Check if the session username and database username are the same

This commit is contained in:
Frédéric Guillot 2014-11-18 19:00:53 -05:00
parent 4fa894925e
commit e9685cf6d5
2 changed files with 32 additions and 8 deletions

View File

@ -16,22 +16,31 @@ Router\before(function($action) {
Model\Database\select($_SESSION['database']); Model\Database\select($_SESSION['database']);
} }
// Redirect to the login form if the user is not authenticated // Authentication
$ignore_actions = array('login', 'bookmark-feed', 'select-db'); if (Model\User\is_logged()) {
if (! isset($_SESSION['user']) && ! in_array($action, $ignore_actions)) { if (! Model\User\is_user_session()) {
Session\close();
Response\redirect('?action=login');
}
if (Model\RememberMe\has_cookie()) {
Model\RememberMe\refresh();
}
}
else {
if (! in_array($action, array('login', 'bookmark-feed', 'select-db'))) {
if (! Model\RememberMe\authenticate()) { if (! Model\RememberMe\authenticate()) {
Response\redirect('?action=login'); Response\redirect('?action=login');
} }
} }
else if (Model\RememberMe\has_cookie()) {
Model\RememberMe\refresh();
} }
// Load translations // Load translations
$language = Model\Config\get('language') ?: 'en_US'; $language = Model\Config\get('language') ?: 'en_US';
if ($language !== 'en_US') \Translator\load($language); if ($language !== 'en_US') Translator\load($language);
// Set timezone // Set timezone
date_default_timezone_set(Model\Config\get('timezone') ?: 'UTC'); date_default_timezone_set(Model\Config\get('timezone') ?: 'UTC');

View File

@ -9,6 +9,21 @@ use Model\Config;
use Model\RememberMe; use Model\RememberMe;
use Model\Database as DatabaseModel; use Model\Database as DatabaseModel;
// Check if the user is logged
function is_logged()
{
return ! empty($_SESSION['user']);
}
// Check if the logged user is the right one
function is_user_session()
{
return Database::get('db')
->table('config')
->eq('username', $_SESSION['user']['username'])
->count() === 1;
}
// Get a user by username // Get a user by username
function get($username) function get($username)
{ {