3 # normalize usernames (for case-insensitive etc. logins)
4 function format_auth_username($str) {
5 $str = iconv('utf8', 'ascii//TRANSLIT', $str);
6 $str = strtolower(trim($str));
7 $str = preg_replace('/[^a-z0-9]/', '', $str);
11 # Called automatically by session_auth().
12 # Only call if you've just verified that someone has logged in, or has clicked
13 # a valid password reset link.
14 function session_auth_init($id = false, $password_reset = false) {
15 $GLOBALS['wfpl_session_auth'] = [
20 'last_active' => null,
21 'password_reset' => null
25 $user = db_get_assoc('users', 'role,name,username', 'where id=%i', $id);
27 db_update('users', 'last_active', $now, 'where id=%i', $id);
28 $GLOBALS['wfpl_session_auth']['id'] = $id;
29 $GLOBALS['wfpl_session_auth']['role'] = $user['role'];
30 $GLOBALS['wfpl_session_auth']['name'] = $user['name'];
31 $GLOBALS['wfpl_session_auth']['username'] = $user['username'];
32 $GLOBALS['wfpl_session_auth']['last_active'] = $now;
35 if ($password_reset) {
36 $GLOBALS['wfpl_session_auth']['password_reset'] = true;
37 $GLOBALS['wfpl_session_auth']['id'] = session_get('auth_password_reset_id');
41 # return an assoc containing info about the authenticated user, see session_auth_init
42 function session_auth() {
43 if (!isset($GLOBALS['wfpl_session_auth'])) {
46 if (session_exists()) {
47 $id = session_get('auth_id');
49 $r = session_get('auth_password_reset');
51 $r = (int) format_int_0($r);
55 message('Oops, your temporary access (to change your password) has expired');
56 session_clear('auth_password_reset');
61 session_auth_init($id, $reset);
63 return $GLOBALS['wfpl_session_auth'];
66 # return true if the logged in user is allowed to $priv
67 # (false if they are not logged in, or aren't alowed to $priv)
68 function session_auth_can($priv) {
70 if ($s['role'] === 'admin') {
76 # return ONLY IF the currently logged in user can $priv
77 # otherwise, it displays the login page, and exit early
78 function session_auth_must($priv) {
79 if (session_auth_can($priv)) {
82 if (!isset($_REQUEST['after_login'])) {
83 $_REQUEST['after_login_url'] = this_url();