2014-05-27 02:47:40 +02:00
|
|
|
<?php
|
|
|
|
|
2016-08-25 03:17:58 +02:00
|
|
|
namespace Miniflux\Model\RememberMe;
|
2014-05-27 02:47:40 +02:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
use Miniflux\Session\SessionStorage;
|
2016-08-25 03:17:58 +02:00
|
|
|
use Miniflux\Helper;
|
2016-12-26 15:44:53 +01:00
|
|
|
use Miniflux\Model\User;
|
|
|
|
use PicoDb\Database;
|
2014-05-27 02:47:40 +02:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
const TABLE = 'remember_me';
|
2014-05-27 02:47:40 +02:00
|
|
|
const COOKIE_NAME = '_R_';
|
2016-12-26 15:44:53 +01:00
|
|
|
const EXPIRATION = 5184000;
|
2014-05-27 02:47:40 +02:00
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
function get_record($token, $sequence)
|
2014-05-27 02:47:40 +02:00
|
|
|
{
|
2015-08-15 03:33:39 +02:00
|
|
|
return Database::getInstance('db')
|
2016-12-26 15:44:53 +01:00
|
|
|
->table(TABLE)
|
|
|
|
->eq('token', $token)
|
|
|
|
->eq('sequence', $sequence)
|
|
|
|
->gt('expiration', time())
|
|
|
|
->findOne();
|
2014-05-27 02:47:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
function authenticate()
|
|
|
|
{
|
|
|
|
$credentials = read_cookie();
|
|
|
|
|
|
|
|
if ($credentials !== false) {
|
2016-12-26 15:44:53 +01:00
|
|
|
$record = get_record($credentials['token'], $credentials['sequence']);
|
2014-05-27 02:47:40 +02:00
|
|
|
|
|
|
|
if ($record) {
|
2016-12-26 15:44:53 +01:00
|
|
|
$user = User\get_user_by_id($record['user_id']);
|
|
|
|
SessionStorage::getInstance()->setUser($user);
|
2014-05-27 02:47:40 +02:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
function destroy()
|
|
|
|
{
|
|
|
|
$credentials = read_cookie();
|
|
|
|
|
|
|
|
if ($credentials !== false) {
|
2015-08-15 03:33:39 +02:00
|
|
|
Database::getInstance('db')
|
2014-05-27 02:47:40 +02:00
|
|
|
->table(TABLE)
|
|
|
|
->eq('token', $credentials['token'])
|
|
|
|
->remove();
|
|
|
|
}
|
2015-01-18 00:53:40 +01:00
|
|
|
|
|
|
|
delete_cookie();
|
2014-05-27 02:47:40 +02:00
|
|
|
}
|
|
|
|
|
2016-12-26 15:44:53 +01:00
|
|
|
function create($user_id, $ip, $user_agent)
|
2014-05-27 02:47:40 +02:00
|
|
|
{
|
2016-12-26 15:44:53 +01:00
|
|
|
$token = hash('sha256', $user_id.$user_agent.$ip.Helper\generate_token());
|
2016-08-18 03:41:14 +02:00
|
|
|
$sequence = Helper\generate_token();
|
2014-05-27 02:47:40 +02:00
|
|
|
$expiration = time() + EXPIRATION;
|
|
|
|
|
|
|
|
cleanup();
|
|
|
|
|
2015-08-15 03:33:39 +02:00
|
|
|
Database::getInstance('db')
|
2014-05-27 02:47:40 +02:00
|
|
|
->table(TABLE)
|
|
|
|
->insert(array(
|
2016-12-26 15:44:53 +01:00
|
|
|
'user_id' => $user_id,
|
2014-05-27 02:47:40 +02:00
|
|
|
'ip' => $ip,
|
|
|
|
'user_agent' => $user_agent,
|
|
|
|
'token' => $token,
|
|
|
|
'sequence' => $sequence,
|
|
|
|
'expiration' => $expiration,
|
|
|
|
'date_creation' => time(),
|
|
|
|
));
|
|
|
|
|
|
|
|
return array(
|
|
|
|
'token' => $token,
|
|
|
|
'sequence' => $sequence,
|
|
|
|
'expiration' => $expiration,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
function cleanup()
|
|
|
|
{
|
2015-08-15 03:33:39 +02:00
|
|
|
return Database::getInstance('db')
|
2016-12-26 15:44:53 +01:00
|
|
|
->table(TABLE)
|
|
|
|
->lt('expiration', time())
|
|
|
|
->remove();
|
2014-05-27 02:47:40 +02:00
|
|
|
}
|
|
|
|
|
2017-01-04 03:22:12 +01:00
|
|
|
function remove_user_sessions($user_id)
|
|
|
|
{
|
|
|
|
return Database::getInstance('db')
|
|
|
|
->table(TABLE)
|
|
|
|
->eq('user_id', $user_id)
|
|
|
|
->remove();
|
|
|
|
}
|
|
|
|
|
2015-03-31 02:13:07 +02:00
|
|
|
function update($token)
|
2014-05-27 02:47:40 +02:00
|
|
|
{
|
2016-08-18 03:41:14 +02:00
|
|
|
$new_sequence = Helper\generate_token();
|
2014-05-27 02:47:40 +02:00
|
|
|
|
2015-08-15 03:33:39 +02:00
|
|
|
Database::getInstance('db')
|
2014-05-27 02:47:40 +02:00
|
|
|
->table(TABLE)
|
|
|
|
->eq('token', $token)
|
|
|
|
->update(array('sequence' => $new_sequence));
|
|
|
|
|
|
|
|
return $new_sequence;
|
|
|
|
}
|
|
|
|
|
|
|
|
function encode_cookie($token, $sequence)
|
|
|
|
{
|
2016-12-26 15:44:53 +01:00
|
|
|
return implode('|', array($token, $sequence));
|
2014-05-27 02:47:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
function decode_cookie($value)
|
|
|
|
{
|
2016-12-26 15:44:53 +01:00
|
|
|
@list($token, $sequence) = explode('|', $value);
|
2014-05-27 02:47:40 +02:00
|
|
|
|
|
|
|
return array(
|
|
|
|
'token' => $token,
|
|
|
|
'sequence' => $sequence,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
function has_cookie()
|
|
|
|
{
|
|
|
|
return ! empty($_COOKIE[COOKIE_NAME]);
|
|
|
|
}
|
|
|
|
|
|
|
|
function write_cookie($token, $sequence, $expiration)
|
|
|
|
{
|
|
|
|
setcookie(
|
|
|
|
COOKIE_NAME,
|
|
|
|
encode_cookie($token, $sequence),
|
|
|
|
$expiration,
|
|
|
|
BASE_URL_DIRECTORY,
|
|
|
|
null,
|
2016-08-25 03:17:58 +02:00
|
|
|
Helper\is_secure_connection(),
|
2014-05-27 02:47:40 +02:00
|
|
|
true
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
function read_cookie()
|
|
|
|
{
|
|
|
|
if (empty($_COOKIE[COOKIE_NAME])) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return decode_cookie($_COOKIE[COOKIE_NAME]);
|
|
|
|
}
|
|
|
|
|
|
|
|
function delete_cookie()
|
|
|
|
{
|
|
|
|
setcookie(
|
|
|
|
COOKIE_NAME,
|
|
|
|
'',
|
|
|
|
time() - 3600,
|
|
|
|
BASE_URL_DIRECTORY,
|
|
|
|
null,
|
2016-08-25 03:17:58 +02:00
|
|
|
Helper\is_secure_connection(),
|
2014-05-27 02:47:40 +02:00
|
|
|
true
|
|
|
|
);
|
|
|
|
}
|