szurubooru/src/Controllers/AuthController.php

<?php
class AuthController
{
	private static function redirectAfterLog()
	{
		if (isset($_SESSION['login-redirect-url']))
		{
			\Chibi\Util\Url::forward(\Chibi\Util\Url::makeAbsolute($_SESSION['login-redirect-url']));
			unset($_SESSION['login-redirect-url']);
			return;
		}
		\Chibi\Util\Url::forward(\Chibi\Router::linkTo(['IndexController', 'indexAction']));
	}

	public static function tryLogin($name, $password)
	{
		$config = getConfig();
		$context = getContext();

		$dbUser = UserModel::findByNameOrEmail($name, false);
		if ($dbUser === null)
			throw new SimpleException('Invalid username');

		$passwordHash = UserModel::hashPassword($password, $dbUser->passSalt);
		if ($passwordHash != $dbUser->passHash)
			throw new SimpleException('Invalid password');

		if (!$dbUser->staffConfirmed and $config->registration->staffActivation)
			throw new SimpleException('Staff hasn\'t confirmed your registration yet');

		if ($dbUser->banned)
			throw new SimpleException('You are banned');

		if ($config->registration->needEmailForRegistering)
			Access::requireEmail($dbUser);

		$context->user = $dbUser;
		self::doReLog();
		return $dbUser;
	}

	public static function tryAutoLogin()
	{
		if (!isset($_COOKIE['auth']))
			return;

		$token = TextHelper::decrypt($_COOKIE['auth']);
		list ($name, $password) = array_map('base64_decode', explode('|', $token));
		return self::tryLogin($name, $password);
	}

	public function loginAction()
	{
		$context = getContext();
		$context->handleExceptions = true;

		//check if already logged in
		if ($context->loggedIn)
		{
			self::redirectAfterLog();
			return;
		}

		if (InputHelper::get('submit'))
		{
			$suppliedName = InputHelper::get('name');
			$suppliedPassword = InputHelper::get('password');
			$dbUser = self::tryLogin($suppliedName, $suppliedPassword);

			if (InputHelper::get('remember'))
			{
				$token = implode('|', [base64_encode($suppliedName), base64_encode($suppliedPassword)]);
				setcookie('auth', TextHelper::encrypt($token), time() + 365 * 24 * 3600, '/');
			}
			StatusHelper::success();
			self::redirectAfterLog();
		}
	}

	public function logoutAction()
	{
		$context = getContext();
		$context->viewName = null;
		$context->layoutName = null;
		self::doLogOut();
		setcookie('auth', false, 0, '/');
		\Chibi\Util\Url::forward(\Chibi\Router::linkTo(['IndexController', 'indexAction']));
	}

	public static function doLogOut()
	{
		unset($_SESSION['user']);
	}

	public static function doLogIn()
	{
		$context = getContext();
		if (!isset($_SESSION['user']))
		{
			if (!empty($context->user) and $context->user->id)
			{
				$dbUser = UserModel::findById($context->user->id);
				$dbUser->lastLoginDate = time();
				UserModel::save($dbUser);
				$_SESSION['user'] = serialize($dbUser);
			}
			else
			{
				$dummy = UserModel::spawn();
				$dummy->name = UserModel::getAnonymousName();
				$dummy->accessRank = AccessRank::Anonymous;
				$_SESSION['user'] = serialize($dummy);
			}
		}

		$context->user = unserialize($_SESSION['user']);
		$context->loggedIn = $context->user->accessRank != AccessRank::Anonymous;
		if (!$context->loggedIn)
		{
			try
			{
				self::tryAutoLogin();
			}
			catch (Exception $e)
			{
			}
		}
	}

	public static function doReLog()
	{
		$context = getContext();
		if ($context->user !== null)
			self::doLogOut();
		self::doLogIn();
	}

	public static function observeWorkFinish()
	{
		if (strpos(\Chibi\Util\Headers::get('Content-Type'), 'text/html') === false)
			return;
		if (\Chibi\Util\Headers::getCode() != 200)
			return;
		$context = getContext();
		if ($context->simpleControllerName == 'auth')
			return;
		$_SESSION['login-redirect-url'] = $context->query;
	}
}
Registration sketch 2013-10-05 12:55:03 +02:00			`<?php`
Moved AbstractController to Bootstrap 2013-10-05 21:24:20 +02:00			`class AuthController`
Registration sketch 2013-10-05 12:55:03 +02:00			`{`
Logging in remembers original URL 2013-10-30 23:24:27 +01:00			`private static function redirectAfterLog()`
			`{`
			`if (isset($_SESSION['login-redirect-url']))`
			`{`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`\Chibi\Util\Url::forward(\Chibi\Util\Url::makeAbsolute($_SESSION['login-redirect-url']));`
Logging in remembers original URL 2013-10-30 23:24:27 +01:00			`unset($_SESSION['login-redirect-url']);`
			`return;`
			`}`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`\Chibi\Util\Url::forward(\Chibi\Router::linkTo(['IndexController', 'indexAction']));`
Logging in remembers original URL 2013-10-30 23:24:27 +01:00			`}`

