From 882347cba815e99ba8e7ad28d077420aa986e7c5 Mon Sep 17 00:00:00 2001 From: Mischa POSLAWSKY Date: Thu, 1 Nov 2018 17:30:01 +0100 Subject: [PATCH] auth: store global user metadata in User object Common access for user data everywhere. --- auth.inc.php | 26 ++++++++++++++------------ contact.php | 4 ++-- edit/foto/cover/index.php | 2 +- edit/nieuws/tag/index.php | 2 +- edit/page/index.php | 6 +++--- foto/album.inc.php | 2 +- foto/index.php | 2 +- login/admin/index.php | 2 +- login/edit.php | 23 ++++++++++------------- login/index.php | 2 +- login/list.php | 2 +- login/name.php | 3 +-- login/pass.inc.php | 12 ++++++------ login/pass/index.php | 13 +++++-------- nieuws/index.php | 6 +++--- nieuws/replies.php | 4 ++-- page.inc.php | 8 ++++---- page.php | 5 +++-- 18 files changed, 60 insertions(+), 64 deletions(-) diff --git a/auth.inc.php b/auth.inc.php index 65b7f72..ca34e4f 100644 --- a/auth.inc.php +++ b/auth.inc.php @@ -36,6 +36,14 @@ class User { return @filemtime("{$this->dir}/last.log"); } + + function logclient() + { + if ($log = @fopen("{$this->dir}/last.log", 'w')) { + $line = $_SERVER['REMOTE_ADDR'].' '.$_SERVER['HTTP_USER_AGENT']; + fwrite($log, $line."\n"); + } + } } function login_password_verify($input, $test) @@ -50,7 +58,7 @@ function login_password_verify($input, $test) function login_setcookie() { global $User; - return setcookie('login', $User['auth'], 0, '/'); + return setcookie('login', $User->auth, 0, '/'); } function login($inuser, $inpass = NULL) @@ -78,17 +86,11 @@ function login($inuser, $inpass = NULL) if (function_exists('apache_note')) apache_note('user', $inuser); - if ($log = @fopen("$userdir/last.log", 'w')) { - fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n"); - } - - return [ - 'name' => $inuser, - 'dir' => $userdir, - 'admin' => file_exists("$userdir/.admin"), - 'pass' => $usertest, - 'auth' => "$inuser:$authhash", - ]; + $user = new User($userdir); + $user->logclient(); + $user->pass = $usertest; + $user->auth = "$inuser:$authhash"; + return $user; } if (isset($_COOKIE['login'])) { diff --git a/contact.php b/contact.php index 7ffa409..b505375 100644 --- a/contact.php +++ b/contact.php @@ -2,8 +2,8 @@ $error = NULL; if ($_POST) { global $User; - if (!empty($User)) { - $_REQUEST['login'] = $User['name']; + if ($User) { + $_REQUEST['login'] = $User->login; } $error = mailform($_REQUEST); if (!empty($error)) { diff --git a/edit/foto/cover/index.php b/edit/foto/cover/index.php index feddc8d..b863f02 100644 --- a/edit/foto/cover/index.php +++ b/edit/foto/cover/index.php @@ -1,7 +1,7 @@ admin) { http_response_code(403); print "Beheerrechten verplicht voor instellen van covers\n"; exit; diff --git a/edit/nieuws/tag/index.php b/edit/nieuws/tag/index.php index d4edb71..0152be4 100644 --- a/edit/nieuws/tag/index.php +++ b/edit/nieuws/tag/index.php @@ -1,7 +1,7 @@ admin) abort("geen beheersrechten", '401 unauthorised'); if (!$_POST) diff --git a/edit/page/index.php b/edit/page/index.php index cd22216..1daed85 100644 --- a/edit/page/index.php +++ b/edit/page/index.php @@ -1,7 +1,7 @@ admin) abort("geen beheersrechten", '401 unauthorised'); if ($_FILES) { @@ -74,8 +74,8 @@ if (!file_put_contents($filename, $upload)) if (is_writable('../.git')) { $gitmsg = preg_replace('/\.html$/', '', $filename).": edit from {$_SERVER['REMOTE_ADDR']}"; $gitcmd = 'git'; - $gitcmd .