2014-05-26 20:47:40 -04:00
|
|
|
<?php
|
|
|
|
|
2016-08-24 21:17:58 -04:00
|
|
|
namespace Miniflux\Model\RememberMe;
|
2014-05-26 20:47:40 -04:00
|
|
|
|
|
|
|
use PicoDb\Database;
|
2016-08-24 21:17:58 -04:00
|
|
|
use Miniflux\Helper;
|
|
|
|
use Miniflux\Model\Config;
|
|
|
|
use Miniflux\Model\Database as DatabaseModel;
|
2014-05-26 20:47:40 -04:00
|
|
|
|
|
|
|
const TABLE = 'remember_me';
|
|
|
|
const COOKIE_NAME = '_R_';
|
|
|
|
const EXPIRATION = 5184000;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get a remember me record
|
|
|
|
*
|
|
|
|
* @access public
|
2016-07-30 18:41:42 -04:00
|
|
|
* @param string $token
|
|
|
|
* @param string $sequence
|
2014-05-26 20:47:40 -04:00
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
function find($token, $sequence)
|
|
|
|
{
|
2015-08-14 21:33:39 -04:00
|
|
|
return Database::getInstance('db')
|
2014-05-26 20:47:40 -04:00
|
|
|
->table(TABLE)
|
|
|
|
->eq('token', $token)
|
|
|
|
->eq('sequence', $sequence)
|
|
|
|
->gt('expiration', time())
|
|
|
|
->findOne();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get all sessions
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
function get_all()
|
|
|
|
{
|
2015-08-14 21:33:39 -04:00
|
|
|
return Database::getInstance('db')
|
2014-05-26 20:47:40 -04:00
|
|
|
->table(TABLE)
|
|
|
|
->desc('date_creation')
|
|
|
|
->columns('id', 'ip', 'user_agent', 'date_creation', 'expiration')
|
|
|
|
->findAll();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Authenticate the user with the cookie
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
function authenticate()
|
|
|
|
{
|
|
|
|
$credentials = read_cookie();
|
|
|
|
|
|
|
|
if ($credentials !== false) {
|
|
|
|
$record = find($credentials['token'], $credentials['sequence']);
|
|
|
|
|
|
|
|
if ($record) {
|
|
|
|
|
|
|
|
// Update the sequence
|
|
|
|
write_cookie(
|
|
|
|
$record['token'],
|
2015-03-30 20:13:07 -04:00
|
|
|
update($record['token']),
|
2014-05-26 20:47:40 -04:00
|
|
|
$record['expiration']
|
|
|
|
);
|
|
|
|
|
2015-01-22 23:12:06 +01:00
|
|
|
// mark user as sucessfull logged in
|
|
|
|
$_SESSION['loggedin'] = true;
|
2014-05-26 20:47:40 -04:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Update the database and the cookie with a new sequence
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
*/
|
|
|
|
function refresh()
|
|
|
|
{
|
|
|
|
$credentials = read_cookie();
|
|
|
|
|
|
|
|
if ($credentials !== false) {
|
|
|
|
$record = find($credentials['token'], $credentials['sequence']);
|
|
|
|
|
|
|
|
if ($record) {
|
|
|
|
|
|
|
|
// Update the sequence
|
|
|
|
write_cookie(
|
|
|
|
$record['token'],
|
2015-03-30 20:13:07 -04:00
|
|
|
update($record['token']),
|
2014-05-26 20:47:40 -04:00
|
|
|
$record['expiration']
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove the current RememberMe session and the cookie
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
*/
|
|
|
|
function destroy()
|
|
|
|
{
|
|
|
|
$credentials = read_cookie();
|
|
|
|
|
|
|
|
if ($credentials !== false) {
|
2015-08-14 21:33:39 -04:00
|
|
|
Database::getInstance('db')
|
2014-05-26 20:47:40 -04:00
|
|
|
->table(TABLE)
|
|
|
|
->eq('token', $credentials['token'])
|
|
|
|
->remove();
|
|
|
|
}
|
2015-01-17 18:53:40 -05:00
|
|
|
|
|
|
|
delete_cookie();
|
2014-05-26 20:47:40 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new RememberMe session
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param integer $dbname Database name
|
|
|
|
* @param integer $username Username
|
|
|
|
* @param string $ip IP Address
|
|
|
|
* @param string $user_agent User Agent
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
function create($dbname, $username, $ip, $user_agent)
|
|
|
|
{
|
2016-08-17 21:41:14 -04:00
|
|
|
$token = hash('sha256', $dbname.$username.$user_agent.$ip.Helper\generate_token());
|
|
|
|
$sequence = Helper\generate_token();
|
2014-05-26 20:47:40 -04:00
|
|
|
$expiration = time() + EXPIRATION;
|
|
|
|
|
|
|
|
cleanup();
|
|
|
|
|
2015-08-14 21:33:39 -04:00
