Clean up ACL/Login

Add locale global variable in the format <lang>_<country>.<encoding>@<suffix> Default set to en_US.UTF-8 Also remove nested if callse and do early abort/method return for flatten code: loginUser logoutUser setAcl printLogin passwordChange
Remove old comment from DB\IO class about encoding settings
2022-04-11 09:17:19 +09:00 · 2022-04-08 19:59:37 +09:00
2 changed files with 578 additions and 556 deletions
--- a/www/lib/CoreLibs/ACL/Login.php
+++ b/www/lib/CoreLibs/ACL/Login.php
@@ -216,11 +216,16 @@ class Login
 		// to the continue AJAX class for output back to the user
 		$this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false;
 		// set the default lang
 		$locale = 'en_US.UTF-8';
 		$lang = 'en_utf8';
 		if (Session::getSessionId() !== false && !empty($_SESSION['DEFAULT_LANG'])) {
 			$lang = $_SESSION['DEFAULT_LANG'];
 			$locale = $_SESSION['DEFAULT_LOCALE'];
 		} else {
-			$lang = defined('SITE_LANG') ? SITE_LANG : DEFAULT_LANG;
+			$lang = defined('SITE_LANG') && !empty(SITE_LANG) ?
 				SITE_LANG : DEFAULT_LANG;
 			$locale = defined('SITE_LOCALE') && !empty(SITE_LOCALE) ?
 				SITE_LOCALE : DEFAULT_LOCALE;
 		}
 		$this->l = $l10n ?? new \CoreLibs\Language\L10n($lang);
@@ -416,11 +421,18 @@ class Login
 	 */
 	private function loginLoginUser(): void
 	{
-		// have to get the global stuff here for setting it later
+		// if pressed login at least and is not yet loggined in
-		if (!$this->euid && $this->login) {
+		// if (!(!$this->euid && $this->login)) {
 		if ($this->euid && !$this->login) {
 			return;
 		}
 		// if not username AND password where given
 		if (!($this->password && $this->username)) {
 			$this->login_error = 102;
-			} else {
+			$this->permission_okay = false;
 			return;
 		}
 		// have to get the global stuff here for setting it later
 		// we have to get the themes in here too
 		$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
 			. "eu.edit_group_id, "
@@ -430,7 +442,7 @@ class Login
 			. "eu.debug, eu.db_debug, "
 			. "eareu.level AS user_level, eareu.type AS user_type, "
 			. "eareg.level AS group_level, eareg.type AS group_type, "
-					. "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, "
+			. "eu.enabled, el.short_name AS locale, el.iso_name AS encoding, "
 			. "first.header_color AS first_header_color, "
 			. "second.header_color AS second_header_color, second.template "
 			. "FROM edit_user eu "
@@ -448,14 +460,18 @@ class Login
 			// password match is done in script, against old plain or new blowfish encypted
 			. "(LOWER(username) = '" . $this->db->dbEscapeString(strtolower($this->username)) . "') ";
 		$res = $this->db->dbReturn($q);
 		// query was not run successful
 		if (!is_array($res)) {
 			$this->login_error = 1009;
 			$this->permission_okay = false;
 			return;
 		} elseif (empty($this->db->dbGetCursorNumRows($q))) {
 			// username is wrong, but we throw for wrong username
 			// and wrong password the same error
 			$this->login_error = 1010;
-				} else {
+			$this->permission_okay = false;
 			return;
 		}
 		// if login errors is half of max errors and the last login error
 		// was less than 10s ago, forbid any new login try
@@ -474,6 +490,8 @@ class Login
 			$this->login_error = 105;
 		} elseif (!$this->loginPasswordCheck($res['password'])) {
 			// none to be set, set in login password check
 			// this is not valid password input error here
 			// all error codes are set in loginPasswordCheck method
 		} else {
 			// check if the current password is an invalid hash and do a rehash and set password
 			// $this->debug('LOGIN', 'Hash: '.$res['password'].' -> VERIFY: '
@@ -508,10 +526,12 @@ class Login
 				$_SESSION['HEADER_COLOR'] = $res['second_header_color'] ?
