Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1424

Timestamp:

04/09/06 23:29:35 (3 years ago)

Author:

mbonetti

Message:

Handle all user business in a new (early loaded) User class. Also fixes #382

Location:

trunk/rss

Files:

: 2 added
: 5 modified

admin/index.php (modified) (3 diffs)
cls/user.php (added)
cls/wrappers/header.php (modified) (1 diff)
cls/wrappers/user.php (added)
index.php (modified) (1 diff)
init.php (modified) (1 diff)
util.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/rss/admin/index.php

r1421	r1424
72	72	define ('CST_ADMIN_OPML_IMPORT_MERGE',3);
73	73
74		$auth=rss_check_user_level(RSS_USER_LEVEL_ADMIN);
	74
	75	$auth=rss_user_check_user_level(RSS_USER_LEVEL_ADMIN);
75	76	if (! $auth) {
76	77	// check whether the admin password has been set.
…	…
86	87	set_admin_pass($admin_uname,$admin_pass);
87	88	} else {
88		// forget the password
89		unset($__pw__);
90		$login_uname = null;
91		$login_pass = null;
92		// Last chance: log in
93		if (isset($_POST['username']) && isset($_POST['password'])) {
94		$login_uname = $_POST['username'];
95		$login_pass = $_POST['password'];
96		$loginRes = explode('\|', __exp_login($login_uname,md5($login_pass)));
97		$auth = $loginRes[0] >= RSS_USER_LEVEL_ADMIN;
98		}
99		if (!$auth) {
100		rss_login_form($login_uname,$login_pass);
101		exit();
102		}
	89	rss_login_form();
	90	exit();
103	91	}
104	92	}
…	…
116	104	*/
117	105	function admin_main($authorised) {
118
119	106	echo "\n<div id=\"channel_admin\" class=\"frame\">";
120	107	if ($authorised) {

trunk/rss/cls/wrappers/header.php

r1421	r1424
137	137	function rss_header_logininfo() {
138	138
139		~~// Login handler~~
140		~~if (isset($_POST['username']) && isset($_POST['password'])) {~~
141		~~$loginRes = explode('\|', __exp_login($_POST['username'],md5($_POST['password'])));~~
142		~~$user = array();~~
143		~~list($user['ulevel'],$user['uname'],$dummy) = $loginRes;~~
144		~~unset($dummy);~~
145		~~} else {~~
146		~~$user = rss_getUser();~~
147		}
148
149	139	$ret = "<span id=\"loginfo\">\n";
150	140
151		if (~~$user['ulevel']~~ > RSS_USER_LEVEL_NOLEVEL) {
152		$ret .= sprintf(LBL_LOGGED_IN_AS, ~~$user['uname']~~)
	141	if (rss_user_level() > RSS_USER_LEVEL_NOLEVEL) {
	142	$ret .= sprintf(LBL_LOGGED_IN_AS, rss_user_name())
153	143	." \| <a href=\"".getPath()."?logout\">".LBL_LOG_OUT."</a>\n";
154	144	} else {

trunk/rss/index.php

r1298	r1424
63	63	if (array_key_exists('update',$_REQUEST)) {
64	64	update("");
65		}
66
67
68		~~if (array_key_exists('logout',$_GET)) {~~
69		~~logoutUserCookie();~~
70		~~rss_redirect('');~~
71	65	}
72	66

trunk/rss/init.php

r1372	r1424
62	62	//
63	63	rss_require('util.php');
	64	rss_require('cls/user.php');
64	65	rss_require('cls/rss.php');
65	66	//rss_require('config.php');

