', [], ['uid' => $user_id]); - } - } + $addon_auth = [ + 'username' => $username, + 'password' => $password, + 'authenticated' => 0, + 'user_record' => null + ]; - if (!$record || !count($record)) { - logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); - notice(L10n::t('Login failed.') . EOL); - goaway(self::getApp()->get_baseurl()); - } + $a = self::getApp(); - if (!$_POST['remember']) { - new_cookie(0); // 0 means delete on browser exit - } + /* + * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record + * Addons should never set 'authenticated' except to indicate success - as hooks may be chained + * and later addons should not interfere with an earlier one that succeeded. + */ + Addon::callHooks('authenticate', $addon_auth); - // if we haven't failed up this point, log them in. - $_SESSION['remember'] = $_POST['remember']; - $_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC'); - authenticate_success($record, true, true); + try { + if ($addon_auth['authenticated']) { + $record = $addon_auth['user_record']; - if (x($_SESSION, 'return_url')) { - $return_url = $_SESSION['return_url']; - unset($_SESSION['return_url']); + if (empty($record)) { + throw new Exception(L10n::t('Login failed.')); + } } else { - $return_url = ''; + $record = DBA::selectFirst('user', [], + ['uid' => User::getIdFromPasswordAuthentication($username, $password)] + ); } + } catch (Exception $e) { + logger('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']); + info('Login failed. Please check your credentials.' . EOL); + $a->internalRedirect(); + } + + if (!$remember) { + Authentication::setCookie(0); // 0 means delete on browser exit + } + + // if we haven't failed up this point, log them in. + $_SESSION['remember'] = $remember; + $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); + Authentication::setAuthenticatedSessionForUser($record, true, true); - goaway($return_url); + if (x($_SESSION, 'return_path')) { + $return_path = $_SESSION['return_path']; + unset($_SESSION['return_path']); + } else { + $return_path = ''; } + + $a->internalRedirect($return_path); } /** @@ -139,12 +177,14 @@ class Login extends BaseModule */ public static function sessionAuth() { + $a = self::getApp(); + // When the "Friendica" cookie is set, take the value to authenticate and renew the cookie. if (isset($_COOKIE["Friendica"])) { $data = json_decode($_COOKIE["Friendica"]); if (isset($data->uid)) { - $user = dba::selectFirst('user', [], + $user = DBA::selectFirst('user', [], [ 'uid' => $data->uid, 'blocked' => false, @@ -153,22 +193,22 @@ class Login extends BaseModule 'verified' => true, ] ); - if (DBM::is_result($user)) { - if ($data->hash != cookie_hash($user)) { + if (DBA::isResult($user)) { + if ($data->hash != Authentication::getCookieHashForUser($user)) { logger("Hash for user " . $data->uid . " doesn't fit."); - nuke_session(); - goaway(self::getApp()->get_baseurl()); + Authentication::deleteSession(); + $a->internalRedirect(); } // Renew the cookie // Expires after 7 days by default, // can be set via system.auth_cookie_lifetime $authcookiedays = Config::get('system', 'auth_cookie_lifetime', 7); - new_cookie($authcookiedays * 24 * 60 * 60, $user); + Authentication::setCookie($authcookiedays * 24 * 60 * 60, $user); // Do the authentification if not done by now if (!isset($_SESSION) || !isset($_SESSION['authenticated'])) { - authenticate_success($user); + Authentication::setAuthenticatedSessionForUser($user); if (Config::get('system', 'paranoia')) { $_SESSION['addr'] = $data->ip; @@ -180,11 +220,9 @@ class Login extends BaseModule if (isset($_SESSION) && x($_SESSION, 'authenticated')) { if (x($_SESSION, 'visitor_id') && !x($_SESSION, 'uid')) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval($_SESSION['visitor_id']) - ); - if (DBM::is_result($r)) { - self::getApp()->contact = $r[0]; + $contact = DBA::selectFirst('contact', [], ['id' => $_SESSION['visitor_id']]); + if (DBA::isResult($contact)) { + self::getApp()->contact = $contact; } } @@ -195,11 +233,11 @@ class Login extends BaseModule if ($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) { logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - nuke_session(); - goaway(self::getApp()->get_baseurl()); + Authentication::deleteSession(); + $a->internalRedirect(); } - $user = dba::selectFirst('user', [], + $user = DBA::selectFirst('user', [], [ 'uid' => $_SESSION['uid'], 'blocked' => false, @@ -208,22 +246,22 @@ class Login extends BaseModule 'verified' => true, ] ); - if (!DBM::is_result($user)) { - nuke_session(); - goaway(self::getApp()->get_baseurl()); + if (!DBA::isResult($user)) { + Authentication::deleteSession(); + $a->internalRedirect(); } // Make sure to refresh the last login time for the user if the user // stays logged in for a long time, e.g. with "Remember Me" $login_refresh = false; - if (!x($_SESSION['last_login_date'])) { - $_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC'); + if (empty($_SESSION['last_login_date'])) { + $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); } - if (strcmp(datetime_convert('UTC', 'UTC', 'now - 12 hours'), $_SESSION['last_login_date']) > 0) { - $_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC'); + if (strcmp(DateTimeFormat::utc('now - 12 hours'), $_SESSION['last_login_date']) > 0) { + $_SESSION['last_login_date'] = DateTimeFormat::utcNow(); $login_refresh = true; } - authenticate_success($user, false, false, $login_refresh); + Authentication::setAuthenticatedSessionForUser($user, false, false, $login_refresh); } } } @@ -231,17 +269,17 @@ class Login extends BaseModule /** * @brief Wrapper for adding a login box. * - * @param string $return_url The url relative to the base the user should be sent + * @param string $return_path The path relative to the base the user should be sent * back to after login completes * @param bool $register If $register == true provide a registration link. - * This will most always depend on the value of $a->config['register_policy']. + * This will most always depend on the value of config.register_policy. * @param array $hiddens optional * * @return string Returns the complete html for inserting into the page * * @hooks 'login_hook' string $o */ - public static function form($return_url = null, $register = false, $hiddens = []) + public static function form($return_path = null, $register = false, $hiddens = []) { $a = self::getApp(); $o = ''; @@ -255,8 +293,8 @@ class Login extends BaseModule $noid = Config::get('system', 'no_openid'); - if (is_null($return_url)) { - $return_url = $a->query_string; + if (is_null($return_path)) { + $return_path = $a->query_string; } if (local_user()) { @@ -265,18 +303,18 @@ class Login extends BaseModule $a->page['htmlhead'] .= replace_macros( get_markup_template('login_head.tpl'), [ - '$baseurl' => $a->get_baseurl(true) + '$baseurl' => $a->getBaseURL(true) ] ); $tpl = get_markup_template('login.tpl'); - $_SESSION['return_url'] = $return_url; + $_SESSION['return_path'] = $return_path; } $o .= replace_macros( $tpl, [ - '$dest_url' => self::getApp()->get_baseurl(true) . '/login', + '$dest_url' => self::getApp()->getBaseURL(true) . '/login', '$logout' => L10n::t('Logout'), '$login' => L10n::t('Login'),