code cleanup

Add feeds only once to the feed_ids array (feed model), drop now unused select-db action.

Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do
expect from this session variable. Add nothing else than a flag, which indicates a logged in
user, to $_SESSION['loggedin'].

It's not necessary to know the current user name, since we do only have one user
per database. Same for the language setting. The database defines the front-end language.

Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me
login.
This commit is contained in:
Mathias Kresin 2015-01-22 23:12:06 +01:00
parent d2cfc7fd15
commit 525048bbb2
5 changed files with 24 additions and 34 deletions

View File

@ -72,16 +72,6 @@ Router\get_action('more', function() {
Response\html(Template\layout('show_more', array('menu' => 'more'))); Response\html(Template\layout('show_more', array('menu' => 'more')));
}); });
// Select another database
Router\get_action('select-db', function() {
if (ENABLE_MULTIPLE_DB) {
$_SESSION['database'] = \Model\Database\select(Request\param('database'));
}
Response\redirect('?action=login');
});
// Image proxy (avoid SSL mixed content warnings) // Image proxy (avoid SSL mixed content warnings)
Router\get_action('proxy', function() { Router\get_action('proxy', function() {
list($content, $type) = Model\Proxy\download(rawurldecode(Request\param('url'))); list($content, $type) = Model\Proxy\download(rawurldecode(Request\param('url')));

View File

@ -21,11 +21,12 @@ function create($filename, $username, $password)
)); ));
if ($db->schema()->check(Schema\VERSION)) { if ($db->schema()->check(Schema\VERSION)) {
$credentials = array(
$db->table('config')->update(array(
'username' => $username, 'username' => $username,
'password' => password_hash($password, PASSWORD_BCRYPT) 'password' => password_hash($password, PASSWORD_BCRYPT)
)); );
$db->table('config')->update($credentials);
return true; return true;
} }
@ -48,7 +49,7 @@ function select($filename = '')
// unset the authenticated flag if the database is changed // unset the authenticated flag if the database is changed
if (empty($_SESSION['database']) || $_SESSION['database'] !== $filename) { if (empty($_SESSION['database']) || $_SESSION['database'] !== $filename) {
if (isset($_SESSION)) { if (isset($_SESSION)) {
unset($_SESSION['user']); unset($_SESSION['loggedin']);
} }
$_SESSION['database'] = $filename; $_SESSION['database'] = $filename;

View File

@ -56,10 +56,13 @@ function get_favicons(array $feed_ids)
return array(); return array();
} }
return Database::get('db') $db = Database::get('db')
->hashtable('favicons') ->hashtable('favicons')
->in('feed_id', $feed_ids) ->columnKey('feed_id')
->getAll('feed_id', 'icon'); ->columnValue('icon');
// pass $feeds_ids as argument list to hashtable::get(), use ... operator with php 5.6+
return call_user_func_array(array($db, 'get'), $feed_ids);
} }
// Get all favicons for a list of items // Get all favicons for a list of items
@ -68,7 +71,7 @@ function get_item_favicons(array $items)
$feed_ids = array(); $feed_ids = array();
foreach ($items as $item) { foreach ($items as $item) {
$feed_ids[] = $item['feed_id']; $feed_ids[$item['feed_id']] = $item['feed_id'];
} }
return get_favicons($feed_ids); return get_favicons($feed_ids);

View File

@ -4,7 +4,6 @@ namespace Model\RememberMe;
use PicoDb\Database; use PicoDb\Database;
use Model\Config; use Model\Config;
use Model\User;
use Model\Database as DatabaseModel; use Model\Database as DatabaseModel;
const TABLE = 'remember_me'; const TABLE = 'remember_me';
@ -65,8 +64,8 @@ function authenticate()
$record['expiration'] $record['expiration']
); );
// Create the session // mark user as sucessfull logged in
$_SESSION['user'] = User\get($record['username']); $_SESSION['loggedin'] = true;
return true; return true;
} }

View File

@ -10,10 +10,10 @@ use Model\Config;
use Model\RememberMe; use Model\RememberMe;
use Model\Database as DatabaseModel; use Model\Database as DatabaseModel;
// Check if the user is logged // Check if the user is logged in
function is_loggedin() function is_loggedin()
{ {
return ! empty($_SESSION['user']); return ! empty($_SESSION['loggedin']);
} }
// Destroy the session and the rememberMe cookie // Destroy the session and the rememberMe cookie
@ -23,13 +23,12 @@ function logout()
Session\close(); Session\close();
} }
// Get a user by username // Get the credentials from the current selected database
function get($username) function getCredentials()
{ {
return Database::get('db') return Database::get('db')
->table('config') ->table('config')
->columns('username', 'password', 'language') ->columns('username', 'password')
->eq('username', $username)
->findOne(); ->findOne();
} }
@ -47,19 +46,17 @@ function validate_login(array $values)
if ($result) { if ($result) {
$user = get($values['username']); $credentials = getCredentials();
if ($user && password_verify($values['password'], $user['password'])) { if ($credentials && $credentials['username'] === $values['username'] && password_verify($values['password'], $credentials['password'])) {
unset($user['password']); $_SESSION['loggedin'] = true;
$_SESSION['user'] = $user;
$_SESSION['config'] = Config\get_all(); $_SESSION['config'] = Config\get_all();
// Setup the remember me feature // Setup the remember me feature
if (! empty($values['remember_me'])) { if (! empty($values['remember_me'])) {
$credentials = RememberMe\create(DatabaseModel\select(), $values['username'], Config\get_ip_address(), Config\get_user_agent()); $cookie = RememberMe\create(DatabaseModel\select(), $values['username'], Config\get_ip_address(), Config\get_user_agent());
RememberMe\write_cookie($credentials['token'], $credentials['sequence'], $credentials['expiration']); RememberMe\write_cookie($cookie['token'], $cookie['sequence'], $cookie['expiration']);
} }
} }
else { else {