gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 07:04:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

do cookie handling and session update only if logged in via web page

Browse Source
This commit is contained in:
Uwe Steinmann 2022-11-24 12:38:59 +01:00
parent 3e61d93049
commit 53389d9054
1 changed files with 70 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
controllers/class.Login.php
View File

@ -35,9 +35,10 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
$dms = $this->params['dms'];
$settings = $this->params['settings'];
$session = $this->params['session'];
$sesstheme = $this->params['sesstheme'];
$referuri = $this->params['referuri'];
$lang = $this->params['lang'];
$source = isset($this->params['source']) ? $this->params['source'] : '';
$sesstheme = $this->getParam('sesstheme');
$referuri = $this->getParam('referuri');
$lang = $this->getParam('lang');
$login = $this->params['login'];
$pwd = $this->params['pwd'];
@ -75,7 +76,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
* return false and if the hook doesn't care at all, if must return null.
*/
if(!$user) {
$user = $this->callHook('authenticate');
$user = $this->callHook('authenticate', $source);
if(false === $user) {
if(empty($this->errormsg))
$this->setErrorMsg("authentication_failed");
@ -166,73 +167,78 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
/* Clear login failures if login was successful */
$user->clearLoginFailures();
// Capture the user's language and theme settings.
if ($lang) {
$user->setLanguage($lang);
} else {
$lang = $user->getLanguage();
if (strlen($lang)==0) {
$lang = $settings->_language;
/* Setting the theme and language and all the cookie handling is
* only done when authentication was requested from a weg page.
*/
if($source == 'web') {
// Capture the user's language and theme settings.
if ($lang) {
$user->setLanguage($lang);
}
}
if ($sesstheme) {
$user->setTheme($sesstheme);
}
else {
$sesstheme = $user->getTheme();
/* Override the theme if the user doesn't have one or the default theme
* shall override it.
*/
if (strlen($sesstheme)==0 || !empty($settings->_overrideTheme)) {
$sesstheme = $settings->_theme;
// $user->setTheme($sesstheme);
}
}
// Delete all sessions that are more than 1 week or the configured
// cookie lifetime old. Probably not the most
// reliable place to put this check -- move to inc.Authentication.php?
if($settings->_cookieLifetime)
$lifetime = intval($settings->_cookieLifetime);
else
$lifetime = 7*86400;
if(!$session->deleteByTime($lifetime)) {
$this->setErrorMsg("error_occured");
return false;
}
if (isset($_COOKIE["mydms_session"])) {
/* This part will never be reached unless the session cookie is kept,
* but op.Logout.php deletes it. Keeping a session could be a good idea
* for retaining the clipboard data, but the user id in the session should
* be set to 0 which is not possible due to foreign key constraints.
* So for now op.Logout.php will delete the cookie as always
*/
/* Load session */
$dms_session = $_COOKIE["mydms_session"];
if(!$resArr = $session->load($dms_session)) {
/* Turn off http only cookies if jumploader is enabled */
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, false, true); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$referuri);
exit;
} else {
$session->updateAccess($dms_session);
$session->setUser($userid);
$lang = $user->getLanguage();
if (strlen($lang)==0) {
$lang = $settings->_language;
$user->setLanguage($lang);
}
}
} else {
// Create new session in database
if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) {
if ($sesstheme) {
$user->setTheme($sesstheme);
}
else {
$sesstheme = $user->getTheme();
/* Override the theme if the user doesn't have one or the default theme
* shall override it.
*/
if (strlen($sesstheme)==0 || !empty($settings->_overrideTheme)) {
$sesstheme = $settings->_theme;
// $user->setTheme($sesstheme);
}
}
// Delete all sessions that are more than 1 week or the configured
// cookie lifetime old. Probably not the most
// reliable place to put this check -- move to inc.Authentication.php?
if($settings->_cookieLifetime)
$lifetime = intval($settings->_cookieLifetime);
else
$lifetime = 7*86400;
if(!$session->deleteByTime($lifetime)) {
$this->setErrorMsg("error_occured");
return false;
}
// Set the session cookie.
if($settings->_cookieLifetime)
$lifetime = time() + intval($settings->_cookieLifetime);
else
$lifetime = 0;
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, false, true);
if (isset($_COOKIE["mydms_session"])) {
/* This part will never be reached unless the session cookie is kept,
* but op.Logout.php deletes it. Keeping a session could be a good idea
* for retaining the clipboard data, but the user id in the session should
* be set to 0 which is not possible due to foreign key constraints.
* So for now op.Logout.php will delete the cookie as always
*/
/* Load session */
$dms_session = $_COOKIE["mydms_session"];
if(!$resArr = $session->load($dms_session)) {
/* Turn off http only cookies if jumploader is enabled */
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, false, true); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$referuri);
exit;
} else {
$session->updateAccess($dms_session);
$session->setUser($userid);
}
} else {
// Create new session in database
if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) {
$this->setErrorMsg("error_occured");
return false;
}
// Set the session cookie.
if($settings->_cookieLifetime)
$lifetime = time() + intval($settings->_cookieLifetime);
else
$lifetime = 0;
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, false, true);
}
}
if($this->callHook('postLogin', $user)) {