202 lines
4.6 KiB
PHP
202 lines
4.6 KiB
PHP
<?php
|
|
/* μlogger
|
|
*
|
|
* Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
|
|
*
|
|
* This is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
if (!defined('ROOT_DIR')) { define('ROOT_DIR', dirname(__DIR__)); }
|
|
require_once(ROOT_DIR . "/helpers/user.php");
|
|
require_once(ROOT_DIR . "/helpers/utils.php");
|
|
if (!defined('BASE_URL')) { define('BASE_URL', uUtils::getBaseUrl()); }
|
|
|
|
/**
|
|
* Authentication
|
|
*/
|
|
class uAuth {
|
|
|
|
/** @var bool Is user authenticated */
|
|
private $isAuthenticated = false;
|
|
/** @var null|uUser */
|
|
public $user;
|
|
|
|
public function __construct() {
|
|
$this->sessionStart();
|
|
|
|
$user = uUser::getFromSession();
|
|
if ($user->isValid) {
|
|
$this->setAuthenticated($user);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Update user instance stored in session
|
|
*/
|
|
public function updateSession() {
|
|
if ($this->isAuthenticated()) {
|
|
$this->user->storeInSession();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Is user authenticated
|
|
*
|
|
* @return boolean True if authenticated, false otherwise
|
|
*/
|
|
public function isAuthenticated() {
|
|
return $this->isAuthenticated;
|
|
}
|
|
|
|
/**
|
|
* Is authenticated user admin
|
|
*
|
|
* @return boolean True if admin, false otherwise
|
|
*/
|
|
public function isAdmin() {
|
|
return ($this->isAuthenticated && $this->user->isAdmin);
|
|
}
|
|
|
|
/**
|
|
* Start php session
|
|
*
|
|
* @return void
|
|
*/
|
|
private function sessionStart() {
|
|
session_name("ulogger");
|
|
session_start();
|
|
}
|
|
|
|
/**
|
|
* Terminate php session
|
|
*
|
|
* @return void
|
|
*/
|
|
private function sessionEnd() {
|
|
$_SESSION = [];
|
|
if (ini_get("session.use_cookies") && isset($_COOKIE[session_name()])) {
|
|
$params = session_get_cookie_params();
|
|
setcookie(session_name(), '', time() - 42000,
|
|
$params["path"], $params["domain"],
|
|
$params["secure"], $params["httponly"]
|
|
);
|
|
}
|
|
session_destroy();
|
|
}
|
|
|
|
/**
|
|
* Clean session variables
|
|
*
|
|
* @return void
|
|
*/
|
|
private function sessionCleanup() {
|
|
$_SESSION = [];
|
|
}
|
|
|
|
/**
|
|
* Mark as authenticated, set user
|
|
*
|
|
* @param uUser $user
|
|
* @return void
|
|
*/
|
|
private function setAuthenticated($user) {
|
|
$this->isAuthenticated = true;
|
|
$this->user = $user;
|
|
}
|
|
|
|
/**
|
|
* Check valid pass for given login
|
|
*
|
|
* @param string $login
|
|
* @param string $pass
|
|
* @return boolean True if valid
|
|
*/
|
|
public function checkLogin($login, $pass) {
|
|
if (!empty($login) && !empty($pass)) {
|
|
$user = new uUser($login);
|
|
if ($user->isValid && $user->validPassword($pass)) {
|
|
$this->setAuthenticated($user);
|
|
$this->sessionCleanup();
|
|
$user->storeInSession();
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Log out with redirect
|
|
*
|
|
* @param string $path URL path (without leading slash)
|
|
* @return void
|
|
*/
|
|
public function logOutWithRedirect($path = "") {
|
|
$this->sessionEnd();
|
|
$this->exitWithRedirect($path);
|
|
}
|
|
|
|
/**
|
|
* Send 401 headers
|
|
*
|
|
* @return void
|
|
*/
|
|
public function sendUnauthorizedHeader() {
|
|
header('WWW-Authenticate: OAuth realm="users@ulogger"');
|
|
header('HTTP/1.1 401 Unauthorized', true, 401);
|
|
}
|
|
|
|
/**
|
|
* Send 401 headers and exit
|
|
*
|
|
* @return void
|
|
*/
|
|
public function exitWithUnauthorized() {
|
|
$this->sendUnauthorizedHeader();
|
|
exit();
|
|
}
|
|
|
|
/**
|
|
* Redirect browser and exit
|
|
*
|
|
* @param string $path Redirect URL path (without leading slash)
|
|
* @return void
|
|
*/
|
|
public function exitWithRedirect($path = "") {
|
|
$location = BASE_URL . $path;
|
|
header("Location: $location");
|
|
exit();
|
|
}
|
|
|
|
/**
|
|
* Check session user has RW access to resource owned by given user
|
|
*
|
|
* @param int $ownerId
|
|
* @return bool True if has access
|
|
*/
|
|
public function hasReadWriteAccess($ownerId) {
|
|
return $this->isAuthenticated() && ($this->isAdmin() || $this->user->id === $ownerId);
|
|
}
|
|
|
|
/**
|
|
* Check session user has RO access to resource owned by given user
|
|
*
|
|
* @param int $ownerId
|
|
* @return bool True if has access
|
|
*/
|
|
public function hasReadAccess($ownerId) {
|
|
return $this->hasReadWriteAccess($ownerId) || uConfig::getInstance()->publicTracks;
|
|
}
|
|
|
|
}
|