 					$res['second_header_color'] :
 					$res['first_header_color'];
-							$_SESSION['LANG'] = $res['lang_short'];
+				$_SESSION['LANG'] = $res['locale'] ?? 'en';
-							$_SESSION['DEFAULT_CHARSET'] = $res['lang_iso'];
+				$_SESSION['DEFAULT_CHARSET'] = $res['encoding'] ?? 'UTF-8';
-							$_SESSION['DEFAULT_LANG'] = $res['lang_short'] . '_'
+				$_SESSION['DEFAULT_LOCALE'] = $_SESSION['LANG']
-								. strtolower(str_replace('-', '', $res['lang_iso']));
+					. '.' . strtoupper($_SESSION['DEFAULT_CHARSET']);
 				$_SESSION['DEFAULT_LANG'] = $_SESSION['LANG'] . '_'
 					. strtolower(str_replace('-', '', $_SESSION['DEFAULT_CHARSET']));
 				// reset any login error count for this user
 				if ($res['login_error_count'] > 0) {
 					$q = "UPDATE edit_user "
@@ -673,14 +693,11 @@ class Login
 				}
 			}
 		}
 				} // user was not found
 			} // if not username AND password where given
 		// if there was an login error, show login screen
 		if ($this->login_error) {
 			// reset the perm var, to confirm logout
 			$this->permission_okay = false;
 		}
 		} // if he pressed login at least and is not yet loggined in
 	}
 	/**
@@ -721,7 +738,10 @@ class Login
 	 */
 	public function loginLogoutUser(): void
 	{
-		if ($this->logout || $this->login_error) {
+		// must be either logout or error
 		if (!$this->logout && !$this->login_error) {
 			return;
 		}
 		// unregister and destroy session vars
 		foreach (
 			// TODO move this into some global array for easier update
@@ -733,6 +753,7 @@ class Login
 				'DEFAULT_ACL_LIST',
 				'DEFAULT_CHARSET',
 				'DEFAULT_LANG',
 				'DEFAULT_LOCALE',
 				'EAID',
 				'EUID',
 				'GROUP_ACL_LEVEL',
@@ -760,7 +781,6 @@ class Login
 		// then prints the login screen again
 		$this->permission_okay = false;
 	}
 	}
 	/**
 	 * sets all the basic ACLs
@@ -782,7 +802,9 @@ class Login
 	private function loginSetAcl(): void
 	{
 		// only set acl if we have permission okay
-		if ($this->permission_okay) {
+		if (!$this->permission_okay) {
 			return;
 		}
 		// username (login), group name
 		$this->acl['user_name'] = $_SESSION['USER_NAME'];
 		$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
@@ -871,7 +893,6 @@ class Login
 		// debug
 		// $this->debug('ACL', $this->print_ar($this->acl));
 	}
 	}
 	/**
 	 * checks if this edit access id is valid
@@ -946,7 +967,10 @@ class Login
 	 */
 	private function loginPasswordChange(): void
 	{
-		if ($this->change_password) {
+		// only continue if password change button pressed
 		if (!$this->change_password) {
 			return;
 		}
 		$event = 'Password Change';
 		$data = '';
 		// check that given username is NOT in the deny list, else silent skip (with error log)
@@ -1035,7 +1059,6 @@ class Login
 		}
 		// log this password change attempt
 		$this->writeLog($event, $data, $this->login_error, $this->pw_username);
 		} // button pressed
 	}
 	/**
@@ -1045,7 +1068,10 @@ class Login
 	private function loginPrintLogin()
 	{
 		$html_string = null;
-		if (!$this->permission_okay) {
+		// if permission is ok, return null
 		if ($this->permission_okay) {
 			return $html_string;
 		}
 		// set the templates now
 		$this->loginSetTemplates();
 		// if there is a global logout target ...
@@ -1135,8 +1161,7 @@ class Login
 		foreach ($this->login_template['strings'] as $string => $data) {
 			$html_string = str_replace('{' . $string . '}', $data, $html_string);
 		}
-		} // if permission is 0 then print out login
+		// return the created HTML here
 		// return the created HTML here or null for nothing
 		return $html_string;
 	}
--- a/www/lib/CoreLibs/DB/IO.php
+++ b/www/lib/CoreLibs/DB/IO.php
@@ -410,9 +410,6 @@ class IO
 			false
 		);
 		// set the target encoding to the DEFAULT_ENCODING if it is one of them: EUC, Shift_JIS, UTF-8
 		// @ the moment set only from outside
 		// set loop protection max count
 		$this->MAX_QUERY_CALL = self::DEFAULT_MAX_QUERY_CALL;