Commit 732136c6 authored by fettesvieh's avatar fettesvieh

reworked the user auth a bit -> we don't use sessions anymore

parent 919a0e07
......@@ -14,6 +14,6 @@
{/foreach}
{else}
<div class="error">
<h4>{$no_search_results}</h4>
<h5>{$no_search_results}</h5>
</div>
{/if}
\ No newline at end of file
......@@ -20,7 +20,7 @@ class auth
*
* @var boolean
*/
private $is_user = false;
private $isUser = false;
/**
* Findet heraus, falls der ACP3_AUTH Cookie gesetzt ist, ob der Seitenbesucher auch wirklich ein registrierter Benutzer des ACP3 ist
......@@ -30,34 +30,20 @@ class auth
if (isset($_COOKIE['ACP3_AUTH'])) {
global $db;
$cookie = $db->escape($_COOKIE['ACP3_AUTH']);
$cookie = base64_decode($_COOKIE['ACP3_AUTH']);
$cookie_arr = explode('|', $cookie);
$user_check = $db->select('id, pwd', 'users', 'nickname = \'' . $cookie_arr[0] . '\'');
if (count($user_check) == '1') {
$db_password = substr($user_check[0]['pwd'], 0, 40);
if ($db_password == $cookie_arr[1]) {
// Session Einstellungen setzen und Session starten
session_set_cookie_params(0, '/');
session_start();
$this->is_user = true;
// Falls nötig, Session neu setzen
if (empty($_SESSION['acp3_id'])) {
session_regenerate_id(true);
$_SESSION['acp3_id'] = $user_check[0]['id'];
}
$this->isUser = true;
define('USER_ID', $user_check[0]['id']);
}
}
if (!$this->is_user) {
if (!$this->isUser) {
setcookie('ACP3_AUTH', '', time() - 3600, '/');
$_SESSION = array();
if (isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time() - 3600, '/');
session_destroy();
redirect(0, ROOT_DIR);
}
}
......@@ -73,8 +59,8 @@ class auth
*/
public function getUserInfo($fields, $user_id = 0)
{
if (empty($user_id) && $this->is_user) {
$user_id = $_SESSION['acp3_id'];
if (empty($user_id) && $this->isUser) {
$user_id = USER_ID;
}
if (preg_match('/\d/', $user_id)) {
global $db;
......@@ -86,13 +72,13 @@ class auth
return false;
}
/**
* Gibt den Status von $is_user zurück
* Gibt den Status von $isUser zurück
*
* @return boolean
*/
public function is_user()
public function isUser()
{
return $this->is_user;
return $this->isUser;
}
}
?>
\ No newline at end of file
......@@ -129,7 +129,7 @@ class modules
// Zugriffslevel für Gäste
$access_id = 2;
// Zugriffslevel für Benutzer holen
if (isset($_SESSION['acp3_id'])) {
if ($auth->isUser()) {
$info = $auth->getUserInfo('access');
if (!empty($info)) {
$access_id = $info['access'];
......
......@@ -22,13 +22,13 @@ if (CONFIG_MAINTENANCE == '1' && defined('IN_ACP3')) {
} else {
$auth = new auth;
if ($auth->is_user() && defined('IN_ADM') && empty($_GET['stm'])) {
if ($auth->isUser() && defined('IN_ADM') && empty($_GET['stm'])) {
redirect(0, ROOT_DIR);
} elseif ($modules->check()) {
$content = '';
include 'modules/' . $modules->mod . '/' . $modules->page . '.php';
$tpl->assign('content', $content);
} elseif (!$auth->is_user() && defined('IN_ADM') && $modules->mod != 'users' && $modules->page != 'login') {
} elseif (!$auth->isUser() && defined('IN_ADM') && $modules->mod != 'users' && $modules->page != 'login') {
redirect('users/login');
} elseif (is_file('modules/errors/404.php')) {
redirect('errors/404');
......