|
|
|
Database::getInstance('db')
|
2014-05-26 20:47:40 -04:00
|
|
|
->table(TABLE)
|
|
|
|
->insert(array(
|
|
|
|
'username' => $username,
|
|
|
|
'ip' => $ip,
|
|
|
|
'user_agent' => $user_agent,
|
|
|
|
'token' => $token,
|
|
|
|
'sequence' => $sequence,
|
|
|
|
'expiration' => $expiration,
|
|
|
|
'date_creation' => time(),
|
|
|
|
));
|
|
|
|
|
|
|
|
return array(
|
|
|
|
'token' => $token,
|
|
|
|
'sequence' => $sequence,
|
|
|
|
'expiration' => $expiration,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove old sessions
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
function cleanup()
|
|
|
|
{
|
2015-08-14 21:33:39 -04:00
|
|
|
return Database::getInstance('db')
|
2014-05-26 20:47:40 -04:00
|
|
|
->table(TABLE)
|
|
|
|
->lt('expiration', time())
|
|
|
|
->remove();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a new sequence token and update the database
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $token Session token
|
|
|
|
* @return string
|
|
|
|
*/
|
2015-03-30 20:13:07 -04:00
|
|
|
function update($token)
|
2014-05-26 20:47:40 -04:00
|
|
|
{
|
2016-08-17 21:41:14 -04:00
|
|
|
$new_sequence = Helper\generate_token();
|
2014-05-26 20:47:40 -04:00
|
|
|
|
2015-08-14 21:33:39 -04:00
|
|
|
Database::getInstance('db')
|
2014-05-26 20:47:40 -04:00
|
|
|
->table(TABLE)
|
|
|
|
->eq('token', $token)
|
|
|
|
->update(array('sequence' => $new_sequence));
|
|
|
|
|
|
|
|
return $new_sequence;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Encode the cookie
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $token Session token
|
|
|
|
* @param string $sequence Sequence token
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
function encode_cookie($token, $sequence)
|
|
|
|
{
|
|
|
|
return implode('|', array(base64_encode(DatabaseModel\select()), $token, $sequence));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Decode the value of a cookie
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $value Raw cookie data
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
function decode_cookie($value)
|
|
|
|
{
|
|
|
|
@list($database, $token, $sequence) = explode('|', $value);
|
|
|
|
|
2015-03-30 20:29:48 -04:00
|
|
|
if (ENABLE_MULTIPLE_DB && ! DatabaseModel\select(base64_decode($database))) {
|
2015-01-17 19:35:59 +01:00
|
|
|
return false;
|
|
|
|
}
|
2014-05-26 20:47:40 -04:00
|
|
|
|
|
|
|
return array(
|
|
|
|
'token' => $token,
|
|
|
|
'sequence' => $sequence,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return true if the current user has a RememberMe cookie
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
function has_cookie()
|
|
|
|
{
|
|
|
|
return ! empty($_COOKIE[COOKIE_NAME]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Write and encode the cookie
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $token Session token
|
|
|
|
* @param string $sequence Sequence token
|
|
|
|
* @param string $expiration Cookie expiration
|
|
|
|
*/
|
|
|
|
function write_cookie($token, $sequence, $expiration)
|
|
|
|
{
|
|
|
|
setcookie(
|
|
|
|
COOKIE_NAME,
|
|
|
|
encode_cookie($token, $sequence),
|
|
|
|
$expiration,
|
|
|
|
BASE_URL_DIRECTORY,
|
|
|
|
null,
|
2016-08-24 21:17:58 -04:00
|
|
|
Helper\is_secure_connection(),
|
2014-05-26 20:47:40 -04:00
|
|
|
true
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read and decode the cookie
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
function read_cookie()
|
|
|
|
{
|
|
|
|
if (empty($_COOKIE[COOKIE_NAME])) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return decode_cookie($_COOKIE[COOKIE_NAME]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove the cookie
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
*/
|
|
|
|
function delete_cookie()
|
|
|
|
{
|
|
|
|
setcookie(
|
|
|
|
COOKIE_NAME,
|
|
|
|
'',
|
|
|
|
time() - 3600,
|
|
|
|
BASE_URL_DIRECTORY,
|
|
|
|
null,
|
2016-08-24 21:17:58 -04:00
|
|
|
Helper\is_secure_connection(),
|
2014-05-26 20:47:40 -04:00
|
|
|
true
|
|
|
|
);
|
|
|
|
}
|