inc/session_auth.php

   1 <?php
   2
   3 # normalize usernames (for case-insensitive etc. logins)
   4 function format_auth_username($str) {
   5         $str = iconv('utf8', 'ascii//TRANSLIT', $str);
   6         $str = strtolower(trim($str));
   7         $str = preg_replace('/[^a-z0-9]/', '', $str);
   8         return $str;
   9 }
  10
  11 # Called automatically by session_auth().
  12 # Only call if you've just verified that someone has logged in, or has clicked
  13 # a valid password reset link.
  14 function session_auth_init($id = false, $password_reset = false) {
  15         $GLOBALS['wfpl_session_auth'] = [
  16                 'id' => null,
  17                 'role' => null,
  18                 'name' => null,
  19                 'username' => null,
  20                 'last_active' => null,
  21                 'password_reset' => null
  22         ];
  23
  24         if ($id) {
  25                 $user = db_get_assoc('users', 'role,name,username', 'where id=%i', $id);
  26                 $now = time();
  27                 db_update('users', 'last_active', $now, 'where id=%i', $id);
  28                 $GLOBALS['wfpl_session_auth']['id'] = $id;
  29                 $GLOBALS['wfpl_session_auth']['role'] = $user['role'];
  30                 $GLOBALS['wfpl_session_auth']['name'] = $user['name'];
  31                 $GLOBALS['wfpl_session_auth']['username'] = $user['username'];
  32                 $GLOBALS['wfpl_session_auth']['last_active'] = $now;
  33         }
  34
  35         if ($password_reset) {
  36                 $GLOBALS['wfpl_session_auth']['password_reset'] = true;
  37                 $GLOBALS['wfpl_session_auth']['id'] = session_get('auth_password_reset_id');
  38         }
  39 }
  40
  41 # return an assoc containing info about the authenticated user, see session_auth_init
  42 function session_auth() {
  43         if (!isset($GLOBALS['wfpl_session_auth'])) {
  44                 $id = false;
  45                 $reset = false;
  46                 if (session_exists()) {
  47                         $id = session_get('auth_id');
  48                         if (!$id) {
  49                                 $r = session_get('auth_password_reset');
  50                                 if (strlen($r)) {
  51                                         $r = (int) format_int_0($r);
  52                                         if (time() < $r) {
  53                                                 $reset = true;
  54                                         } else {
  55                                                 message('Oops, your temporary access (to change your password) has expired');
  56                                                 session_clear('auth_password_reset');
  57                                         }
  58                                 }
  59                         }
  60                 }
  61                 session_auth_init($id, $reset);
  62         }
  63         return $GLOBALS['wfpl_session_auth'];
  64 }
  65
  66 # return true if the logged in user is allowed to $priv
  67 # (false if they are not logged in, or aren't alowed to $priv)
  68 function session_auth_can($priv) {
  69         $s = session_auth();
  70         if ($s['role'] === 'admin') {
  71                 return true;
  72         }
  73         return false;
  74 }
  75
  76 # return ONLY IF the currently logged in user can $priv
  77 # otherwise, it displays the login page, and exit early
  78 function session_auth_must($priv) {
  79         if (session_auth_can($priv)) {
  80                 return;
  81         }
  82         if (!isset($_REQUEST['after_login'])) {
  83                 $_REQUEST['after_login_url'] = this_url();
  84         }
  85         wfpl_main('login');
  86         exit();
  87 }