......@@ -70,7 +70,7 @@ function comments($module = 0, $entry_id = 0)
'ip' => $ip,
'date' => $time,
'name' => $db->escape($form['name']),
'user_id' => $auth->is_user() && preg_match('/\d/', $_SESSION['acp3_id']) ? $_SESSION['acp3_id'] : '',
'user_id' => $auth->isUser() && preg_match('/\d/', USER_ID) ? USER_ID : '',
'message' => $db->escape($form['message']),
'module' => $db->escape($module, 2),
'entry_id' => $entry_id,
......
......@@ -35,7 +35,7 @@ if (isset($_POST['submit'])) {
}
if (!isset($_POST['submit']) || isset($errors) && is_array($errors)) {
// Falls Benutzer eingeloggt ist, Formular schon teilweise ausfüllen
if ($auth->is_user() && preg_match('/\d/', $_SESSION['acp3_id'])) {
if ($auth->isUser() && preg_match('/\d/', USER_ID)) {
$user = $auth->getUserInfo('mail');
$disabled = ' readonly="readonly" class="readonly"';
......
......@@ -41,7 +41,7 @@ if (isset($_POST['submit'])) {
'ip' => $ip,
'date' => $time,
'name' => $db->escape($form['name']),
'user_id' => $auth->is_user() && preg_match('/\d/', $_SESSION['acp3_id']) ? $_SESSION['acp3_id'] : '',
'user_id' => $auth->isUser() && preg_match('/\d/', USER_ID) ? USER_ID : '',
'message' => $db->escape($form['message']),
'website' => $db->escape($form['website'], 2),
'mail' => $form['mail'],
......@@ -59,7 +59,7 @@ if (!isset($_POST['submit']) || isset($errors) && is_array($errors)) {
$tpl->assign('emoticons', emoticons_list());
}
// Falls Benutzer eingeloggt ist, Formular schon teilweise ausfüllen
if ($auth->is_user() && preg_match('/\d/', $_SESSION['acp3_id'])) {
if ($auth->isUser() && preg_match('/\d/', USER_ID)) {
$user = $auth->getUserInfo('nickname, mail');
$disabled = ' readonly="readonly" class="readonly"';
......
......@@ -14,7 +14,7 @@ $date = ' AND (start = end AND start <= \'' . date_aligned(2, time()) . '\' OR s
if (!empty($modules->id) && $db->select('id', 'news', 'id = \'' . $modules->id . '\'' . $date, 0, 0, 0, 1) == 1) {
// Falls Benutzer eingeloggt ist, Formular schon teilweise ausfüllen
if ($auth->is_user() && preg_match('/\d/', $_SESSION['acp3_id'])) {
if ($auth->isUser() && preg_match('/\d/', USER_ID)) {
$user = $auth->getUserInfo('nickname');
$disabled = ' readonly="readonly" class="readonly"';
......
......@@ -31,7 +31,7 @@ if (is_array($entries)) {
if ($entry == '1') {
$admin_user = true;
} else {
if ($entry == $_SESSION['acp3_id']) {
if ($entry == USER_ID) {
$session_user = true;
}
$bool = $db->delete('users', 'id = \'' . $entry . '\'');
......
......@@ -50,7 +50,7 @@ if (!empty($modules->id) && $db->select('id', 'users', 'id = \'' . $modules->id
$bool = $db->update('users', $update_values, 'id = \'' . $modules->id . '\'');
// Falls sich der User selbst bearbeitet hat, Cookies und Session aktualisieren
if ($modules->id == $_SESSION['acp3_id']) {
if ($modules->id == USER_ID) {
$cookie_arr = explode('|', $_COOKIE['ACP3_AUTH']);
setcookie('ACP3_AUTH', $form['nickname'] . '|' . (isset($new_pwd) ? $new_pwd : $cookie_arr[1]), time() + 3600, ROOT_DIR);
}
......
