miniflux-legacy/app/models/remember_me.php

164 lines
3.2 KiB
PHP
Raw Normal View History

2014-05-27 02:47:40 +02:00
<?php
2016-08-25 03:17:58 +02:00
namespace Miniflux\Model\RememberMe;
2014-05-27 02:47:40 +02:00
use Miniflux\Session\SessionStorage;
2016-08-25 03:17:58 +02:00
use Miniflux\Helper;
use Miniflux\Model\User;
use PicoDb\Database;
2014-05-27 02:47:40 +02:00
const TABLE = 'remember_me';
2014-05-27 02:47:40 +02:00
const COOKIE_NAME = '_R_';
const EXPIRATION = 5184000;
2014-05-27 02:47:40 +02:00
function get_record($token, $sequence)
2014-05-27 02:47:40 +02:00
{
2015-08-15 03:33:39 +02:00
return Database::getInstance('db')
->table(TABLE)
->eq('token', $token)
->eq('sequence', $sequence)
->gt('expiration', time())
->findOne();
2014-05-27 02:47:40 +02:00
}
function authenticate()
{
$credentials = read_cookie();
if ($credentials !== false) {
$record = get_record($credentials['token'], $credentials['sequence']);
2014-05-27 02:47:40 +02:00
if ($record) {
$user = User\get_user_by_id($record['user_id']);
SessionStorage::getInstance()->setUser($user);
2014-05-27 02:47:40 +02:00
return true;
}
}
return false;
}
function destroy()
{
$credentials = read_cookie();
if ($credentials !== false) {
2015-08-15 03:33:39 +02:00
Database::getInstance('db')
2014-05-27 02:47:40 +02:00
->table(TABLE)
->eq('token', $credentials['token'])
->remove();
}
2015-01-18 00:53:40 +01:00
delete_cookie();
2014-05-27 02:47:40 +02:00
}
function create($user_id, $ip, $user_agent)
2014-05-27 02:47:40 +02:00
{
$token = hash('sha256', $user_id.$user_agent.$ip.Helper\generate_token());
$sequence = Helper\generate_token();
2014-05-27 02:47:40 +02:00
$expiration = time() + EXPIRATION;
cleanup();
2015-08-15 03:33:39 +02:00
Database::getInstance('db')
2014-05-27 02:47:40 +02:00
->table(TABLE)
->insert(array(
'user_id' => $user_id,
2014-05-27 02:47:40 +02:00
'ip' => $ip,
'user_agent' => $user_agent,
'token' => $token,
'sequence' => $sequence,
'expiration' => $expiration,
'date_creation' => time(),
));
return array(
'token' => $token,
'sequence' => $sequence,
'expiration' => $expiration,
);
}
function cleanup()
{
2015-08-15 03:33:39 +02:00
return Database::getInstance('db')
->table(TABLE)
->lt('expiration', time())
->remove();
2014-05-27 02:47:40 +02:00
}
function remove_user_sessions($user_id)
{
return Database::getInstance('db')
->table(TABLE)
->eq('user_id', $user_id)
->remove();
}
2015-03-31 02:13:07 +02:00
function update($token)
2014-05-27 02:47:40 +02:00
{
$new_sequence = Helper\generate_token();
2014-05-27 02:47:40 +02:00
2015-08-15 03:33:39 +02:00
Database::getInstance('db')
2014-05-27 02:47:40 +02:00
->table(TABLE)
->eq('token', $token)
->update(array('sequence' => $new_sequence));
return $new_sequence;
}
function encode_cookie($token, $sequence)
{
return implode('|', array($token, $sequence));
2014-05-27 02:47:40 +02:00
}
function decode_cookie($value)
{
@list($token, $sequence) = explode('|', $value);
2014-05-27 02:47:40 +02:00
return array(
'token' => $token,
'sequence' => $sequence,
);
}
function has_cookie()
{
return ! empty($_COOKIE[COOKIE_NAME]);
}
function write_cookie($token, $sequence, $expiration)
{
setcookie(
COOKIE_NAME,
encode_cookie($token, $sequence),
$expiration,
BASE_URL_DIRECTORY,
null,
2016-08-25 03:17:58 +02:00
Helper\is_secure_connection(),
2014-05-27 02:47:40 +02:00
true
);
}
function read_cookie()
{
if (empty($_COOKIE[COOKIE_NAME])) {
return false;
}
return decode_cookie($_COOKIE[COOKIE_NAME]);
}
function delete_cookie()
{
setcookie(
COOKIE_NAME,
'',
time() - 3600,
BASE_URL_DIRECTORY,
null,
2016-08-25 03:17:58 +02:00
Helper\is_secure_connection(),
2014-05-27 02:47:40 +02:00
true
);
}