Fix "remember me" cookie for OpenID logins
Closes #2432 NOTE: in order to obtain the same "cookie hash" it was required to include unneeded fields in the user record structure, this would be good to change in the future...
This commit is contained in:
parent
3f6fd8ee69
commit
df6304cc42
|
@ -125,6 +125,7 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params'
|
|||
$openid = new LightOpenID;
|
||||
$openid->identity = $openid_url;
|
||||
$_SESSION['openid'] = $openid_url;
|
||||
$_SESSION['remember'] = $_POST['remember'];
|
||||
$openid->returnUrl = App::get_baseurl(true).'/openid';
|
||||
goaway($openid->authUrl());
|
||||
} catch (Exception $e) {
|
||||
|
@ -178,17 +179,8 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params'
|
|||
goaway(z_root());
|
||||
}
|
||||
|
||||
// If the user specified to remember the authentication, then set a cookie
|
||||
// that expires after one week (the default is when the browser is closed).
|
||||
// The cookie will be renewed automatically.
|
||||
// The week ensures that sessions will expire after some inactivity.
|
||||
if ($_POST['remember'])
|
||||
new_cookie(604800, $r[0]);
|
||||
else
|
||||
new_cookie(0); // 0 means delete on browser exit
|
||||
|
||||
// if we haven't failed up this point, log them in.
|
||||
|
||||
$_SESSION['remember'] = $_POST['remember'];
|
||||
$_SESSION['last_login_date'] = datetime_convert('UTC','UTC');
|
||||
authenticate_success($record, true, true);
|
||||
}
|
||||
|
@ -203,39 +195,3 @@ function nuke_session() {
|
|||
session_unset();
|
||||
session_destroy();
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Calculate the hash that is needed for the "Friendica" cookie
|
||||
*
|
||||
* @param array $user Record from "user" table
|
||||
*
|
||||
* @return string Hashed data
|
||||
*/
|
||||
function cookie_hash($user) {
|
||||
return(hash("sha256", get_config("system", "site_prvkey").
|
||||
$user["uprvkey"].
|
||||
$user["password"]));
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Set the "Friendica" cookie
|
||||
*
|
||||
* @param int $time
|
||||
* @param array $user Record from "user" table
|
||||
*/
|
||||
function new_cookie($time, $user = array()) {
|
||||
|
||||
if ($time != 0)
|
||||
$time = $time + time();
|
||||
|
||||
if ($user)
|
||||
$value = json_encode(array("uid" => $user["uid"],
|
||||
"hash" => cookie_hash($user),
|
||||
"ip" => $_SERVER['REMOTE_ADDR']));
|
||||
else
|
||||
$value = "";
|
||||
|
||||
setcookie("Friendica", $value, $time, "/", "",
|
||||
(get_config('system', 'ssl_policy') == SSL_POLICY_FULL), true);
|
||||
|
||||
}
|
||||
|
|
|
@ -1,5 +1,41 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @brief Calculate the hash that is needed for the "Friendica" cookie
|
||||
*
|
||||
* @param array $user Record from "user" table
|
||||
*
|
||||
* @return string Hashed data
|
||||
*/
|
||||
function cookie_hash($user) {
|
||||
return(hash("sha256", get_config("system", "site_prvkey").
|
||||
$user["uprvkey"].
|
||||
$user["password"]));
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Set the "Friendica" cookie
|
||||
*
|
||||
* @param int $time
|
||||
* @param array $user Record from "user" table
|
||||
*/
|
||||
function new_cookie($time, $user = array()) {
|
||||
|
||||
if ($time != 0)
|
||||
$time = $time + time();
|
||||
|
||||
if ($user)
|
||||
$value = json_encode(array("uid" => $user["uid"],
|
||||
"hash" => cookie_hash($user),
|
||||
"ip" => $_SERVER['REMOTE_ADDR']));
|
||||
else
|
||||
$value = "";
|
||||
|
||||
setcookie("Friendica", $value, $time, "/", "",
|
||||
(get_config('system', 'ssl_policy') == SSL_POLICY_FULL), true);
|
||||
|
||||
}
|
||||
|
||||
function authenticate_success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) {
|
||||
|
||||
$a = get_app();
|
||||
|
@ -94,6 +130,24 @@ function authenticate_success($user_record, $login_initial = false, $interactive
|
|||
|
||||
|
||||
}
|
||||
|
||||
if ($login_initial) {
|
||||
// If the user specified to remember the authentication, then set a cookie
|
||||
// that expires after one week (the default is when the browser is closed).
|
||||
// The cookie will be renewed automatically.
|
||||
// The week ensures that sessions will expire after some inactivity.
|
||||
if ($_SESSION['remember']) {
|
||||
logger('Injecting cookie for remembered user '. $_SESSION['remember_user']['nickname']);
|
||||
new_cookie(604800, $user_record);
|
||||
unset($_SESSION['remember']);
|
||||
}
|
||||
else {
|
||||
new_cookie(0); // 0 means delete on browser exit
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
if ($login_initial) {
|
||||
call_hooks('logged_in', $a->user);
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ function openid_content(App $a) {
|
|||
// mod/settings.php in 8367cad so it might have left mixed
|
||||
// records in the user table
|
||||
//
|
||||
$r = q("SELECT * FROM `user`
|
||||
$r = q("SELECT *, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user`
|
||||
WHERE ( `openid` = '%s' OR `openid` = '%s' )
|
||||
AND `blocked` = 0 AND `account_expired` = 0
|
||||
AND `account_removed` = 0 AND `verified` = 1
|
||||
|
|
Loading…
Reference in New Issue
Block a user