525048bbb2
Add feeds only once to the feed_ids array (feed model), drop now unused select-db action. Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do expect from this session variable. Add nothing else than a flag, which indicates a logged in user, to $_SESSION['loggedin']. It's not necessary to know the current user name, since we do only have one user per database. Same for the language setting. The database defines the front-end language. Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me login.
74 lines
1.9 KiB
PHP
74 lines
1.9 KiB
PHP
<?php
|
|
|
|
namespace Model\User;
|
|
|
|
use SimpleValidator\Validator;
|
|
use SimpleValidator\Validators;
|
|
use PicoDb\Database;
|
|
use PicoFarad\Session;
|
|
use Model\Config;
|
|
use Model\RememberMe;
|
|
use Model\Database as DatabaseModel;
|
|
|
|
// Check if the user is logged in
|
|
function is_loggedin()
|
|
{
|
|
return ! empty($_SESSION['loggedin']);
|
|
}
|
|
|
|
// Destroy the session and the rememberMe cookie
|
|
function logout()
|
|
{
|
|
RememberMe\destroy();
|
|
Session\close();
|
|
}
|
|
|
|
// Get the credentials from the current selected database
|
|
function getCredentials()
|
|
{
|
|
return Database::get('db')
|
|
->table('config')
|
|
->columns('username', 'password')
|
|
->findOne();
|
|
}
|
|
|
|
// Validate authentication
|
|
function validate_login(array $values)
|
|
{
|
|
$v = new Validator($values, array(
|
|
new Validators\Required('username', t('The user name is required')),
|
|
new Validators\MaxLength('username', t('The maximum length is 50 characters'), 50),
|
|
new Validators\Required('password', t('The password is required'))
|
|
));
|
|
|
|
$result = $v->execute();
|
|
$errors = $v->getErrors();
|
|
|
|
if ($result) {
|
|
|
|
$credentials = getCredentials();
|
|
|
|
if ($credentials && $credentials['username'] === $values['username'] && password_verify($values['password'], $credentials['password'])) {
|
|
|
|
$_SESSION['loggedin'] = true;
|
|
$_SESSION['config'] = Config\get_all();
|
|
|
|
// Setup the remember me feature
|
|
if (! empty($values['remember_me'])) {
|
|
$cookie = RememberMe\create(DatabaseModel\select(), $values['username'], Config\get_ip_address(), Config\get_user_agent());
|
|
RememberMe\write_cookie($cookie['token'], $cookie['sequence'], $cookie['expiration']);
|
|
}
|
|
}
|
|
else {
|
|
|
|
$result = false;
|
|
$errors['login'] = t('Bad username or password');
|
|
}
|
|
}
|
|
|
|
return array(
|
|
$result,
|
|
$errors
|
|
);
|
|
}
|