1 files changed, 40 insertions, 28 deletions

diff --git a/inc/user.inc.php b/inc/user.inc.php
index 20e8cd3d..9ef27cd0 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -1,5 +1,9 @@
 <?php
 
+declare(strict_types=1);
+
+use JetBrains\PhpStorm\NoReturn;
+
 require_once('inc/session.inc.php');
 
 class User
@@ -7,7 +11,7 @@ class User
 
 	private static $user = false;
 
-	public static function isLoggedIn()
+	public static function isLoggedIn(): bool
 	{
 		return self::$user !== false;
 	}
@@ -26,12 +30,12 @@ class User
 		return self::$user['fullname'];
 	}
 
-	public static function hasPermission($permission, $locationid = NULL)
+	public static function hasPermission(string $permission, ?int $locationid = NULL): bool
 	{
 		if (!self::isLoggedIn())
 			return false;
 		if (Module::isAvailable("permissionmanager")) {
-			if ($permission{0} === '.') {
+			if ($permission[0] === '.') {
 				$permission = substr($permission, 1);
 			} else {
 				if (class_exists('Page')) {
@@ -54,11 +58,12 @@ class User
 	/**
 	 * Confirm current user has the given permission, stop execution and show error message
 	 * otherwise.
+	 *
 	 * @param string $permission Permission to check for
 	 * @param null|int $locationid location this permission has to apply to, NULL if any location is sufficient
 	 * @param null|string $redirect page to redirect to if permission is not given, NULL defaults to main page
 	 */
-	public static function assertPermission($permission, $locationid = NULL, $redirect = NULL)
+	public static function assertPermission(string $permission, ?int $locationid = NULL, ?string $redirect = NULL): void
 	{
 		if (User::hasPermission($permission, $locationid))
 			return;
@@ -70,7 +75,7 @@ class User
 			Message::addError('main.no-permission');
 			Util::redirect($redirect);
 		} elseif (Module::isAvailable('permissionmanager')) {
-			if ($permission{0} !== '.') {
+			if ($permission[0] !== '.') {
 				$module = Page::getModule();
 				if ($module !== false) {
 					$permission = '.' . $module->getIdentifier() . '.' . $permission;
@@ -83,12 +88,12 @@ class User
 		}
 	}
 
-	public static function getAllowedLocations($permission)
+	public static function getAllowedLocations(string $permission): array
 	{
 		if (!self::isLoggedIn())
 			return [];
 		if (Module::isAvailable("permissionmanager")) {
-			if ($permission{0} === '.') {
+			if ($permission[0] === '.') {
 				$permission = substr($permission, 1);
 			} else {
 				$module = Page::getModule();
@@ -105,16 +110,19 @@ class User
 			}
 			return $a;
 		}
-		return array();
+		return [];
 	}
 
-	public static function load()
+	public static function load(): bool
 	{
 		if (self::isLoggedIn())
 			return true;
 		if (Session::load()) {
-			$uid = Session::get('uid');
-			if ($uid === false || $uid < 1)
+			if (empty(Session::get('token'))) {
+				self::generateToken();
+			}
+			$uid = Session::getUserId();
+			if ($uid < 1)
 				self::logout();
 			self::$user = Database::queryFirst('SELECT * FROM user WHERE userid = :uid LIMIT 1', array(':uid' => $uid));
 			if (self::$user === false)
@@ -125,7 +133,7 @@ class User
 		return false;
 	}
 
-	public static function testPassword($userid, $password)
+	public static function testPassword(string $userid, string $password): bool
 	{
 		$ret = Database::queryFirst('SELECT passwd FROM user WHERE userid = :userid LIMIT 1', compact('userid'));
 		if ($ret === false)
@@ -133,7 +141,7 @@ class User
 		return Crypto::verify($password, $ret['passwd']);
 	}
 
-	public static function updatePassword($password)
+	public static function updatePassword(string $password): bool
 	{
 		if (!self::isLoggedIn())
 			return false;
@@ -142,36 +150,27 @@ class User
 		return Database::exec('UPDATE user SET passwd = :passwd WHERE userid = :userid LIMIT 1', compact('userid', 'passwd')) > 0;
 	}
 
-	public static function login($user, $pass)
+	public static function login(string $user, string $pass, bool $fixedIp): bool
 	{
 		$ret = Database::queryFirst('SELECT userid, passwd FROM user WHERE login = :user LIMIT 1', array(':user' => $user));
 		if ($ret === false)
 			return false;
 		if (!Crypto::verify($pass, $ret['passwd']))
 			return false;
-		Session::create($ret['passwd']);
-		Session::set('uid', $ret['userid']);
-		Session::set('token', md5($ret['passwd'] . ','
-			. rand() . ','
-			. time() . ','
-			. rand() . ','
-			. $_SERVER['REMOTE_ADDR'] . ','
-			. rand() . ','
-			. $_SERVER['REMOTE_PORT'] . ','
-			. rand() . ','
-			. $_SERVER['HTTP_USER_AGENT']));
-		Session::save();
+		Session::create($ret['passwd'], (int)$ret['userid'], $fixedIp);
+		self::generateToken($ret['passwd']);
 		return true;
 	}
 
-	public static function logout()
+	#[NoReturn]
+	public static function logout(): void
 	{
 		Session::delete();
 		Header('Location: ?do=Main&fromlogout');
 		exit(0);
 	}
 
-	public static function setLastSeenEvent($eventid)
+	public static function setLastSeenEvent(int $eventid): void
 	{
 		if (!self::isLoggedIn())
 			return;
@@ -189,4 +188,17 @@ class User
 		return self::$user['lasteventid'];
 	}
 
+	private static function generateToken($salt = ''): void
+	{
+		Session::set('token', md5($salt . ','
+			. rand() . ','
+			. time() . ','
+			. rand() . ','
+			. $_SERVER['REMOTE_ADDR'] . ','
+			. rand() . ','
+			. $_SERVER['REMOTE_PORT'] . ','
+			. rand() . ','
+			. $_SERVER['HTTP_USER_AGENT']), false);
+	}
+
 }