Closed #45 2013-10-22 11:40:10 +02:00			`public static function tryLogin($name, $password)`
			`{`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`$config = getConfig();`
			`$context = getContext();`
Closed #45 2013-10-22 11:40:10 +02:00
Models rewrite; removed RedBeanPHP; misc changes Pages load 1.5-2x faster Exception trace in JSON is now represented as an array Fixed pagination of default favorites page in user pages Fixed thumbnail size validation for non-square thumbnails 2013-12-18 15:10:53 +01:00			`$dbUser = UserModel::findByNameOrEmail($name, false);`
Closed #45 2013-10-22 11:40:10 +02:00			`if ($dbUser === null)`
			`throw new SimpleException('Invalid username');`

Models rewrite; removed RedBeanPHP; misc changes Pages load 1.5-2x faster Exception trace in JSON is now represented as an array Fixed pagination of default favorites page in user pages Fixed thumbnail size validation for non-square thumbnails 2013-12-18 15:10:53 +01:00			`$passwordHash = UserModel::hashPassword($password, $dbUser->passSalt);`
			`if ($passwordHash != $dbUser->passHash)`
Closed #45 2013-10-22 11:40:10 +02:00			`throw new SimpleException('Invalid password');`

Models rewrite; removed RedBeanPHP; misc changes Pages load 1.5-2x faster Exception trace in JSON is now represented as an array Fixed pagination of default favorites page in user pages Fixed thumbnail size validation for non-square thumbnails 2013-12-18 15:10:53 +01:00			`if (!$dbUser->staffConfirmed and $config->registration->staffActivation)`
Closed #45 2013-10-22 11:40:10 +02:00			`throw new SimpleException('Staff hasn\'t confirmed your registration yet');`

			`if ($dbUser->banned)`
			`throw new SimpleException('You are banned');`

			`if ($config->registration->needEmailForRegistering)`
PrivilegesHelper shortened to Access Methods are shorter, too 2014-04-29 23:52:17 +02:00			`Access::requireEmail($dbUser);`
Closed #45 2013-10-22 11:40:10 +02:00
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00			`$context->user = $dbUser;`
			`self::doReLog();`
Closed #45 2013-10-22 11:40:10 +02:00			`return $dbUser;`
			`}`

			`public static function tryAutoLogin()`
			`{`
			`if (!isset($_COOKIE['auth']))`
			`return;`

			`$token = TextHelper::decrypt($_COOKIE['auth']);`
			`list ($name, $password) = array_map('base64_decode', explode('\|', $token));`
			`return self::tryLogin($name, $password);`
			`}`

Registration sketch 2013-10-05 12:55:03 +02:00			`public function loginAction()`
			`{`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`$context = getContext();`
			`$context->handleExceptions = true;`
Page titles filled in 2013-10-05 21:22:28 +02:00
Registration sketch 2013-10-05 12:55:03 +02:00			`//check if already logged in`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`if ($context->loggedIn)`
Registration sketch 2013-10-05 12:55:03 +02:00			`{`
Logging in remembers original URL 2013-10-30 23:24:27 +01:00			`self::redirectAfterLog();`
Registration sketch 2013-10-05 12:55:03 +02:00			`return;`
			`}`

Closed #45 2013-10-22 11:40:10 +02:00			`if (InputHelper::get('submit'))`
Registration sketch 2013-10-05 12:55:03 +02:00			`{`
Closed #45 2013-10-22 11:40:10 +02:00			`$suppliedName = InputHelper::get('name');`
			`$suppliedPassword = InputHelper::get('password');`
			`$dbUser = self::tryLogin($suppliedName, $suppliedPassword);`
Registration sketch 2013-10-05 12:55:03 +02:00
Closed #45 2013-10-22 11:40:10 +02:00			`if (InputHelper::get('remember'))`
			`{`
			`$token = implode('\|', [base64_encode($suppliedName), base64_encode($suppliedPassword)]);`
			`setcookie('auth', TextHelper::encrypt($token), time() + 365 * 24 * 3600, '/');`
			`}`
Refactoring of error/success messages 2013-11-16 18:40:26 +01:00			`StatusHelper::success();`
Logging in remembers original URL 2013-10-30 23:24:27 +01:00			`self::redirectAfterLog();`
Registration sketch 2013-10-05 12:55:03 +02:00			`}`
			`}`

