Clean up ACL/Login
Add locale global variable in the format <lang>_<country>.<encoding>@<suffix> Default set to en_US.UTF-8 Also remove nested if callse and do early abort/method return for flatten code: loginUser logoutUser setAcl printLogin passwordChange
This commit is contained in:
Clemens Schwaighofer
@@ -216,11 +216,16 @@ class Login
|
|||||||
// to the continue AJAX class for output back to the user
|
// to the continue AJAX class for output back to the user
|
||||||
$this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false;
|
$this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false;
|
||||||
// set the default lang
|
// set the default lang
|
||||||
|
$locale = 'en_US.UTF-8';
|
||||||
$lang = 'en_utf8';
|
$lang = 'en_utf8';
|
||||||
if (Session::getSessionId() !== false && !empty($_SESSION['DEFAULT_LANG'])) {
|
if (Session::getSessionId() !== false && !empty($_SESSION['DEFAULT_LANG'])) {
|
||||||
$lang = $_SESSION['DEFAULT_LANG'];
|
$lang = $_SESSION['DEFAULT_LANG'];
|
||||||
|
$locale = $_SESSION['DEFAULT_LOCALE'];
|
||||||
} else {
|
} else {
|
||||||
$lang = defined('SITE_LANG') ? SITE_LANG : DEFAULT_LANG;
|
$lang = defined('SITE_LANG') && !empty(SITE_LANG) ?
|
||||||
|
SITE_LANG : DEFAULT_LANG;
|
||||||
|
$locale = defined('SITE_LOCALE') && !empty(SITE_LOCALE) ?
|
||||||
|
SITE_LOCALE : DEFAULT_LOCALE;
|
||||||
}
|
}
|
||||||
$this->l = $l10n ?? new \CoreLibs\Language\L10n($lang);
|
$this->l = $l10n ?? new \CoreLibs\Language\L10n($lang);
|
||||||
|
|
||||||
@@ -416,11 +421,18 @@ class Login
|
|||||||
*/
|
*/
|
||||||
private function loginLoginUser(): void
|
private function loginLoginUser(): void
|
||||||
{
|
{
|
||||||
// have to get the global stuff here for setting it later
|
// if pressed login at least and is not yet loggined in
|
||||||
if (!$this->euid && $this->login) {
|
// if (!(!$this->euid && $this->login)) {
|
||||||
|
if ($this->euid && !$this->login) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// if not username AND password where given
|
||||||
if (!($this->password && $this->username)) {
|
if (!($this->password && $this->username)) {
|
||||||
$this->login_error = 102;
|
$this->login_error = 102;
|
||||||
} else {
|
$this->permission_okay = false;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// have to get the global stuff here for setting it later
|
||||||
// we have to get the themes in here too
|
// we have to get the themes in here too
|
||||||
$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
|
$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
|
||||||
. "eu.edit_group_id, "
|
. "eu.edit_group_id, "
|
||||||
@@ -430,7 +442,7 @@ class Login
|
|||||||
. "eu.debug, eu.db_debug, "
|
. "eu.debug, eu.db_debug, "
|
||||||
. "eareu.level AS user_level, eareu.type AS user_type, "
|
. "eareu.level AS user_level, eareu.type AS user_type, "
|
||||||
. "eareg.level AS group_level, eareg.type AS group_type, "
|
. "eareg.level AS group_level, eareg.type AS group_type, "
|
||||||
. "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, "
|
. "eu.enabled, el.short_name AS locale, el.iso_name AS encoding, "
|
||||||
. "first.header_color AS first_header_color, "
|
. "first.header_color AS first_header_color, "
|
||||||
. "second.header_color AS second_header_color, second.template "
|
. "second.header_color AS second_header_color, second.template "
|
||||||
. "FROM edit_user eu "
|
. "FROM edit_user eu "
|
||||||
@@ -448,14 +460,18 @@ class Login
|
|||||||
// password match is done in script, against old plain or new blowfish encypted
|
// password match is done in script, against old plain or new blowfish encypted
|
||||||
. "(LOWER(username) = '" . $this->db->dbEscapeString(strtolower($this->username)) . "') ";
|
. "(LOWER(username) = '" . $this->db->dbEscapeString(strtolower($this->username)) . "') ";
|
||||||
$res = $this->db->dbReturn($q);
|
$res = $this->db->dbReturn($q);
|
||||||
|
// query was not run successful
|
||||||
if (!is_array($res)) {