= ' -c user.name='.escapeshellarg($User['name']); - $gitcmd .= ' -c user.email='.escapeshellarg("{$User['name']}@lijtweg.nl"); + $gitcmd .= ' -c user.name='.escapeshellarg($User->name ?: $User->login); + $gitcmd .= ' -c user.email='.escapeshellarg($User->email ?: "{$User->login}@lijtweg.nl"); $gitcmd .= ' commit -q'; $gitcmd .= ' -m '.escapeshellarg($gitmsg); $gitcmd .= ' -- '.escapeshellarg($filename); diff --git a/foto/album.inc.php b/foto/album.inc.php index a0a6c70..6d706ca 100644 --- a/foto/album.inc.php +++ b/foto/album.inc.php @@ -24,7 +24,7 @@ function openphotoswipe(index) { closeElClasses: [], shareButtons: [ admin) { printf("\t\t\t{id:'%s', label:'%s', url:'%s'},\n", 'cover', 'Cover instellen', "/edit/foto/cover$Args?img={{image_url}}" ); diff --git a/foto/index.php b/foto/index.php index ee37df1..f438cb9 100644 --- a/foto/index.php +++ b/foto/index.php @@ -3,7 +3,7 @@ $intro = ob_get_clean(); $rootdir = $Page . $Args; -if (!empty($User['admin'])) { +if ($User and $User->admin) { $access = '🔓 Openbaar'; if (isset($PageAccess)) { $access = "🔒 Bewoners"; diff --git a/login/admin/index.php b/login/admin/index.php index 08fe36e..1677b1b 100644 --- a/login/admin/index.php +++ b/login/admin/index.php @@ -1,5 +1,5 @@ admin) { ob_clean(); http_response_code(403); ?> diff --git a/login/edit.php b/login/edit.php index 88272e0..d6ee4c9 100644 --- a/login/edit.php +++ b/login/edit.php @@ -4,21 +4,18 @@ if (empty($user = &$User)) { return; } -if (!empty($User['admin']) -and !empty($Place['user']) and $Place['user'] !== $User['name']) { +if ($User->admin +and !empty($Place['user']) and $Place['user'] !== $User->login) { $username = strtolower($Place['user']); unset($user); - $user = [ - 'dir' => "profile/$username", - 'name' => $username, - ]; + $user = new User("profile/$username"); } require_once('edit.inc.php'); foreach ($cols as $col => &$colconf) { if (isset($colconf['visible'])) { - if ($colconf['visible'] == 'admin' and empty($User['admin'])) { + if ($colconf['visible'] == 'admin' and !$User->admin) { $colconf['visible'] = FALSE; continue; } @@ -39,7 +36,7 @@ foreach ($cols as $col => &$colconf) { $tags = []; foreach (glob($colconf['filename'] . '/*') as $tag) { $tagname = pathinfo($tag, PATHINFO_BASENAME); - $target = "$tag/{$user['name']}"; + $target = "$tag/{$user->login}"; $val = file_exists($target); $tagopt = &$colconf['values'][$tagname] ?: []; $tagopt['value'] = $val; @@ -54,12 +51,12 @@ foreach ($cols as $col => &$colconf) { } $filetype = @$colconf['type'] == 'file' ? 'jpg' : 'txt'; - $colpath = $user['dir'] . '/' . $colconf['filename']; + $colpath = $user->dir . '/' . $colconf['filename']; if (file_exists($colpath)) { $colconf['value'] = $filetype != 'txt' ? '' : rtrim(file_get_contents($colpath)); } - if (file_exists($user['dir']) and !is_writable($user['dir'])) { + if (file_exists($user->dir) and !is_writable($user->dir)) { continue; # locked parent directory } if (isset($colconf['value']) and !is_writable($colpath)) { @@ -70,8 +67,8 @@ foreach ($cols as $col => &$colconf) { $colwarn = []; if ($_POST) { - if (!file_exists($user['dir']) and !@mkdir($user['dir'])) { - print "