			`public function logoutAction()`
			`{`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`$context = getContext();`
			`$context->viewName = null;`
			`$context->layoutName = null;`
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00			`self::doLogOut();`
Closed #45 2013-10-22 11:40:10 +02:00			`setcookie('auth', false, 0, '/');`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`\Chibi\Util\Url::forward(\Chibi\Router::linkTo(['IndexController', 'indexAction']));`
Registration sketch 2013-10-05 12:55:03 +02:00			`}`
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00
			`public static function doLogOut()`
			`{`
			`unset($_SESSION['user']);`
			`}`

			`public static function doLogIn()`
			`{`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`$context = getContext();`
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00			`if (!isset($_SESSION['user']))`
			`{`
			`if (!empty($context->user) and $context->user->id)`
			`{`
Models rewrite; removed RedBeanPHP; misc changes Pages load 1.5-2x faster Exception trace in JSON is now represented as an array Fixed pagination of default favorites page in user pages Fixed thumbnail size validation for non-square thumbnails 2013-12-18 15:10:53 +01:00			`$dbUser = UserModel::findById($context->user->id);`
Fixed changing password 2014-03-02 19:09:05 +01:00			`$dbUser->lastLoginDate = time();`
			`UserModel::save($dbUser);`
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00			`$_SESSION['user'] = serialize($dbUser);`
			`}`
			`else`
			`{`
Models rewrite; removed RedBeanPHP; misc changes Pages load 1.5-2x faster Exception trace in JSON is now represented as an array Fixed pagination of default favorites page in user pages Fixed thumbnail size validation for non-square thumbnails 2013-12-18 15:10:53 +01:00			`$dummy = UserModel::spawn();`
			`$dummy->name = UserModel::getAnonymousName();`
			`$dummy->accessRank = AccessRank::Anonymous;`
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00			`$_SESSION['user'] = serialize($dummy);`
			`}`
			`}`
Models rewrite; removed RedBeanPHP; misc changes Pages load 1.5-2x faster Exception trace in JSON is now represented as an array Fixed pagination of default favorites page in user pages Fixed thumbnail size validation for non-square thumbnails 2013-12-18 15:10:53 +01:00
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00			`$context->user = unserialize($_SESSION['user']);`
Models rewrite; removed RedBeanPHP; misc changes Pages load 1.5-2x faster Exception trace in JSON is now represented as an array Fixed pagination of default favorites page in user pages Fixed thumbnail size validation for non-square thumbnails 2013-12-18 15:10:53 +01:00			`$context->loggedIn = $context->user->accessRank != AccessRank::Anonymous;`
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00			`if (!$context->loggedIn)`
			`{`
			`try`
			`{`
			`self::tryAutoLogin();`
			`}`
			`catch (Exception $e)`
			`{`
			`}`
			`}`
			`}`

			`public static function doReLog()`
			`{`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`$context = getContext();`
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00			`if ($context->user !== null)`
Models rewrite; removed RedBeanPHP; misc changes Pages load 1.5-2x faster Exception trace in JSON is now represented as an array Fixed pagination of default favorites page in user pages Fixed thumbnail size validation for non-square thumbnails 2013-12-18 15:10:53 +01:00			`self::doLogOut();`
Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues 2013-10-27 20:39:32 +01:00			`self::doLogIn();`
			`}`
Logging in remembers original URL 2013-10-30 23:24:27 +01:00
			`public static function observeWorkFinish()`
			`{`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`if (strpos(\Chibi\Util\Headers::get('Content-Type'), 'text/html') === false)`
Logging in remembers original URL 2013-10-30 23:24:27 +01:00			`return;`
Newest chibi-core 2014-04-29 21:35:29 +02:00			`if (\Chibi\Util\Headers::getCode() != 200)`
			`return;`
			`$context = getContext();`
			`if ($context->simpleControllerName == 'auth')`
Logging in remembers original URL 2013-10-30 23:24:27 +01:00			`return;`
			`$_SESSION['login-redirect-url'] = $context->query;`
			`}`
Registration sketch 2013-10-05 12:55:03 +02:00			`}`