private function tryCookie()
{
S::kill('auth_by_cookie');
- if (Cookie::v('ORGaccess') == '' || !Cookie::has('ORGuid')) {
+ if (Cookie::v('access') == '' || !Cookie::has('uid')) {
return -1;
}
$res = XDB::query('SELECT user_id, password
FROM auth_user_md5
WHERE user_id = {?} AND perms IN(\'admin\', \'user\')',
- Cookie::i('ORGuid'));
+ Cookie::i('uid'));
if ($res->numRows() != 0) {
list($uid, $password) = $res->fetchOneRow();
require_once 'secure_hash.inc.php';
$expected_value = hash_encrypt($password);
- if ($expected_value == Cookie::v('ORGaccess')) {
+ if ($expected_value == Cookie::v('access')) {
S::set('auth_by_cookie', $uid);
return 0;
} else {
}
}
if ($response != $expected_response) {
+ if (!S::logged()) {
+ Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
+ } else {
+ Platal::page()->trigError('Mot de passe invalide');
+ }
S::logger($uid)->log('auth_fail', 'bad password');
return null;
}
return $uid;
}
+ Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
return null;
}
if (!S::has('suid')) {
if (Post::has('domain')) {
if (($domain = Post::v('domain', 'login')) == 'alias') {
- setcookie('ORGdomain', "alias", (time() + 25920000), '/', '', 0);
+ Cookie::set('domain', 'alias', 300);
} else {
- setcookie('ORGdomain', '', (time() - 3600), '/', '', 0);
+ Cookie::kill('domain');
}
- // pour que la modification soit effective dans le reste de la page
- $_COOKIE['ORGdomain'] = $domain;
}
}
S::kill('challenge');
}
if ($level == AUTH_SUID) {
S::set('auth', AUTH_MDP);
- unset($_SESSION['log']);
}
// Retrieves main user properties.
} else {
$logger = S::logger($uid);
$logger->saveLastSession();
- setcookie('ORGuid', $uid, (time() + 25920000), '/', '', 0);
+ Cookie::set('uid', $uid, 300);
if (S::i('auth_by_cookie') == $uid || Post::v('remember', 'false') == 'true') {
- $cookie = hash_encrypt($sess['password']);
- setcookie('ORGaccess', $cookie, (time() + 25920000), '/', '', 0);
- if (S::i('auth_by_cookie') != $uid) {
- $logger->log("cookie_on");
- }
+ $this->setAccessCookie(false, S::i('auth_by_cookie') != $uid);
} else {
- setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
- $logger->log("cookie_off");
+ $this->killAccessCookie();
}
}
return null;
}
- public function makePerms($perm)
+ protected function makePerms($perm, $is_admin)
{
$flags = new PlFlagSet();
if ($perm == 'disabled' || $perm == 'ext') {
$n = select_notifs(false, S::i('uid'), S::v('watch_last'), false);
S::set('notifs', $n->numRows());
}
+
+ public function setAccessCookie($replace = false, $log = true) {
+ if (S::has('suid') || ($replace && !Cookie::blank('access'))) {
+ return;
+ }
+ require_once('secure_hash.inc.php');
+ Cookie::set('access', hash_encrypt(S::v('password')), 300, true);
+ if ($log) {
+ S::logger()->log('cookie_on');
+ }
+ }
+
+ public function killAccessCookie($log = true) {
+ Cookie::kill('access');
+ if ($log) {
+ S::logger()->log('cookie_off');
+ }
+ }
+
+ public function killLoginFormCookies() {
+ Cookie::kill('uid');
+ Cookie::kill('domain');
+ }
}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
projects / platal.git / blobdiff