From c8ac83dfbbe832c8cda8ec2c3da937ab7737cdfd Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 26 Feb 2007 21:38:54 +0000 Subject: [PATCH] r1422: Authentication API: - Allowing Authentication::_setCookies() to have a $sticky flag to make the cookies permanent - Implementing the login methods in AuthenticationDefault and setting them up in login.php --- includes/auth/auth.php | 16 +++++++++------- includes/auth/auth_default.php | 20 ++++++++++++++++---- login.php | 20 +++----------------- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/includes/auth/auth.php b/includes/auth/auth.php index b652e38..d6c4476 100644 --- a/includes/auth/auth.php +++ b/includes/auth/auth.php @@ -151,7 +151,7 @@ class Authentication if ($this->_verifyCookieData()) { - $this->_setCookies(); + $this->_setCookies(true); $this->bugdarUser = $this->_fetchBugdarUserFromAuthUser(); return true; } @@ -183,9 +183,10 @@ class Authentication * Authenticates a user at login from two keys: an identifier and * a password. In Bugdar, the identifier is an email, but it can be * any unique string found in the authentication database. Returns - * TRUE if the authentication is successful, and FALSE if not. + * TRUE if the authentication is successful, and FALSE if not. Also + * determines if the cookies are sticky ("rememember me" login) */ - function authenticateLogin($string, $password) + function authenticateLogin($string, $password, $sticky = false) { $this->authUser = $this->_fetchUserWithIdentifier($string); @@ -197,7 +198,7 @@ class Authentication if ($this->_verifyLoginUser($password)) { - $this->_setCookies(); + $this->_setCookies($sticky); $this->bugdarUser = $this->_fetchBugdarUserFromAuthUser(); return true; } @@ -247,9 +248,10 @@ class Authentication // ################################################################### /** * Sets the authentication cookies; this is done both at login and - * for renewing the cookies upon successful cookie validation + * for renewing the cookies upon successful cookie validation. The + * option it takes determines whether the cookies are sticky or not. */ - function _setCookies() {} + function _setCookies($permanent = false) {} } /*=====================================================================*\ @@ -258,4 +260,4 @@ class Authentication || # $Id$ || ################################################################### \*=====================================================================*/ -?> \ No newline at end of file +?> diff --git a/includes/auth/auth_default.php b/includes/auth/auth_default.php index bf83ea4..acfcb3d 100644 --- a/includes/auth/auth_default.php +++ b/includes/auth/auth_default.php @@ -65,10 +65,10 @@ class AuthenticationDefault extends Authentication } // ################################################################### - function _setCookies() + function _setCookies($sticky = false) { - $this->registry->funct->cookie(COOKIE_PREFIX . 'userid', $this->authUser['userid']); - $this->registry->funct->cookie(COOKIE_PREFIX . 'authkey', $this->authUser['authkey']); + $this->registry->funct->cookie(COOKIE_PREFIX . 'userid', $this->authUser['userid'], $sticky); + $this->registry->funct->cookie(COOKIE_PREFIX . 'authkey', $this->authUser['authkey'], $sticky); } // ################################################################### @@ -83,6 +83,18 @@ class AuthenticationDefault extends Authentication { return $this->authUser; } + + // ################################################################### + function _fetchUserWithIdentifier($email) + { + return $this->authDb->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $this->authDb->escape_string($email) . "'"); + } + + // ################################################################### + function _verifyLoginUser($password) + { + return ($this->authUser['password'] == md5(md5($password) . md5($this->authUser['salt']))); + } } /*=====================================================================*\ @@ -91,4 +103,4 @@ class AuthenticationDefault extends Authentication || # $Id$ || ################################################################### \*=====================================================================*/ -?> \ No newline at end of file +?> diff --git a/login.php b/login.php index f64e889..119f2c3 100755 --- a/login.php +++ b/login.php @@ -68,15 +68,8 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin') $url = 'index.php'; } - $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->input_escape('email') . "'"); - if (md5(md5($bugsys->in['password']) . md5($userinfo['salt'])) == $userinfo['password']) + if ($auth->authenticateLogin($bugsys->in['email'], $bugsys->in['password'], $keeplogin)) { - if (!$bugsys->userinfo['userid']) - { - $funct->cookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $keeplogin); - $funct->cookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $keeplogin); - } - if ($_POST['do'] == 'cplogin') { $hash = $funct->rand(90); @@ -84,19 +77,12 @@ if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin') $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', $userinfo[userid], " . TIMENOW . ")"); $funct->cookie(COOKIE_PREFIX . 'adminsession', $hash, false); } + $message->redirect(_('Welcome back! You are now logged in.'), $url); } else { - if (!$bugsys->userinfo['userid']) - { - $funct->cookie(COOKIE_PREFIX . 'userid'); - $funct->cookie(COOKIE_PREFIX . 'authkey'); - } - $message->error(_('Invalid email or password.')); } - - $message->redirect(_('Welcome back! You are now logged in.'), $url); } // ################################################################### @@ -238,4 +224,4 @@ if ($_REQUEST['do'] == 'cplogout') || # $Id$ || ################################################################### \*=====================================================================*/ -?> \ No newline at end of file +?> -- 2.22.5