1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00

Refactor login code a bit to reduce nesting

This commit is contained in:
Starbeamrainbowlabs 2019-10-07 18:19:48 +01:00
parent 5239fff462
commit 6213a6e715
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
2 changed files with 62 additions and 68 deletions

View file

@ -27,12 +27,9 @@ if(isset($_SESSION[$settings->sessionprefix . "-user"]) and
// Check to see if the currently logged in user is an admin // Check to see if the currently logged in user is an admin
$env->is_admin = false; $env->is_admin = false;
if($env->is_logged_in) if($env->is_logged_in) {
{ foreach($settings->admins as $admin_username){
foreach($settings->admins as $admin_username) if($admin_username == $env->user) {
{
if($admin_username == $env->user)
{
$env->is_admin = true; $env->is_admin = true;
break; break;
} }

View file

@ -86,75 +86,72 @@ register_module([
add_action("checklogin", function() { add_action("checklogin", function() {
global $settings, $env; global $settings, $env;
// Actually do the login if(!isset($_POST["user"]) or !isset($_POST["pass"])) {
if(isset($_POST["user"]) and isset($_POST["pass"]))
{
// The user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
if(!empty($settings->users->$user) && verify_password($pass, $settings->users->$user->password))
{
// Success! :D
// Update the environment
$env->is_logged_in = true;
$env->user = $user;
$env->user_data = $settings->users->{$env->user};
$new_password_hash = hash_password_update($pass, $settings->users->$user->password);
// Update the password hash
if($new_password_hash !== null) {
$env->user_data->password = $new_password_hash;
if(!save_userdata()) {
http_response_code(503);
exit(page_renderer::render_main("Login Error - $settings->sitename", "<p>Your credentials were correct, but $settings->sitename was unable to log you in as an updated hash of your password couldn't be saved. Updating your password hash to the latest and strongest hashing algorithm is an important part of keeping your account secure.</p>
<p>Please contact $settings->admindetails_name, $settings->sitename's adminstrator, for assistance (their email address can be found at the bottom of every page, including this one).</p>"));
}
error_log("[Pepperminty Wiki] Updated password hash for $user.");
}
// If the email address is still in the old field, migrate it
if(!empty($settings->users->{$user}->email)) {
$settings->users->{$user}->emailAddress = $settings->users->{$user}->email;
unset($settings->users->{$user}->email);
save_settings();
}
$_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = $new_password_hash ?? hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = time() + 60*60*24*30; // 30 days from now
// Redirect to wherever the user was going
http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]);
else
header("location: index.php");
exit();
}
else
{
// Login failed :-(
http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
header("location: $nextUrl");
exit();
}
}
else
{
http_response_code(302); http_response_code(302);
$nextUrl = "index.php?action=login&failed=yes&badrequest=yes"; $nextUrl = "index.php?action=login&failed=yes&badrequest=yes";
if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
header("location: $nextUrl");
exit();
}
// Actually do the login
// The user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
// Verify their password
if(empty($settings->users->$user) || !verify_password($pass, $settings->users->$user->password)) {
// Login failed :-(
http_response_code(302);
header("x-login-success: no");
$nextUrl = "index.php?action=login&failed=yes";
if(!empty($_GET["returnto"])) if(!empty($_GET["returnto"]))
$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]); $nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
header("location: $nextUrl"); header("location: $nextUrl");
exit(); exit();
} }
// Success! :D
// Update the environment
$env->is_logged_in = true;
$env->user = $user;
$env->user_data = $settings->users->{$env->user};
$new_password_hash = hash_password_update($pass, $settings->users->$user->password);
// Update the password hash
if($new_password_hash !== null) {
$env->user_data->password = $new_password_hash;
if(!save_userdata()) {
http_response_code(503);
exit(page_renderer::render_main("Login Error - $settings->sitename", "<p>Your credentials were correct, but $settings->sitename was unable to log you in as an updated hash of your password couldn't be saved. Updating your password hash to the latest and strongest hashing algorithm is an important part of keeping your account secure.</p>
<p>Please contact $settings->admindetails_name, $settings->sitename's adminstrator, for assistance (their email address can be found at the bottom of every page, including this one).</p>"));
}
error_log("[Pepperminty Wiki] Updated password hash for $user.");
}
// If the email address is still in the old field, migrate it
if(!empty($settings->users->{$user}->email)) {
$settings->users->{$user}->emailAddress = $settings->users->{$user}->email;
unset($settings->users->{$user}->email);
save_settings();
}
$_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = $new_password_hash ?? hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = time() + 60*60*24*30; // 30 days from now
// Redirect to wherever the user was going
http_response_code(302);
header("x-login-success: yes");
if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]);
else
header("location: index.php");
exit();
}); });
add_action("hash-cost-test", function() { add_action("hash-cost-test", function() {