Permalink
Cannot retrieve contributors at this time
Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up
Fetching contributors…

<?php | |
use \Openclerk\I18n; | |
use \Users\User; | |
if (!defined('NO_SESSION')) { | |
// do not start a session if we've already started one | |
if (!session_id()) { | |
session_start(); | |
} | |
/** | |
* Track user referer for new users at signup. This persists across requests. | |
*/ | |
if (!isset($_SESSION['referer']) && isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']) { | |
$_SESSION['referer'] = $_SERVER['HTTP_REFERER']; | |
} | |
} | |
header('X-Frame-Options: SAMEORIGIN'); // prevent clickhacking | |
/** | |
* Get the user with this particular ID. | |
* Does not cache the results of this function. | |
* Does not throw an exception if no user exists. | |
* @see user_id() | |
*/ | |
function get_user($id) { | |
if (!$id) { | |
throw new Exception("No ID specified."); | |
} | |
$q = db()->prepare("SELECT user_properties.*, users.email FROM user_properties | |
JOIN users ON user_properties.id=users.id | |
WHERE users.id=?"); | |
$q->execute(array($id)); | |
return $q->fetch(); | |
} | |
$global_user_logged_in = false; | |
/** | |
* Is the current user a logged in user? | |
* Once called, cached across the length of the script. | |
* | |
* @return true if the current request is also a user, false if not. always returns false if NO_SESSION is defined | |
*/ | |
function user_logged_in() { | |
if (defined('NO_SESSION')) { | |
// a sessionless request can never be logged in | |
return false; | |
} | |
$user = User::getInstance(db()); | |
return !!$user; | |
} | |
/** | |
* Call this function only after we have successfully logged in. | |
* Updates user status etc. | |
*/ | |
function handle_post_login() { | |
global $messages; | |
if (!isset($messages)) { | |
// we might be in auto-login, create a temporary message field anyway | |
$messages = array(); | |
} | |
$user = get_user(user_id()); | |
// display warning if account was disabled | |
if ($user['is_disabled']) { | |
$messages[] = t("Your account was disabled :ago due to inactivity; your account is now re-enabled, and account data will be updated again soon.", | |
array(':ago' => recent_format($user['disabled_at']))); | |
$q = db()->prepare("UPDATE user_properties SET is_disabled=0,logins_after_disabled=logins_after_disabled+1 WHERE id=?"); | |
$q->execute(array($user['id'])); | |
} | |
// keep track of users that logged in after receiving a warning | |
if ($user['is_disable_warned']) { | |
$q = db()->prepare("UPDATE user_properties SET is_disable_warned=0,logins_after_disable_warned=logins_after_disable_warned+1 WHERE id=?"); | |
$q->execute(array($user['id'])); | |
} | |
// update locale | |
if ($user['locale']) { | |
I18n::setLocale($user['locale']); | |
} | |
// update login time | |
$query = db()->prepare("UPDATE user_properties SET last_login=NOW(),is_disabled=0 WHERE id=?"); | |
$query->execute(array($user["id"])); | |
// if we don't have an IP set, update it now | |
if (!$user["user_ip"]) { | |
$q = db()->prepare("UPDATE user_properties SET user_ip=? WHERE id=?"); | |
$q->execute(array(user_ip(), $user['id'])); | |
} | |
} | |
/** | |
* Complete login, setting login keys to session or cookies as necessary. | |
*/ | |
function complete_login($user, $autologin) { | |
global $messages; | |
$user = User::getInstance(db()); | |
$user->persist(db()); | |
handle_post_login(); | |
} | |
function did_autologin() { | |
$user = User::getInstance(db()); | |
if ($user) { | |
return $user->isAutoLoggedIn(); | |
} | |
} | |
/** | |
* Get the current user ID. If nobody is logged in, redirect to the login page. | |
*/ | |
function user_id() { | |
require_login(); | |
$user = User::getInstance(db()); | |
return $user->getId(); | |
} | |
function require_login() { | |
if (defined('NO_SESSION')) { | |
throw new Exception("Cannot force login for a sessionless connection"); | |
} | |
if (!user_logged_in()) { | |
// only supports GET relogins; TODO support POST relogins | |
// TODO only allow destinations that are local (to prevent XSS) | |
if (isset($_SERVER['REQUEST_URI'])) { | |
redirect(url_for('login', array('destination' => $_SERVER['REQUEST_URI']))); | |
} else { | |
redirect(url_for('login')); | |
} | |
} | |
} | |
/** | |
* Log out the current user. | |
* Also disables autologin for this session. | |
*/ | |
function user_logout() { | |
User::logout(db()); | |
} | |
$global_is_admin = null; | |
/** | |
* Is the current user an administrator? | |
* Once called, may cached across the length of the script. | |
* | |
* @return true if admin, false if not. always returns false if NO_SESSION is defined | |
*/ | |
function is_admin() { | |
if (defined('NO_SESSION')) { | |
// a sessionless request can never be admin | |
return false; | |
} | |
if (!user_logged_in()) { | |
return false; | |
} | |
$q = db()->prepare("SELECT * FROM user_properties WHERE id=?"); | |
$q->execute(array(user_id())); | |
$user = $q->fetch(); | |
return $user['is_admin']; | |
} | |
// so we don't have to have 'is_admin' flag in templates (which doesn't guarantee we've checked) | |
$has_required_admin = false; | |
function require_admin() { | |
global $has_required_admin; | |
$has_required_admin = true; | |
require_login(); | |
if (!is_admin()) { | |
// only supports GET relogins; TODO support POST relogins | |
redirect(url_for('login', array('need_admin' => 1, 'destination' => $_SERVER['REQUEST_URI']))); | |
} | |
} | |
function has_required_admin() { | |
global $has_required_admin; | |
return $has_required_admin; | |
} | |
class SecurityException extends Exception { } | |
function require_user($user) { | |
global $errors; | |
if (!$user) { | |
if (!$errors) { | |
$errors = array(); | |
} | |
$errors[] = t("Could not find your profile on the system. You will need to login or signup again."); | |
set_temporary_errors($errors); | |
redirect(url_for('login')); | |
} | |
} | |
// set up heavy request checks | |
\Openclerk\Events::on('openid_validate', function($lightopenid) { | |
check_heavy_request(); | |
}); | |
\Openclerk\Events::on('oauth2_auth', function($oauth2) { | |
check_heavy_request(); | |
}); |