diff options
| author | vincent-peugnet <v.peugnet@free.fr> | 2020-04-08 20:50:50 +0200 |
|---|---|---|
| committer | vincent-peugnet <v.peugnet@free.fr> | 2020-04-08 20:50:50 +0200 |
| commit | c35d018995da99028747fe672e4d07484855dba2 (patch) | |
| tree | ed509e89b2d5f5c63d0af7580360e6eacea0fb7b /app | |
| parent | c3e62c500b38104acaecc987621cfc03058729c0 (diff) | |
| download | wcms-c35d018995da99028747fe672e4d07484855dba2.tar.gz wcms-c35d018995da99028747fe672e4d07484855dba2.zip | |
simple cookies storage
using flywheel autogerated ID
Diffstat (limited to 'app')
| -rw-r--r-- | app/class/Controller.php | 2 | ||||
| -rw-r--r-- | app/class/Controllerconnect.php | 65 | ||||
| -rw-r--r-- | app/class/Modelauthtoken.php | 53 | ||||
| -rw-r--r-- | app/class/Modeluser.php | 36 | ||||
| -rw-r--r-- | app/view/templates/backtopbar.php | 3 | ||||
| -rw-r--r-- | app/view/templates/connect.php | 3 |
6 files changed, 140 insertions, 22 deletions
diff --git a/app/class/Controller.php b/app/class/Controller.php index c3787b2..7398a7d 100644 --- a/app/class/Controller.php +++ b/app/class/Controller.php @@ -34,7 +34,7 @@ class Controller public function setuser() { - $this->usermanager = new Modeluser; + $this->usermanager = new Modeluser; $this->user = $this->usermanager->readsession(); } diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php index 592c0ee..816d69b 100644 --- a/app/class/Controllerconnect.php +++ b/app/class/Controllerconnect.php @@ -21,7 +21,7 @@ class Controllerconnect extends Controller public function connect() { - if(isset($_SESSION['pageupdate'])) { + if (isset($_SESSION['pageupdate'])) { $pageupdate['route'] = 'pageedit'; $pageupdate['id'] = $_SESSION['pageupdate']['id']; } else { @@ -38,14 +38,22 @@ class Controllerconnect extends Controller { if (isset($_POST['pass'])) { $this->user = $this->usermanager->passwordcheck($_POST['pass']); - if($this->user != false) { - if($this->user->expiredate() === false || $this->user->level() === 10 || $this->user->expiredate('date') > $this->now) { + if ($this->user != false) { + if ($this->user->expiredate() === false || $this->user->level() === 10 || $this->user->expiredate('date') > $this->now) { $this->user->connectcounter(); $this->usermanager->add($this->user); $this->usermanager->writesession($this->user); $_SESSION['workspace']['showleftpanel'] = true; $_SESSION['workspace']['showrightpanel'] = false; - } + + if ($_POST['rememberme'] && $this->user->cookie() > 0) { + $token = $this->createauthtoken(); + if ($token) { + $_SESSION['user' . Config::basepath()]['authtoken'] = $token; + } + } + + } } } if ($id !== null) { @@ -59,6 +67,9 @@ class Controllerconnect extends Controller { $this->user = $this->usermanager->logout(); $this->usermanager->writesession($this->user); + if(!empty($_SESSION['user' . Config::basepath()]['authtoken'])) { + $this->destroyauthtoken($_SESSION['user' . Config::basepath()]['authtoken']); + } if ($id !== null && $route !== 'home') { $this->routedirect($route, ['page' => $id]); } else { @@ -66,13 +77,47 @@ class Controllerconnect extends Controller } } + /** + * Create a token stored in the database and then a cookie + * + * @return string|bool Token in cas of success, otherwise, false. + */ + public function createauthtoken() + { + $authtoken = new Modelauthtoken(); + $tokenid = $authtoken->add($this->user); + if ($tokenid !== false) { + $cookiecreation = $this->creatauthcookie($tokenid, $this->user->cookie()); + if ($cookiecreation) { + return $tokenid; + } + } else { + return false; + } + } -} - - - - + /** + * Create a cookie called `authtoken` + * + * @param string $id Token string + * @param int $conservation Time in day to keep the token + * + * @return bool True in cas of success, otherwise, false. + */ + public function creatauthcookie(string $id, int $conservation): bool + { + return setcookie('authtoken', $id, time() + $conservation * 24 * 3600, null, null, false, true); + } + /** + * Destroy the current token + */ + public function destroyauthtoken(string $id) + { + $authtoken = new Modelauthtoken(); + $dbdelete = $authtoken->delete($id); -?>
\ No newline at end of file + //deleteauthcookie + } +} diff --git a/app/class/Modelauthtoken.php b/app/class/Modelauthtoken.php new file mode 100644 index 0000000..0a55e64 --- /dev/null +++ b/app/class/Modelauthtoken.php @@ -0,0 +1,53 @@ +<?php + +namespace Wcms; + +use JamesMoss\Flywheel\Document; + +class Modelauthtoken extends Modeldb +{ + + const AUTHTOKEN_REPO_NAME = 'authtoken'; + + + public function __construct() + { + parent::__construct(); + $this->storeinit(self::AUTHTOKEN_REPO_NAME); + } + + /** + * Add a Token in the database according to the Users datas + * + * @param User $user + */ + public function add(User $user) + { + $datas = [ + 'user' => $user->id(), + 'ip' => $_SERVER['SERVER_ADDR'], + 'creationdate' => '1' + ]; + $tokendata = new Document($datas); + return $this->repo->store($tokendata); + + } + + public function getbytoken(string $token) + { + return $this->repo->findById($token); + } + + public function delete(string $token) + { + return $this->repo->delete($token); + } + +} + + + + + + +?>
\ No newline at end of file diff --git a/app/class/Modeluser.php b/app/class/Modeluser.php index 071320e..3f51920 100644 --- a/app/class/Modeluser.php +++ b/app/class/Modeluser.php @@ -21,16 +21,16 @@ class Modeluser extends Modeldb $this->storeinit(self::USER_REPO_NAME); } + /** + * Write session cookie according to users datas and define the current authtoken being used + * + * @param User $user Current user to keep in session + */ public function writesession(User $user) { - $_SESSION['user' . Config::basepath()] = ['level' => $user->level(), 'id' => $user->id(), 'columns' =>$user->columns()]; - } - - public function writecookie(User $user) - { - $cookiehash = - $cookie = ['level' => $user->level(), 'id' => $user->id()]; - setcookie('user ' . Config::basepath(), $cookie, time() + $user->cookie()*24*3600, null, null, false, true); + $_SESSION['user' . Config::basepath()]['level'] = $user->level(); + $_SESSION['user' . Config::basepath()]['id'] = $user->id(); + $_SESSION['user' . Config::basepath()]['columns'] = $user->columns(); } public function readsession() @@ -41,9 +41,23 @@ class Modeluser extends Modeldb $user = new User($userdatas); $user = $this->get($user); return $user; - } else { - return new User(['id' => '', 'level' => 0]); } + + if(isset($_COOKIE['authtoken'])) { + $authtokenmanager = new Modelauthtoken(); + $token = $authtokenmanager->getbytoken($_COOKIE['authtoken']); + if ($token !== false) { + $user = $this->get($token->user); + if ($user !== false) { + $this->writesession($user, $_COOKIE['authtoken']); + } + return $user; + + } + } + + return new User(['id' => '', 'level' => 0]); + } @@ -159,7 +173,7 @@ class Modeluser extends Modeldb /** - * @param string|User $id + * @param string|User $id Can be an User object or a string ID * * @return User|false User object or false in case of error */ diff --git a/app/view/templates/backtopbar.php b/app/view/templates/backtopbar.php index c1dd361..0710c85 100644 --- a/app/view/templates/backtopbar.php +++ b/app/view/templates/backtopbar.php @@ -63,6 +63,9 @@ if($user->isadmin()) { <form action="<?= $this->url('log') ?>" method="post" id="connect"> <input type="password" name="pass" id="loginpass" placeholder="password" autofocus> <input type="hidden" name="route" value="home"> +<input type="hidden" name="rememberme" value="0"> +<input type="checkbox" name="rememberme" id="rememberme" value="1"> +<label for="rememberme">Remember me</label> <input type="submit" name="log" value="login"> </form> diff --git a/app/view/templates/connect.php b/app/view/templates/connect.php index e21b360..6fd5b14 100644 --- a/app/view/templates/connect.php +++ b/app/view/templates/connect.php @@ -19,6 +19,9 @@ if(in_array($route, ['pageedit', 'pageread', 'pageread/', 'pageadd'])) { } ?> <input type="password" name="pass" id="loginpass" placeholder="password" autofocus> +<input type="hidden" name="rememberme" value="0"> +<input type="checkbox" name="rememberme" id="rememberme" value="1"> +<label for="rememberme">Remember me</label> <input name="log" type="submit" value="login"> </form> |