|
if (!is_array($res)) {
|
||||||
$this->login_error = 1009;
|
$this->login_error = 1009;
|
||||||
$this->permission_okay = false;
|
$this->permission_okay = false;
|
||||||
|
return;
|
||||||
} elseif (empty($this->db->dbGetCursorNumRows($q))) {
|
} elseif (empty($this->db->dbGetCursorNumRows($q))) {
|
||||||
// username is wrong, but we throw for wrong username
|
// username is wrong, but we throw for wrong username
|
||||||
// and wrong password the same error
|
// and wrong password the same error
|
||||||
$this->login_error = 1010;
|
$this->login_error = 1010;
|
||||||
} else {
|
$this->permission_okay = false;
|
||||||
|
return;
|
||||||
|
}
|
||||||
// if login errors is half of max errors and the last login error
|
// if login errors is half of max errors and the last login error
|
||||||
// was less than 10s ago, forbid any new login try
|
// was less than 10s ago, forbid any new login try
|
||||||
|
|
||||||
@@ -474,6 +490,8 @@ class Login
|
|||||||
$this->login_error = 105;
|
$this->login_error = 105;
|
||||||
} elseif (!$this->loginPasswordCheck($res['password'])) {
|
} elseif (!$this->loginPasswordCheck($res['password'])) {
|
||||||
// none to be set, set in login password check
|
// none to be set, set in login password check
|
||||||
|
// this is not valid password input error here
|
||||||
|
// all error codes are set in loginPasswordCheck method
|
||||||
} else {
|
} else {
|
||||||
// check if the current password is an invalid hash and do a rehash and set password
|
// check if the current password is an invalid hash and do a rehash and set password
|
||||||
// $this->debug('LOGIN', 'Hash: '.$res['password'].' -> VERIFY: '
|
// $this->debug('LOGIN', 'Hash: '.$res['password'].' -> VERIFY: '
|
||||||
@@ -508,10 +526,12 @@ class Login
|
|||||||
$_SESSION['HEADER_COLOR'] = $res['second_header_color'] ?
|
$_SESSION['HEADER_COLOR'] = $res['second_header_color'] ?
|
||||||
$res['second_header_color'] :
|
$res['second_header_color'] :
|
||||||
$res['first_header_color'];
|
$res['first_header_color'];
|
||||||
$_SESSION['LANG'] = $res['lang_short'];
|
$_SESSION['LANG'] = $res['locale'] ?? 'en';
|
||||||
$_SESSION['DEFAULT_CHARSET'] = $res['lang_iso'];
|
$_SESSION['DEFAULT_CHARSET'] = $res['encoding'] ?? 'UTF-8';
|
||||||
$_SESSION['DEFAULT_LANG'] = $res['lang_short'] . '_'
|
$_SESSION['DEFAULT_LOCALE'] = $_SESSION['LANG']
|
||||||
. strtolower(str_replace('-', '', $res['lang_iso']));
|
. '.' . strtoupper($_SESSION['DEFAULT_CHARSET']);
|
||||||
|
$_SESSION['DEFAULT_LANG'] = $_SESSION['LANG'] . '_'
|
||||||
|
. strtolower(str_replace('-', '', $_SESSION['DEFAULT_CHARSET']));
|
||||||
// reset any login error count for this user
|
// reset any login error count for this user
|
||||||
if ($res['login_error_count'] > 0) {
|
if ($res['login_error_count'] > 0) {
|
||||||
$q = "UPDATE edit_user "
|
$q = "UPDATE edit_user "
|
||||||
@@ -673,14 +693,11 @@ class Login
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} // user was not found
|
|
||||||
} // if not username AND password where given
|
|
||||||
// if there was an login error, show login screen
|
// if there was an login error, show login screen
|
||||||
if ($this->login_error) {
|
if ($this->login_error) {
|
||||||
// reset the perm var, to confirm logout
|
// reset the perm var, to confirm logout
|
||||||
$this->permission_okay = false;
|
$this->permission_okay = false;
|
||||||
}
|
}
|
||||||
} // if he pressed login at least and is not yet loggined in
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -721,7 +738,10 @@ class Login
|
|||||||
*/
|
*/
|
||||||
public function loginLogoutUser(): void
|
public function loginLogoutUser(): void
|
||||||
{
|
{
|
||||||
if ($this->logout || $this->login_error) {
|
// must be either logout or error
|
||||||
|
if (!$this->logout && !$this->login_error) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
// unregister and destroy session vars
|
// unregister and destroy session vars