......@@ -10,7 +10,7 @@
if (!defined('IN_ACP3'))
exit;
if (!$auth->is_user() || !preg_match('/\d/', $_SESSION['acp3_id'])) {
if (!$auth->isUser() || !preg_match('/\d/', USER_ID)) {
redirect('errors/403');
} else {
$breadcrumb->assign(lang('users', 'users'), uri('users'));
......@@ -22,11 +22,11 @@ if (!$auth->is_user() || !preg_match('/\d/', $_SESSION['acp3_id'])) {
if (empty($form['nickname']))
$errors[] = lang('common', 'name_to_short');
if (!empty($form['nickname']) && $db->select('id', 'users', 'id != \'' . $_SESSION['acp3_id'] . '\' AND nickname = \'' . $db->escape($form['nickname']) . '\'', 0, 0, 0, 1) == '1')
if (!empty($form['nickname']) && $db->select('id', 'users', 'id != \'' . USER_ID . '\' AND nickname = \'' . $db->escape($form['nickname']) . '\'', 0, 0, 0, 1) == '1')
$errors[] = lang('users', 'user_name_already_exists');
if (!$validate->email($form['mail']))
$errors[] = lang('common', 'wrong_email_format');
if ($validate->email($form['mail']) && $db->select('id', 'users', 'id != \'' . $_SESSION['acp3_id'] . '\' AND mail =\'' . $form['mail'] . '\'', 0, 0, 0, 1) > 0)
if ($validate->email($form['mail']) && $db->select('id', 'users', 'id != \'' . USER_ID . '\' AND mail =\'' . $form['mail'] . '\'', 0, 0, 0, 1) > 0)
$errors[] = lang('common', 'user_email_already_exists');
if (!empty($form['new_pwd']) && !empty($form['new_pwd_repeat']) && $form['new_pwd'] != $form['new_pwd_repeat'])
$errors[] = lang('users', 'type_in_pwd');
......@@ -52,7 +52,7 @@ if (!$auth->is_user() || !preg_match('/\d/', $_SESSION['acp3_id'])) {
$update_values = array_merge($update_values, $new_pwd_sql);
}
$bool = $db->update('users', $update_values, 'id = \'' . $_SESSION['acp3_id'] . '\'');
$bool = $db->update('users', $update_values, 'id = \'' . USER_ID . '\'');
$cookie_arr = explode('|', $_COOKIE['ACP3_AUTH']);
setcookie('ACP3_AUTH', $form['nickname'] . '|' . (isset($new_pwd) ? $new_pwd : $cookie_arr[1]), time() + 3600, ROOT_DIR);
......@@ -61,7 +61,7 @@ if (!$auth->is_user() || !preg_match('/\d/', $_SESSION['acp3_id'])) {
}
}
if (!isset($_POST['submit']) || isset($errors) && is_array($errors)) {
$user = $db->select('nickname, realname, mail, website', 'users', 'id = \'' . $_SESSION['acp3_id'] . '\'');
$user = $db->select('nickname, realname, mail, website', 'users', 'id = \'' . USER_ID . '\'');
$user[0]['website'] = $db->escape($user[0]['website'], 3);
......
......@@ -10,7 +10,7 @@
if (!defined('IN_ACP3'))
exit;
if (!$auth->is_user() || !preg_match('/\d/', $_SESSION['acp3_id'])) {
if (!$auth->isUser() || !preg_match('/\d/', USER_ID)) {
redirect('errors/403');
} else {
$breadcrumb->assign(lang('users', 'users'), uri('users'));
......@@ -36,13 +36,13 @@ if (!$auth->is_user() || !preg_match('/\d/', $_SESSION['acp3_id'])) {
'language' => $db->escape($form['language'], 2),
);
$bool = $db->update('users', $update_values, 'id = \'' . $_SESSION['acp3_id'] . '\'');
$bool = $db->update('users', $update_values, 'id = \'' . USER_ID . '\'');
$content = combo_box($bool ? lang('users', 'edit_settings_success') : lang('users', 'edit_settings_error'), uri('users/home'));
}
}
if (!isset($_POST['submit']) || isset($errors) && is_array($errors)) {
$user = $db->select('time_zone, dst, language', 'users', 'id = \'' . $_SESSION['acp3_id'] . '\'');
$user = $db->select('time_zone, dst, language', 'users', 'id = \'' . USER_ID . '\'');
// Zeitzonen
$tpl->assign('time_zone', time_zones($user[0]['time_zone']));
......