Fout bij het aanmaken van gebruikersprofiel voor {$user['name']}.

\n\n"; + if (!file_exists($user->dir) and !@mkdir($user->dir)) { + print "

Fout bij het aanmaken van gebruikersprofiel voor {$user->login}.

\n\n"; return; } @@ -94,7 +91,7 @@ if ($_POST) { } else { # link option target to current user dir - $optok = @symlink("../../{$user['name']}", $option['target']); + $optok = @symlink("../../{$user->login}", $option['target']); } $option['value'] = $optval; # update form value if (!$optok) { diff --git a/login/index.php b/login/index.php index c7d705d..9ebc4cb 100644 --- a/login/index.php +++ b/login/index.php @@ -61,7 +61,7 @@ if (isset($_REQUEST['goto'])) { exit; } -if (empty($Args) and !empty($User['admin'])) { +if (empty($Args) and $User and $User->admin) { include_once 'login/admin.html'; } diff --git a/login/list.php b/login/list.php index 7872bd6..698b805 100644 --- a/login/list.php +++ b/login/list.php @@ -38,7 +38,7 @@ print ">\n"; foreach ($users as $user) { $name = $user->name ?: $user->login; - if (!empty($GLOBALS['User']['admin'])) { + if ($GLOBALS['User'] and $GLOBALS['User']->admin) { $link = '/login/edit/'.$user->login; $name = sprintf('%s', $link, $name); } diff --git a/login/name.php b/login/name.php index 37557bc..df934a5 100644 --- a/login/name.php +++ b/login/name.php @@ -5,5 +5,4 @@ if (empty($User)) { return; } -$info = new User($User['dir']); -print $info->name; +print $User->name; diff --git a/login/pass.inc.php b/login/pass.inc.php index 986b4c2..5b03c80 100644 --- a/login/pass.inc.php +++ b/login/pass.inc.php @@ -5,17 +5,17 @@ function passform(&$user, $input = []) return "Log eerst (opnieuw?) in."; } - $pwfile = "{$user['dir']}/.passwd"; + $pwfile = "{$user->dir}/.passwd"; if (file_exists($pwfile) and !is_writable($pwfile)) { return "Het wachtwoord kan niet worden aangepast voor deze gebruiker."; } - if (!empty($user['pass'])) { + if (!empty($user->pass)) { if (empty($input['oldpass'])) { return "Als extra beveiliging tegen ongewenste aanpassingen moet het bestaande wachtwoord worden ingevoerd."; } - if (!login_password_verify($input['oldpass'], $user['pass'])) { + if (!login_password_verify($input['oldpass'], $user->pass)) { return "Het bestaande wachtwoord is onjuist ingevoerd; niet aangepast."; } } @@ -28,7 +28,7 @@ function passform(&$user, $input = []) return "Zo'n kort wachtwoord is een slecht idee."; } - if ($input['newpass'] == $user['name']) { + if ($input['newpass'] == $user->login) { return "De loginnaam is wel heel makkelijk raadbaar als wachtwoord."; } @@ -41,10 +41,10 @@ function passform(&$user, $input = []) return "Het nieuwe wachtwoord kon niet worden opgeslagen. Het oude wachtwoord is behouden."; } - @unlink("{$user['dir']}/.token"); # invalidate reset token + @unlink("{$user->dir}/.token"); # invalidate reset token $authhash = md5($passstore); - $user['auth'] = "{$user['name']}:$authhash"; + $user->auth = "{$user->login}:$authhash"; if ($GLOBALS['User'] === $user) { login_setcookie(); } diff --git a/login/pass/index.php b/login/pass/index.php index 626a6e5..735770a 100644 --- a/login/pass/index.php +++ b/login/pass/index.php @@ -4,11 +4,8 @@ if (isset($_GET['token'])) { $userdir = strtolower("profile/$username"); if ($verify = @file_get_contents("$userdir/.token") and $verify == $token) { - $User = [ - 'name' => $username, - 'dir' => $userdir, - 'pass' => NULL, - ]; + $User = new User($userdir); + $User->pass = NULL; } else { http_response_code(403); @@ -27,7 +24,7 @@ if ($_POST) { require_once('login/pass.inc.php'); $error = passform($User, $_POST); if (empty($error)) { - print "

Het wachtwoord is aangepast voor {$User['name']}. Voortaan met het nieuwe wachtwoord inloggen.

\n\n"; + print "

Het wachtwoord is aangepast voor {$User->login}. Voortaan met het nieuwe wachtwoord inloggen.

\n\n"; return; } http_response_code(400); @@ -37,11 +34,11 @@ if ($_POST) { ?>

-Hier kun je een nieuwe inlogcode instellen voor . +Hier kun je een nieuwe inlogcode instellen voor login) ?>. Dit zal de huidige code vervangen.

- +pass)) { ?> diff --git a/nieuws/index.php b/nieuws/index.php index 21ee366..cc2a8bf 100644 --- a/nieuws/index.php +++ b/nieuws/index.php @@ -4,12 +4,12 @@ include 'nieuws.inc.php'; $replyform = $Page == 'melding' && !empty($User); @list ($year, $page) = explode('/', trim($Args, '/')); -if (!empty($User['admin'])) { +if ($User and $User->admin) { print ''."\n"; } if ($page and !is_numeric($page)) { - $edit = !empty($User['admin']) ? htmlspecialchars(@$_GET['edit']) : NULL; + $edit = $User && $User->admin ? htmlspecialchars(@$_GET['edit']) : NULL; $article = new ArchiveArticle("$Page$Args.html"); $Place['title'] = $edit ?: $article->title; if ($article->file) { @@ -20,7 +20,7 @@ if ($page and !is_numeric($page)) { if ($article->file and $article->image) { $Place['image'] = "/".$article->thumb('600x'); } - if (!empty($User['admin'])) { + if ($User and $User->admin) { $taglist = []; foreach (glob("$Page/.tags/*") as $tagpath) { $tagname = pathinfo($tagpath, PATHINFO_BASENAME); diff --git a/nieuws/replies.php b/nieuws/replies.php index 61ccc25..f762c23 100644 --- a/nieuws/replies.php +++ b/nieuws/replies.php @@ -7,7 +7,7 @@ $pagelink = $Page.$Args; if ($_POST) { try { @mkdir($pagelink); - $target = $pagelink.'/'.date('YmdHis').':'.$User['name'].'.html'; + $target = $pagelink.'/'.date('YmdHis').':'.$User->login.'.html'; $html = nl2br(htmlspecialchars($_POST['reply'])); $html = "

$html

\n"; $written = file_put_contents($target, $html); @@ -40,7 +40,7 @@ print '
  • '; print ''; printf(''."\n", 'reply', - "Bericht van {$User['name']}", + "Bericht van {$User->login}", '' ); print ''."\n"; diff --git a/page.inc.php b/page.inc.php index b6723e9..8298c6d 100644 --- a/page.inc.php +++ b/page.inc.php @@ -7,10 +7,10 @@ print "
    \n"; ob_start(); include 'menu.html'; ob_start(); -if (!empty($User)) { +if ($User) { print '