|
||||||
foreach (
|
foreach (
|
||||||
// TODO move this into some global array for easier update
|
// TODO move this into some global array for easier update
|
||||||
@@ -733,6 +753,7 @@ class Login
|
|||||||
'DEFAULT_ACL_LIST',
|
'DEFAULT_ACL_LIST',
|
||||||
'DEFAULT_CHARSET',
|
'DEFAULT_CHARSET',
|
||||||
'DEFAULT_LANG',
|
'DEFAULT_LANG',
|
||||||
|
'DEFAULT_LOCALE',
|
||||||
'EAID',
|
'EAID',
|
||||||
'EUID',
|
'EUID',
|
||||||
'GROUP_ACL_LEVEL',
|
'GROUP_ACL_LEVEL',
|
||||||
@@ -760,7 +781,6 @@ class Login
|
|||||||
// then prints the login screen again
|
// then prints the login screen again
|
||||||
$this->permission_okay = false;
|
$this->permission_okay = false;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* sets all the basic ACLs
|
* sets all the basic ACLs
|
||||||
@@ -782,7 +802,9 @@ class Login
|
|||||||
private function loginSetAcl(): void
|
private function loginSetAcl(): void
|
||||||
{
|
{
|
||||||
// only set acl if we have permission okay
|
// only set acl if we have permission okay
|
||||||
if ($this->permission_okay) {
|
if (!$this->permission_okay) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
// username (login), group name
|
// username (login), group name
|
||||||
$this->acl['user_name'] = $_SESSION['USER_NAME'];
|
$this->acl['user_name'] = $_SESSION['USER_NAME'];
|
||||||
$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
|
$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
|
||||||
@@ -871,7 +893,6 @@ class Login
|
|||||||
// debug
|
// debug
|
||||||
// $this->debug('ACL', $this->print_ar($this->acl));
|
// $this->debug('ACL', $this->print_ar($this->acl));
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* checks if this edit access id is valid
|
* checks if this edit access id is valid
|
||||||
@@ -946,7 +967,10 @@ class Login
|
|||||||
*/
|
*/
|
||||||
private function loginPasswordChange(): void
|
private function loginPasswordChange(): void
|
||||||
{
|
{
|
||||||
if ($this->change_password) {
|
// only continue if password change button pressed
|
||||||
|
if (!$this->change_password) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
$event = 'Password Change';
|
$event = 'Password Change';
|
||||||
$data = '';
|
$data = '';
|
||||||
// check that given username is NOT in the deny list, else silent skip (with error log)
|
// check that given username is NOT in the deny list, else silent skip (with error log)
|
||||||
@@ -1035,7 +1059,6 @@ class Login
|
|||||||
}
|
}
|
||||||
// log this password change attempt
|
// log this password change attempt
|
||||||
$this->writeLog($event, $data, $this->login_error, $this->pw_username);
|
$this->writeLog($event, $data, $this->login_error, $this->pw_username);
|
||||||
} // button pressed
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -1045,7 +1068,10 @@ class Login
|
|||||||
private function loginPrintLogin()
|
private function loginPrintLogin()
|
||||||
{
|
{
|
||||||
$html_string = null;
|
$html_string = null;
|
||||||
if (!$this->permission_okay) {
|
// if permission is ok, return null
|
||||||
|
if ($this->permission_okay) {
|
||||||
|
return $html_string;
|
||||||
|
}
|
||||||
// set the templates now
|
// set the templates now
|
||||||
$this->loginSetTemplates();
|
$this->loginSetTemplates();
|
||||||
// if there is a global logout target ...
|
// if there is a global logout target ...
|
||||||
@@ -1135,8 +1161,7 @@ class Login
|
|||||||
foreach ($this->login_template['strings'] as $string => $data) {
|
foreach ($this->login_template['strings'] as $string => $data) {
|
||||||
$html_string = str_replace('{' . $string . '}', $data, $html_string);
|
$html_string = str_replace('{' . $string . '}', $data, $html_string);
|
||||||
}
|
}
|
||||||
} // if permission is 0 then print out login
|
// return the created HTML here
|
||||||
// return the created HTML here or null for nothing
|
|
||||||
return $html_string;
|
return $html_string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user