From: Hypolite Petovan Date: Sun, 17 Dec 2017 16:34:43 +0000 (-0500) Subject: Add new Module classes X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=2243a82bb46ddfbe723134811dda9d4f89e4f05f;p=friendica.git Add new Module classes - Add BaseModule - Add Login module - Add Logout module --- diff --git a/src/BaseObject.php b/src/BaseObject.php index 01957164c1..5adfe096d7 100644 --- a/src/BaseObject.php +++ b/src/BaseObject.php @@ -20,7 +20,7 @@ class BaseObject * * Same as get_app from boot.php * - * @return object + * @return App */ public static function getApp() { diff --git a/src/Module/Login.php b/src/Module/Login.php new file mode 100644 index 0000000000..5183898414 --- /dev/null +++ b/src/Module/Login.php @@ -0,0 +1,311 @@ +get_baseurl()); + } + + return self::form(self::getApp()->get_baseurl(), $a->config['register_policy'] != REGISTER_CLOSED); + } + + public static function post() + { + session_unset(); + // OpenId Login + if ( + !x($_POST, 'password') + && ( + x($_POST, 'openid_url') + || x($_POST, 'username') + ) + ) { + $noid = Config::get('system', 'no_openid'); + + $openid_url = trim($_POST['openid_url'] ? : $_POST['username']); + + // if it's an email address or doesn't resolve to a URL, fail. + if ($noid || strpos($openid_url, '@') || !validate_url($openid_url)) { + notice(t('Login failed.') . EOL); + goaway(self::getApp()->get_baseurl()); + // NOTREACHED + } + + // Otherwise it's probably an openid. + try { + require_once 'library/openid.php'; + $openid = new LightOpenID; + $openid->identity = $openid_url; + $_SESSION['openid'] = $openid_url; + $_SESSION['remember'] = $_POST['remember']; + $openid->returnUrl = self::getApp()->get_baseurl(true) . '/openid'; + goaway($openid->authUrl()); + } catch (Exception $e) { + notice(t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.') . '

' . t('The error message was:') . ' ' . $e->getMessage()); + } + // NOTREACHED + } + + if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') { + $record = null; + + $addon_auth = array( + 'username' => trim($_POST['username']), + 'password' => trim($_POST['password']), + 'authenticated' => 0, + 'user_record' => null + ); + + /* + * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record + * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained + * and later plugins should not interfere with an earlier one that succeeded. + */ + call_hooks('authenticate', $addon_auth); + + if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) { + $record = $addon_auth['user_record']; + } else { + $user_id = User::authenticate(trim($_POST['username']), trim($_POST['password'])); + if ($user_id) { + $record = dba::select('user', [], ['uid' => $user_id], ['limit' => 1]); + } + } + + if (!$record || !count($record)) { + logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); + notice(t('Login failed.') . EOL); + goaway(self::getApp()->get_baseurl()); + } + + if (!$_POST['remember']) { + new_cookie(0); // 0 means delete on browser exit + } + + // if we haven't failed up this point, log them in. + $_SESSION['remember'] = $_POST['remember']; + $_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC'); + authenticate_success($record, true, true); + + if (x($_SESSION, 'return_url')) { + $return_url = $_SESSION['return_url']; + unset($_SESSION['return_url']); + } else { + $return_url = ''; + } + + goaway($return_url); + } + } + + /** + * @brief Tries to auth the user from the cookie or session + * + * @todo Should be moved to Friendica\Core\Session when it's created + */ + public static function sessionAuth() + { + // When the "Friendica" cookie is set, take the value to authenticate and renew the cookie. + if (isset($_COOKIE["Friendica"])) { + $data = json_decode($_COOKIE["Friendica"]); + if (isset($data->uid)) { + + $user = dba::select('user', + [], + [ + 'uid' => $data->uid, + 'blocked' => false, + 'account_expired' => false, + 'account_removed' => false, + 'verified' => true, + ], + ['limit' => 1] + ); + + if (DBM::is_result($user)) { + if ($data->hash != cookie_hash($user)) { + logger("Hash for user " . $data->uid . " doesn't fit."); + nuke_session(); + goaway(self::getApp()->get_baseurl()); + } + + // Renew the cookie + // Expires after 7 