trunk/rss/util.php

r1421	r1424
868	868	}
869	869
870		function rss_getUser() {
871		static $user;
872		if ($user == null) {
873
874		$user = array(
875		'uid' => 0,
876		'uname' => null,
877		'ulevel' => RSS_USER_LEVEL_NOLEVEL,
878		'realname' => null,
879		'lastip' => null,
880		'userips' => null,
881		'lastlogin' => null
882		);
883		$cuname = $chash = null;
884		if (isset($_COOKIE[RSS_USER_COOKIE])) {
885		list($cuname,$chash) = explode('\|',$_COOKIE[RSS_USER_COOKIE]);
886		} elseif(isset($_SESSION['mobile'])) {
887		list($cuname,$chash) = explode('\|',$_SESSION['mobile']);
888		}
889		if ($cuname && $chash) {
890		$sql = "select * from " . getTable('users') . " where uname='"
891		.rss_real_escape_string($cuname) ."' and password='"
892		.preg_replace('#[^a-zA-Z0-9]#','',md5($chash)) ."'";
893		$rs = rss_query($sql);
894		if (rss_num_rows($rs) == 1) {
895		$tmp = rss_fetch_assoc($rs);
896		if (isset($tmp['userips'])) {
897		$tmp['userips'] = explode(' ',$tmp['userips']);
898		} else {
899		$tmp['userips'] = array();
900		}
901
902		unset($tmp['password']);
903		$subnet = preg_replace('#^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$#','\1',$_SERVER['REMOTE_ADDR']);
904		if (array_search($subnet, $tmp['userips']) !== FALSE) {
905		// success: password hash was checked and the user's IP
906		// address subnet is registered
907		$user = $tmp;
908		}
909		}
910		}
911		}
912		return $user;
913		}
914
915		function setUserCookie($user,$hash) {
916		if (getConfig('rss.config.autologout')) {
917		$t = 0;
918		} else {
919		$t =time()+COOKIE_LIFESPAN;
920		}
921		setcookie(RSS_USER_COOKIE, "$user\|$hash", $t, getPath());
922		}
923
924		function logoutUserCookie() {
925		if (array_key_exists(RSS_USER_COOKIE, $_COOKIE)) {
926
927		// remove the user's IP subnet from the list of valid addresses
928		$user = rss_getUser();
929		$subnet = preg_replace('#^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$#','\1',$_SERVER['REMOTE_ADDR']);
930
931		if (($idx = array_search($subnet, $user['userips'])) !== FALSE) {
932		$cnt = count($user['userips']);
933		unset($user['userips'][$idx]);
934		$uname = trim($user['uname']);
935		if ($uname && ($cnt > count($user['userips']))) {
936		$sql = "update " .getTable('users')
937		. " set userips = '" . implode(' ',$user['userips']) ."'"
938		." where uname = '$uname' ";
939		rss_query($sql);
940		}
941		}
942
943		// get rid of the cookie
944		unset($_COOKIE[RSS_USER_COOKIE]);
945		setcookie(RSS_USER_COOKIE, "", -1, getPath());
946		rss_invalidate_cache();
947
948		}
949		}
950
951		function hidePrivate() {
952		static $ret;
953		if ($ret === null) {
954		$ret = !rss_check_user_level(RSS_USER_LEVEL_PRIVATE);
955		}
956
957		return $ret;
958		}
959
960		function rss_check_user_level($level) {
961		$user = rss_getUser();
962		return $user['ulevel'] >= $level;
963		}
964
965		function __exp_login($uname,$pass) {
966		$sql ="select uname,ulevel,userips from " .getTable('users') . "where uname='"
967		.rss_real_escape_string($uname)."' and password='".md5($pass)."'";
968		list($uname,$ulevel,$userips) = rss_fetch_row(rss_query($sql));
969		if ($ulevel == '') {
970		$ulevel = RSS_USER_LEVEL_NOLEVEL;
971		} else {
972		// "push" the user IP into the list of logged-in IP subnets
973		$subnet = preg_replace('#^([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+$#','\1',$_SERVER['REMOTE_ADDR']);
974		$useripsArray = explode(' ',$userips);
975		$useripsArray[] = $subnet;
976		$sql = "update " .getTable('users')
977		. " set userips = '" . implode(' ',$useripsArray) ."'"
978		." where uname = '$uname' ";
979		rss_query($sql);
980		setUserCookie($uname,$pass);
981		rss_invalidate_cache();
982		}
983		return "$ulevel\|$uname\|$pass";
984		}
	870
985	871
986	872	function getUnreadCount($cid, $fid) {

Context Navigation

Changeset 1424

Legend:

trunk/rss/admin/index.php

trunk/rss/cls/wrappers/header.php

trunk/rss/index.php

trunk/rss/init.php

trunk/rss/util.php

Download in other formats: