aboutsummaryrefslogtreecommitdiff
path: root/app/class/Modeluser.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/class/Modeluser.php')
-rw-r--r--app/class/Modeluser.php42
1 files changed, 30 insertions, 12 deletions
diff --git a/app/class/Modeluser.php b/app/class/Modeluser.php
index 071320e..9ee04ba 100644
--- a/app/class/Modeluser.php
+++ b/app/class/Modeluser.php
@@ -21,16 +21,16 @@ class Modeluser extends Modeldb
$this->storeinit(self::USER_REPO_NAME);
}
+ /**
+ * Write session cookie according to users datas and define the current authtoken being used
+ *
+ * @param User $user Current user to keep in session
+ */
public function writesession(User $user)
{
- $_SESSION['user' . Config::basepath()] = ['level' => $user->level(), 'id' => $user->id(), 'columns' =>$user->columns()];
- }
-
- public function writecookie(User $user)
- {
- $cookiehash =
- $cookie = ['level' => $user->level(), 'id' => $user->id()];
- setcookie('user ' . Config::basepath(), $cookie, time() + $user->cookie()*24*3600, null, null, false, true);
+ $_SESSION['user' . Config::basepath()]['level'] = $user->level();
+ $_SESSION['user' . Config::basepath()]['id'] = $user->id();
+ $_SESSION['user' . Config::basepath()]['columns'] = $user->columns();
}
public function readsession()
@@ -41,9 +41,27 @@ class Modeluser extends Modeldb
$user = new User($userdatas);
$user = $this->get($user);
return $user;
- } else {
- return new User(['id' => '', 'level' => 0]);
}
+
+ if(isset($_COOKIE['authtoken']) && strpos($_COOKIE['authtoken'], ':')) {
+ list($cookietoken, $cookiemac) = explode(':', $_COOKIE['authtoken']);
+ $authtokenmanager = new Modelauthtoken();
+ $dbtoken = $authtokenmanager->getbytoken($cookietoken);
+
+ if ($dbtoken !== false) {
+ if(hash_equals($cookiemac, secrethash($dbtoken->getId()))) {
+ $user = $this->get($dbtoken->user);
+ if ($user !== false) {
+ $this->writesession($user, $_COOKIE['authtoken']);
+ }
+ return $user;
+ }
+
+ }
+ }
+
+ return new User(['id' => '', 'level' => 0]);
+
}
@@ -56,7 +74,7 @@ class Modeluser extends Modeldb
/**
- * @return array list of User objects
+ * @return User[] associative array of User objects `id => User`
*/
public function getlister()
{
@@ -159,7 +177,7 @@ class Modeluser extends Modeldb
/**
- * @param string|User $id
+ * @param string|User $id Can be an User object or a string ID
*
* @return User|false User object or false in case of error
*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-23 06:19:37 +0000