days by default, + // can be set via system.auth_cookie_lifetime + $authcookiedays = Config::get('system', 'auth_cookie_lifetime', 7); + new_cookie($authcookiedays * 24 * 60 * 60, $user); + + // Do the authentification if not done by now + if (!isset($_SESSION) || !isset($_SESSION['authenticated'])) { + authenticate_success($user); + + if (Config::get('system', 'paranoia')) { + $_SESSION['addr'] = $data->ip; + } + } + } + } + } + + if (isset($_SESSION) && x($_SESSION, 'authenticated')) { + if (x($_SESSION, 'visitor_id') && !x($_SESSION, 'uid')) { + $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", + intval($_SESSION['visitor_id']) + ); + if (DBM::is_result($r)) { + $a->contact = $r[0]; + } + } + + if (x($_SESSION, 'uid')) { + // already logged in user returning + $check = Config::get('system', 'paranoia'); + // extra paranoia - if the IP changed, log them out + if ($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) { + logger('Session address changed. Paranoid setting in effect, blocking session. ' . + $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); + nuke_session(); + goaway(self::getApp()->get_baseurl()); + } + + $user = dba::select('user', + [], + [ + 'uid' => $_SESSION['uid'], + 'blocked' => false, + 'account_expired' => false, + 'account_removed' => false, + 'verified' => true, + ], + ['limit' => 1] + ); + if (!DBM::is_result($user)) { + nuke_session(); + goaway(self::getApp()->get_baseurl()); + } + + // Make sure to refresh the last login time for the user if the user + // stays logged in for a long time, e.g. with "Remember Me" + $login_refresh = false; + if (!x($_SESSION['last_login_date'])) { + $_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC'); + } + if (strcmp(datetime_convert('UTC', 'UTC', 'now - 12 hours'), $_SESSION['last_login_date']) > 0) { + $_SESSION['last_login_date'] = datetime_convert('UTC', 'UTC'); + $login_refresh = true; + } + authenticate_success($user, false, false, $login_refresh); + } + } + } + + /** + * @brief Wrapper for adding a login box. + * + * @param string $return_url The url relative to the base the user should be sent + * back to after login completes + * @param bool $register If $register == true provide a registration link. + * This will most always depend on the value of $a->config['register_policy']. + * @param array $hiddens optional + * + * @return string Returns the complete html for inserting into the page + * + * @hooks 'login_hook' string $o + */ + public static function form($return_url = null, $register = false, $hiddens = []) + { + $a = self::getApp(); + $o = ''; + $reg = false; + if ($register) { + $reg = array( + 'title' => t('Create a New Account'), + 'desc' => t('Register') + ); + } + + $noid = Config::get('system', 'no_openid'); + + if (is_null($return_url)) { + $return_url = $a->query_string; + } + + if (local_user()) { + $tpl = get_markup_template('logout.tpl'); + } else { + $a->page['htmlhead'] .= replace_macros( + get_markup_template('login_head.tpl'), + [ + '$baseurl' => $a->get_baseurl(true) + ] + ); + + $tpl = get_markup_template('login.tpl'); + $_SESSION['return_url'] = $return_url; + } + + $o .= replace_macros( + $tpl, + [ + '$dest_url' => self::getApp()->get_baseurl(true) . '/login', + '$logout' => t('Logout'), + '$login' => t('Login'), + + '$lname' => array('username', t('Nickname or Email: ') , '', ''), + '$lpassword' => array('password', t('Password: '), '', ''), + '$lremember' => array('remember', t('Remember me'), 0, ''), + + '$openid' => !$noid, + '$lopenid' => array('openid_url', t('Or login using OpenID: '),'',''), + + '$hiddens' => $hiddens, + + '$register' => $reg, + + '$lostpass' => t('Forgot your password?'), + '$lostlink' => t('Password Reset'), + + '$tostitle' => t('Website Terms of Service'), + '$toslink' => t('terms of service'), + + '$privacytitle' => t('Website Privacy Policy'), + '$privacylink' => t('privacy policy'), + ] + ); + + call_hooks('login_hook', $o); + + return $o; + } +} \ No newline at end of file diff --git a/src/Module/Logout.php b/src/Module/Logout.php new file mode 100644 index 0000000000..5c3035eed9 --- /dev/null +++ b/src/Module/Logout.php @@ -0,0 +1,29 @@ +get_baseurl()); + } +} \ No newline at end of file