miniflux-legacy/app/models/remember_me.php

290 lines
5.7 KiB
PHP
Raw Normal View History

2014-05-26 20:47:40 -04:00
<?php
2016-08-24 21:17:58 -04:00
namespace Miniflux\Model\RememberMe;
2014-05-26 20:47:40 -04:00
use PicoDb\Database;
2016-08-24 21:17:58 -04:00
use Miniflux\Helper;
use Miniflux\Model\Config;
use Miniflux\Model\Database as DatabaseModel;
2014-05-26 20:47:40 -04:00
const TABLE = 'remember_me';
const COOKIE_NAME = '_R_';
const EXPIRATION = 5184000;
/**
* Get a remember me record
*
* @access public
2016-07-30 18:41:42 -04:00
* @param string $token
* @param string $sequence
2014-05-26 20:47:40 -04:00
* @return mixed
*/
function find($token, $sequence)
{
2015-08-14 21:33:39 -04:00
return Database::getInstance('db')
2014-05-26 20:47:40 -04:00
->table(TABLE)
->eq('token', $token)
->eq('sequence', $sequence)
->gt('expiration', time())
->findOne();
}
/**
* Get all sessions
*
* @access public
* @return array
*/
function get_all()
{
2015-08-14 21:33:39 -04:00
return Database::getInstance('db')
2014-05-26 20:47:40 -04:00
->table(TABLE)
->desc('date_creation')
->columns('id', 'ip', 'user_agent', 'date_creation', 'expiration')
->findAll();
}
/**
* Authenticate the user with the cookie
*
* @access public
* @return bool
*/
function authenticate()
{
$credentials = read_cookie();
if ($credentials !== false) {
$record = find($credentials['token'], $credentials['sequence']);
if ($record) {
// Update the sequence
write_cookie(
$record['token'],
2015-03-30 20:13:07 -04:00
update($record['token']),
2014-05-26 20:47:40 -04:00
$record['expiration']
);
// mark user as sucessfull logged in
$_SESSION['loggedin'] = true;
2014-05-26 20:47:40 -04:00
return true;
}
}
return false;
}
/**
* Update the database and the cookie with a new sequence
*
* @access public
*/
function refresh()
{
$credentials = read_cookie();
if ($credentials !== false) {
$record = find($credentials['token'], $credentials['sequence']);
if ($record) {
// Update the sequence
write_cookie(
$record['token'],
2015-03-30 20:13:07 -04:00
update($record['token']),
2014-05-26 20:47:40 -04:00
$record['expiration']
);
}
}
}
/**
* Remove the current RememberMe session and the cookie
*
* @access public
*/
function destroy()
{
$credentials = read_cookie();
if ($credentials !== false) {
2015-08-14 21:33:39 -04:00
Database::getInstance('db')
2014-05-26 20:47:40 -04:00
->table(TABLE)
->eq('token', $credentials['token'])
->remove();
}
2015-01-17 18:53:40 -05:00
delete_cookie();
2014-05-26 20:47:40 -04:00
}
/**
* Create a new RememberMe session
*
* @access public
* @param integer $dbname Database name
* @param integer $username Username
* @param string $ip IP Address
* @param string $user_agent User Agent
* @return array
*/
function create($dbname, $username, $ip, $user_agent)
{
$token = hash('sha256', $dbname.$username.$user_agent.$ip.Helper\generate_token());
$sequence = Helper\generate_token();
2014-05-26 20:47:40 -04:00
$expiration = time() + EXPIRATION;
cleanup();
2015-08-14 21:33:39 -04:00
Database::getInstance('db')
2014-05-26 20:47:40 -04:00
->table(TABLE)
->insert(array(
'username' => $username,
'ip' => $ip,
'user_agent' => $user_agent,
'token' => $token,
'sequence' => $sequence,
'expiration' => $expiration,
'date_creation' => time(),
));
return array(
'token' => $token,
'sequence' => $sequence,
'expiration' => $expiration,
);
}
/**
* Remove old sessions
*
* @access public
* @return bool
*/
function cleanup()
{
2015-08-14 21:33:39 -04:00
return Database::getInstance('db')
2014-05-26 20:47:40 -04:00
->table(TABLE)
->lt('expiration', time())
->remove();
}
/**
* Return a new sequence token and update the database
*
* @access public
* @param string $token Session token
* @return string
*/
2015-03-30 20:13:07 -04:00
function update($token)
2014-05-26 20:47:40 -04:00
{
$new_sequence = Helper\generate_token();
2014-05-26 20:47:40 -04:00
2015-08-14 21:33:39 -04:00
Database::getInstance('db')
2014-05-26 20:47:40 -04:00
->table(TABLE)
->eq('token', $token)
->update(array('sequence' => $new_sequence));
return $new_sequence;
}
/**
* Encode the cookie
*
* @access public
* @param string $token Session token
* @param string $sequence Sequence token
* @return string
*/
function encode_cookie($token, $sequence)
{
return implode('|', array(base64_encode(DatabaseModel\select()), $token, $sequence));
}
/**
* Decode the value of a cookie
*
* @access public
* @param string $value Raw cookie data
* @return array
*/
function decode_cookie($value)
{
@list($database, $token, $sequence) = explode('|', $value);
if (ENABLE_MULTIPLE_DB && ! DatabaseModel\select(base64_decode($database))) {
return false;
}
2014-05-26 20:47:40 -04:00
return array(
'token' => $token,
'sequence' => $sequence,
);
}
/**
* Return true if the current user has a RememberMe cookie
*
* @access public
* @return bool
*/
function has_cookie()
{
return ! empty($_COOKIE[COOKIE_NAME]);
}
/**
* Write and encode the cookie
*
* @access public
* @param string $token Session token
* @param string $sequence Sequence token
* @param string $expiration Cookie expiration
*/
function write_cookie($token, $sequence, $expiration)
{
setcookie(
COOKIE_NAME,
encode_cookie($token, $sequence),
$expiration,
BASE_URL_DIRECTORY,
null,
2016-08-24 21:17:58 -04:00
Helper\is_secure_connection(),
2014-05-26 20:47:40 -04:00
true
);
}
/**
* Read and decode the cookie
*
* @access public
* @return mixed
*/
function read_cookie()
{
if (empty($_COOKIE[COOKIE_NAME])) {
return false;
}
return decode_cookie($_COOKIE[COOKIE_NAME]);
}
/**
* Remove the cookie
*
* @access public
*/
function delete_cookie()
{
setcookie(
COOKIE_NAME,
'',
time() - 3600,
BASE_URL_DIRECTORY,
null,
2016-08-24 21:17:58 -04:00
Helper\is_secure_connection(),
2014-05-26 20:47:40 -04:00
true
);
}