miniflux-legacy/models/user.php

<?php

namespace Model\User;

use SimpleValidator\Validator;
use SimpleValidator\Validators;
use PicoDb\Database;
use Session;
use Model\Config;
use Model\RememberMe;
use Model\Database as DatabaseModel;

// Check if the user is logged in
function is_loggedin()
{
    return ! empty($_SESSION['loggedin']);
}

// Destroy the session and the rememberMe cookie
function logout()
{
    RememberMe\destroy();
    Session\close();
}

// Get the credentials from the current selected database
function get_credentials()
{
    return Database::getInstance('db')
        ->hashtable('settings')
        ->get('username', 'password');
}

// Set last login date
function set_last_login()
{
    return Database::getInstance('db')
        ->hashtable('settings')
        ->put(array('last_login' => time()));
}

// Validate authentication
function validate_login(array $values)
{
    $v = new Validator($values, array(
        new Validators\Required('username', t('The user name is required')),
        new Validators\MaxLength('username', t('The maximum length is 50 characters'), 50),
        new Validators\Required('password', t('The password is required'))
    ));

    $result = $v->execute();
    $errors = $v->getErrors();

    if ($result) {
        $credentials = get_credentials();

        if ($credentials && $credentials['username'] === $values['username'] && password_verify($values['password'], $credentials['password'])) {
            set_last_login();
            $_SESSION['loggedin'] = true;
            $_SESSION['config'] = Config\get_all();

            // Setup the remember me feature
            if (! empty($values['remember_me'])) {
                $cookie = RememberMe\create(DatabaseModel\select(), $values['username'], Config\get_ip_address(), Config\get_user_agent());
                RememberMe\write_cookie($cookie['token'], $cookie['sequence'], $cookie['expiration']);
            }
        } else {
            $result = false;
            $errors['login'] = t('Bad username or password');
        }
    }

    return array(
        $result,
        $errors
    );
}
Split models and controllers in different files 2013-12-22 20:55:53 -05:00			`<?php`

			`namespace Model\User;`

			`use SimpleValidator\Validator;`
			`use SimpleValidator\Validators;`
Improve files organization 2014-02-08 14:13:14 -05:00			`use PicoDb\Database;`
Include PicoFarad into Miniflux 2015-08-28 21:34:34 -04:00			`use Session;`
Add RememberMe authentication 2014-05-26 20:47:40 -04:00			`use Model\Config;`
			`use Model\RememberMe;`
			`use Model\Database as DatabaseModel;`
Split models and controllers in different files 2013-12-22 20:55:53 -05:00
code cleanup Add feeds only once to the feed_ids array (feed model), drop now unused select-db action. Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do expect from this session variable. Add nothing else than a flag, which indicates a logged in user, to $_SESSION['loggedin']. It's not necessary to know the current user name, since we do only have one user per database. Same for the language setting. The database defines the front-end language. Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me login. 2015-01-22 23:12:06 +01:00			`// Check if the user is logged in`
Fix database hijacking Check if a requested database can be selected. Error out if not. This prevents automatic fallbacks to the default database. Remove the authorized information from the session if a new database gets selected. Factor out logout function to reuse existing code. 2015-01-17 19:35:59 +01:00			`function is_loggedin()`
Check if the session username and database username are the same 2014-11-18 19:00:53 -05:00			`{`
code cleanup Add feeds only once to the feed_ids array (feed model), drop now unused select-db action. Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do expect from this session variable. Add nothing else than a flag, which indicates a logged in user, to $_SESSION['loggedin']. It's not necessary to know the current user name, since we do only have one user per database. Same for the language setting. The database defines the front-end language. Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me login. 2015-01-22 23:12:06 +01:00			`return ! empty($_SESSION['loggedin']);`
Check if the session username and database username are the same 2014-11-18 19:00:53 -05:00			`}`