......@@ -2,7 +2,7 @@
if (!defined('IN_ACP3'))
exit;
if ($auth->is_user()) {
if ($auth->isUser()) {
redirect(0, ROOT_DIR);
} else {
$breadcrumb->assign(lang('users', 'users'), uri('users'));
......
......@@ -2,25 +2,25 @@
if (!defined('IN_ACP3'))
exit;
if (!$auth->is_user() || !preg_match('/\d/', $_SESSION['acp3_id'])) {
if (!$auth->isUser() || !preg_match('/\d/', USER_ID)) {
redirect('errors/403');
} else {
$breadcrumb->assign(lang('users', 'users'), uri('users'));
$breadcrumb->assign(lang('users', 'home'));
if (isset($_POST['submit'])) {
if (!$auth->is_user() || !preg_match('/\d/', $_SESSION['acp3_id'])) {
if (!$auth->isUser() || !preg_match('/\d/', USER_ID)) {
redirect('errors/403');
} else {
$form = $_POST['form'];
$bool = $db->update('users', array('draft' => $db->escape($form['draft'], 2)), 'id = \'' . $_SESSION['acp3_id'] . '\'');
$bool = $db->update('users', array('draft' => $db->escape($form['draft'], 2)), 'id = \'' . USER_ID . '\'');
$content = combo_box($bool ? lang('users', 'draft_success') : lang('users', 'draft_error'), uri('users/home'));
}
}
if (!isset($_POST['submit'])) {
$user = $db->select('draft', 'users', 'id = \'' . $_SESSION['acp3_id'] . '\'');
$user = $db->select('draft', 'users', 'id = \'' . USER_ID . '\'');
$tpl->assign('draft', $db->escape($user[0]['draft'], 3));
......
......@@ -11,13 +11,13 @@ if (!defined('IN_ACP3') && !defined('IN_ADM'))
exit;
// Falls der Benutzer schon eingeloggt ist, diesen zur Startseite weiterleiten
if ($auth->is_user()) {
if ($auth->isUser()) {
redirect(0, ROOT_DIR);
} elseif (isset($_POST['submit'])) {
$form = $_POST['form'];
$user = $db->select('id, pwd', 'users', 'nickname = \'' . $db->escape($form['nickname']) . '\'');
$is_user = false;
$isUser = false;
if (count($user) == '1') {
// Passwort aus Datenbank
......@@ -29,20 +29,14 @@ if ($auth->is_user()) {
// Wenn beide Hash Werte gleich sind, Benutzer authentifizieren
if ($db_hash == $form_pwd_hash) {
$is_user = true;
$isUser = true;
}
}
if ($is_user) {
// Session Einstellungen setzen und Session starten
session_set_cookie_params(0, '/');
session_start();
// Ein Jahr oder eine Stunde...
$expire = isset($_POST['remember']) ? 31104000 : 3600;
setcookie('ACP3_AUTH', $db->escape($form['nickname']) . '|' . $db_hash, time() + $expire, '/');
$_SESSION['acp3_id'] = $user[0]['id'];
if ($isUser) {
// Werte für den Cookie setzen
$cookie['value'] = base64_encode($db->escape($form['nickname']) . '|' . $db_hash);
$cookie['expires'] = time() + (isset($_POST['remember']) ? 31104000 : 3600);
setcookie('ACP3_AUTH', $cookie['value'], $cookie['expires'], '/');
if (isset($form['redirect_uri'])) {
redirect(0, base64_decode($form['redirect_uri']));
......
......@@ -2,7 +2,7 @@
if (!defined('IN_ACP3'))
exit;
if ($auth->is_user()) {
if ($auth->isUser()) {
redirect(0, ROOT_DIR);
} else {
$breadcrumb->assign(lang('users', 'users'), uri('users'));
......
......@@ -10,7 +10,7 @@
if (!defined('IN_ACP3') && !defined('IN_ADM'))
exit;
if ($auth->is_user()) {
if ($auth->isUser()) {
// Module einholen
$mod_list = $modules->modulesList();
$nav_mods = array();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment