diff options
Diffstat (limited to 'inc/user.inc.php')
-rw-r--r-- | inc/user.inc.php | 68 |
1 files changed, 40 insertions, 28 deletions
diff --git a/inc/user.inc.php b/inc/user.inc.php index 20e8cd3d..9ef27cd0 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -1,5 +1,9 @@ <?php +declare(strict_types=1); + +use JetBrains\PhpStorm\NoReturn; + require_once('inc/session.inc.php'); class User @@ -7,7 +11,7 @@ class User private static $user = false; - public static function isLoggedIn() + public static function isLoggedIn(): bool { return self::$user !== false; } @@ -26,12 +30,12 @@ class User return self::$user['fullname']; } - public static function hasPermission($permission, $locationid = NULL) + public static function hasPermission(string $permission, ?int $locationid = NULL): bool { if (!self::isLoggedIn()) return false; if (Module::isAvailable("permissionmanager")) { - if ($permission{0} === '.') { + if ($permission[0] === '.') { $permission = substr($permission, 1); } else { if (class_exists('Page')) { @@ -54,11 +58,12 @@ class User /** * Confirm current user has the given permission, stop execution and show error message * otherwise. + * * @param string $permission Permission to check for * @param null|int $locationid location this permission has to apply to, NULL if any location is sufficient * @param null|string $redirect page to redirect to if permission is not given, NULL defaults to main page */ - public static function assertPermission($permission, $locationid = NULL, $redirect = NULL) + public static function assertPermission(string $permission, ?int $locationid = NULL, ?string $redirect = NULL): void { if (User::hasPermission($permission, $locationid)) return; @@ -70,7 +75,7 @@ class User Message::addError('main.no-permission'); Util::redirect($redirect); } elseif (Module::isAvailable('permissionmanager')) { - if ($permission{0} !== '.') { + if ($permission[0] !== '.') { $module = Page::getModule(); if ($module !== false) { $permission = '.' . $module->getIdentifier() . '.' . $permission; @@ -83,12 +88,12 @@ class User } } - public static function getAllowedLocations($permission) + public static function getAllowedLocations(string $permission): array { if (!self::isLoggedIn()) return []; if (Module::isAvailable("permissionmanager")) { - if ($permission{0} === '.') { + if ($permission[0] === '.') { $permission = substr($permission, 1); } else { $module = Page::getModule(); @@ -105,16 +110,19 @@ class User } return $a; } - return array(); + return []; } - public static function load() + public static function load(): bool { if (self::isLoggedIn()) return true; if (Session::load()) { - $uid = Session::get('uid'); - if ($uid === false || $uid < 1) + if (empty(Session::get('token'))) { + self::generateToken(); + } + $uid = Session::getUserId(); + if ($uid < 1) self::logout(); self::$user = Database::queryFirst('SELECT * FROM user WHERE userid = :uid LIMIT 1', array(':uid' => $uid)); if (self::$user === false) @@ -125,7 +133,7 @@ class User return false; } - public static function testPassword($userid, $password) + public static function testPassword(string $userid, string $password): bool { $ret = Database::queryFirst('SELECT passwd FROM user WHERE userid = :userid LIMIT 1', compact('userid')); if ($ret === false) @@ -133,7 +141,7 @@ class User return Crypto::verify($password, $ret['passwd']); } - public static function updatePassword($password) + public static function updatePassword(string $password): bool { if (!self::isLoggedIn()) return false; @@ -142,36 +150,27 @@ class User return Database::exec('UPDATE user SET passwd = :passwd WHERE userid = :userid LIMIT 1', compact('userid', 'passwd')) > 0; } - public static function login($user, $pass) + public static function login(string $user, string $pass, bool $fixedIp): bool { $ret = Database::queryFirst('SELECT userid, passwd FROM user WHERE login = :user LIMIT 1', array(':user' => $user)); if ($ret === false) return false; if (!Crypto::verify($pass, $ret['passwd'])) return false; - Session::create($ret['passwd']); - Session::set('uid', $ret['userid']); - Session::set('token', md5($ret['passwd'] . ',' - . rand() . ',' - . time() . ',' - . rand() . ',' - . $_SERVER['REMOTE_ADDR'] . ',' - . rand() . ',' - . $_SERVER['REMOTE_PORT'] . ',' - . rand() . ',' - . $_SERVER['HTTP_USER_AGENT'])); - Session::save(); + Session::create($ret['passwd'], (int)$ret['userid'], $fixedIp); + self::generateToken($ret['passwd']); return true; } - public static function logout() + #[NoReturn] + public static function logout(): void { Session::delete(); Header('Location: ?do=Main&fromlogout'); exit(0); } - public static function setLastSeenEvent($eventid) + public static function setLastSeenEvent(int $eventid): void { if (!self::isLoggedIn()) return; @@ -189,4 +188,17 @@ class User return self::$user['lasteventid']; } + private static function generateToken($salt = ''): void + { + Session::set('token', md5($salt . ',' + . rand() . ',' + . time() . ',' + . rand() . ',' + . $_SERVER['REMOTE_ADDR'] . ',' + . rand() . ',' + . $_SERVER['REMOTE_PORT'] . ',' + . rand() . ',' + . $_SERVER['HTTP_USER_AGENT']), false); + } + } |