Minor cleanups 2015-01-17 18:53:40 -05:00			`// Destroy the session and the rememberMe cookie`
Fix database hijacking Check if a requested database can be selected. Error out if not. This prevents automatic fallbacks to the default database. Remove the authorized information from the session if a new database gets selected. Factor out logout function to reuse existing code. 2015-01-17 19:35:59 +01:00			`function logout()`
Check if the session username and database username are the same 2014-11-18 19:00:53 -05:00			`{`
Minor cleanups 2015-01-17 18:53:40 -05:00			`RememberMe\destroy();`
			`Session\close();`
Check if the session username and database username are the same 2014-11-18 19:00:53 -05:00			`}`

code cleanup Add feeds only once to the feed_ids array (feed model), drop now unused select-db action. Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do expect from this session variable. Add nothing else than a flag, which indicates a logged in user, to $_SESSION['loggedin']. It's not necessary to know the current user name, since we do only have one user per database. Same for the language setting. The database defines the front-end language. Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me login. 2015-01-22 23:12:06 +01:00			`// Get the credentials from the current selected database`
Record last login timestamp in the database 2016-03-14 21:34:50 -04:00			`function get_credentials()`
Split models and controllers in different files 2013-12-22 20:55:53 -05:00			`{`
Update dependencies 2015-08-14 21:33:39 -04:00			`return Database::getInstance('db')`
switch config table to key/value store 2015-01-28 05:26:36 +01:00			`->hashtable('settings')`
			`->get('username', 'password');`
Split models and controllers in different files 2013-12-22 20:55:53 -05:00			`}`

Record last login timestamp in the database 2016-03-14 21:34:50 -04:00			`// Set last login date`
			`function set_last_login()`
			`{`
			`return Database::getInstance('db')`
			`->hashtable('settings')`
			`->put(array('last_login' => time()));`
			`}`

Split models and controllers in different files 2013-12-22 20:55:53 -05:00			`// Validate authentication`
			`function validate_login(array $values)`
			`{`
			`$v = new Validator($values, array(`
			`new Validators\Required('username', t('The user name is required')),`
			`new Validators\MaxLength('username', t('The maximum length is 50 characters'), 50),`
			`new Validators\Required('password', t('The password is required'))`
			`));`

			`$result = $v->execute();`
			`$errors = $v->getErrors();`

			`if ($result) {`
Record last login timestamp in the database 2016-03-14 21:34:50 -04:00			`$credentials = get_credentials();`
Split models and controllers in different files 2013-12-22 20:55:53 -05:00
code cleanup Add feeds only once to the feed_ids array (feed model), drop now unused select-db action. Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do expect from this session variable. Add nothing else than a flag, which indicates a logged in user, to $_SESSION['loggedin']. It's not necessary to know the current user name, since we do only have one user per database. Same for the language setting. The database defines the front-end language. Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me login. 2015-01-22 23:12:06 +01:00			`if ($credentials && $credentials['username'] === $values['username'] && password_verify($values['password'], $credentials['password'])) {`
Record last login timestamp in the database 2016-03-14 21:34:50 -04:00			`set_last_login();`
code cleanup Add feeds only once to the feed_ids array (feed model), drop now unused select-db action. Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do expect from this session variable. Add nothing else than a flag, which indicates a logged in user, to $_SESSION['loggedin']. It's not necessary to know the current user name, since we do only have one user per database. Same for the language setting. The database defines the front-end language. Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me login. 2015-01-22 23:12:06 +01:00			`$_SESSION['loggedin'] = true;`
Add RememberMe authentication 2014-05-26 20:47:40 -04:00			`$_SESSION['config'] = Config\get_all();`

			`// Setup the remember me feature`
			`if (! empty($values['remember_me'])) {`
code cleanup Add feeds only once to the feed_ids array (feed model), drop now unused select-db action. Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do expect from this session variable. Add nothing else than a flag, which indicates a logged in user, to $_SESSION['loggedin']. It's not necessary to know the current user name, since we do only have one user per database. Same for the language setting. The database defines the front-end language. Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me login. 2015-01-22 23:12:06 +01:00			`$cookie = RememberMe\create(DatabaseModel\select(), $values['username'], Config\get_ip_address(), Config\get_user_agent());`
			`RememberMe\write_cookie($cookie['token'], $cookie['sequence'], $cookie['expiration']);`
Add RememberMe authentication 2014-05-26 20:47:40 -04:00			`}`
Run php-cs-fixer on the code base 2016-04-17 19:44:45 -04:00			`} else {`
Split models and controllers in different files 2013-12-22 20:55:53 -05:00			`$result = false;`
			`$errors['login'] = t('Bad username or password');`
			`}`
			`}`

			`return array(`
			`$result,`
			`$errors`
			`);`
			`}`