code cleanup
Add feeds only once to the feed_ids array (feed model), drop now unused select-db action. Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do expect from this session variable. Add nothing else than a flag, which indicates a logged in user, to $_SESSION['loggedin']. It's not necessary to know the current user name, since we do only have one user per database. Same for the language setting. The database defines the front-end language. Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me login.
This commit is contained in:
Mathias Kresin
parent
d2cfc7fd15
commit
525048bbb2
@ -72,16 +72,6 @@ Router\get_action('more', function() {
|
||||
Response\html(Template\layout('show_more', array('menu' => 'more')));
|
||||
});
|
||||
|
||||
// Select another database
|
||||
Router\get_action('select-db', function() {
|
||||
|
||||
if (ENABLE_MULTIPLE_DB) {
|
||||
$_SESSION['database'] = \Model\Database\select(Request\param('database'));
|
||||
}
|
||||
|
||||
Response\redirect('?action=login');
|
||||
});
|
||||
|
||||
// Image proxy (avoid SSL mixed content warnings)
|
||||
Router\get_action('proxy', function() {
|
||||
list($content, $type) = Model\Proxy\download(rawurldecode(Request\param('url')));
|
||||
|
||||
@ -21,11 +21,12 @@ function create($filename, $username, $password)
|
||||
));
|
||||
|
||||
if ($db->schema()->check(Schema\VERSION)) {
|
||||
|
||||
$db->table('config')->update(array(
|
||||
$credentials = array(
|
||||
'username' => $username,
|
||||
'password' => password_hash($password, PASSWORD_BCRYPT)
|
||||
));
|
||||
);
|
||||
|
||||
$db->table('config')->update($credentials);
|
||||
|
||||
return true;
|
||||
}
|
||||
@ -48,7 +49,7 @@ function select($filename = '')
|
||||
// unset the authenticated flag if the database is changed
|
||||
if (empty($_SESSION['database']) || $_SESSION['database'] !== $filename) {
|
||||
if (isset($_SESSION)) {
|
||||
unset($_SESSION['user']);
|
||||
unset($_SESSION['loggedin']);
|
||||
}
|
||||
|
||||
$_SESSION['database'] = $filename;
|
||||
|
||||
@ -56,10 +56,13 @@ function get_favicons(array $feed_ids)
|
||||
return array();
|
||||
}
|
||||
|
||||
return Database::get('db')
|
||||
$db = Database::get('db')
|
||||
->hashtable('favicons')
|
||||
->in('feed_id', $feed_ids)
|
||||
->getAll('feed_id', 'icon');
|
||||
->columnKey('feed_id')
|
||||
->columnValue('icon');
|
||||
|
||||
// pass $feeds_ids as argument list to hashtable::get(), use ... operator with php 5.6+
|
||||
return call_user_func_array(array($db, 'get'), $feed_ids);
|
||||
}
|
||||
|
||||
// Get all favicons for a list of items
|
||||
@ -68,7 +71,7 @@ function get_item_favicons(array $items)
|
||||
$feed_ids = array();
|
||||
|
||||
foreach ($items as $item) {
|
||||
$feed_ids[] = $item['feed_id'];
|
||||
$feed_ids[$item['feed_id']] = $item['feed_id'];
|
||||
}
|
||||
|
||||
return get_favicons($feed_ids);
|
||||
|
||||
@ -4,7 +4,6 @@ namespace Model\RememberMe;
|
||||
|
||||
use PicoDb\Database;
|
||||
use Model\Config;
|
||||
use Model\User;
|
||||
use Model\Database as DatabaseModel;
|
||||
|
||||
const TABLE = 'remember_me';
|
||||
@ -65,8 +64,8 @@ function authenticate()
|
||||
$record['expiration']
|
||||
);
|
||||
|
||||
// Create the session
|
||||
$_SESSION['user'] = User\get($record['username']);
|
||||
// mark user as sucessfull logged in
|
||||
$_SESSION['loggedin'] = true;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -10,10 +10,10 @@ use Model\Config;
|
||||
use Model\RememberMe;
|
||||
use Model\Database as DatabaseModel;
|
||||
|
||||
// Check if the user is logged
|
||||
// Check if the user is logged in
|
||||
function is_loggedin()
|
||||
{
|
||||
return ! empty($_SESSION['user']);
|
||||
return ! empty($_SESSION['loggedin']);
|
||||
}
|
||||
|
||||
// Destroy the session and the rememberMe cookie
|
||||
@ -23,13 +23,12 @@ function logout()
|
||||
Session\close();
|
||||
}
|
||||
|
||||
// Get a user by username
|
||||
function get($username)
|
||||
// Get the credentials from the current selected database
|
||||
function getCredentials()
|
||||
{
|
||||
return Database::get('db')
|
||||
->table('config')
|
||||
->columns('username', 'password', 'language')
|
||||
->eq('username', $username)
|
||||
->columns('username', 'password')
|
||||
->findOne();
|
||||
}
|
||||
|
||||
@ -47,19 +46,17 @@ function validate_login(array $values)
|
||||
|
||||
if ($result) {
|
||||
|
||||
$user = get($values['username']);
|
||||
$credentials = getCredentials();
|
||||
|
||||
if ($user && password_verify($values['password'], $user['password'])) {
|
||||
if ($credentials && $credentials['username'] === $values['username'] && password_verify($values['password'], $credentials['password'])) {
|
||||
|
||||
unset($user['password']);
|
||||
|
||||
$_SESSION['user'] = $user;
|
||||
$_SESSION['loggedin'] = true;
|
||||
$_SESSION['config'] = Config\get_all();
|
||||
|
||||
// Setup the remember me feature
|
||||
if (! empty($values['remember_me'])) {
|
||||
$credentials = RememberMe\create(DatabaseModel\select(), $values['username'], Config\get_ip_address(), Config\get_user_agent());
|
||||
RememberMe\write_cookie($credentials['token'], $credentials['sequence'], $credentials['expiration']);
|
||||
$cookie = RememberMe\create(DatabaseModel\select(), $values['username'], Config\get_ip_address(), Config\get_user_agent());
|
||||
RememberMe\write_cookie($cookie['token'], $cookie['sequence'], $cookie['expiration']);
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user