JasonWoof Got questions, comments, patches, etc.? Contact Jason Woofenden
don't overwrite .centerer vmargin
[wfpl-cms.git] / inc / session_auth.php
1 <?php
2
3 # normalize usernames (for case-insensitive etc. logins)
4 function format_auth_username($str) {
5         $str = iconv('utf8', 'ascii//TRANSLIT', $str);
6         $str = strtolower(trim($str));
7         $str = preg_replace('/[^a-z0-9]/', '', $str);
8         return $str;
9 }
10
11 # Called automatically by session_auth().
12 # Only call if you've just verified that someone has logged in, or has clicked
13 # a valid password reset link.
14 function session_auth_init($id = false, $password_reset = false) {
15         $GLOBALS['wfpl_session_auth'] = [
16                 'id' => null,
17                 'role' => null,
18                 'name' => null,
19                 'username' => null,
20                 'last_active' => null,
21                 'password_reset' => null
22         ];
23
24         if ($id) {
25                 $user = db_get_assoc('users', 'role,name,username', 'where id=%i', $id);
26                 $now = time();
27                 db_update('users', 'last_active', $now, 'where id=%i', $id);
28                 $GLOBALS['wfpl_session_auth']['id'] = $id;
29                 $GLOBALS['wfpl_session_auth']['role'] = $user['role'];
30                 $GLOBALS['wfpl_session_auth']['name'] = $user['name'];
31                 $GLOBALS['wfpl_session_auth']['username'] = $user['username'];
32                 $GLOBALS['wfpl_session_auth']['last_active'] = $now;
33         }
34
35         if ($password_reset) {
36                 $GLOBALS['wfpl_session_auth']['password_reset'] = true;
37                 $GLOBALS['wfpl_session_auth']['id'] = session_get('auth_password_reset_id');
38         }
39 }
40
41 # return an assoc containing info about the authenticated user, see session_auth_init
42 function session_auth() {
43         if (!isset($GLOBALS['wfpl_session_auth'])) {
44                 $id = false;
45                 $reset = false;
46                 if (session_exists()) {
47                         $id = session_get('auth_id');
48                         if (!$id) {
49                                 $r = session_get('auth_password_reset');
50                                 if (strlen($r)) {
51                                         $r = (int) format_int_0($r);
52                                         if (time() < $r) {
53                                                 $reset = true;
54                                         } else {
55                                                 message('Oops, your temporary access (to change your password) has expired');
56                                                 session_clear('auth_password_reset');
57                                         }
58                                 }
59                         }
60                 }
61                 session_auth_init($id, $reset);
62         }
63         return $GLOBALS['wfpl_session_auth'];
64 }
65
66 # return true if the logged in user is allowed to $priv
67 # (false if they are not logged in, or aren't alowed to $priv)
68 function session_auth_can($priv) {
69         $s = session_auth();
70         if ($s['role'] === 'admin') {
71                 return true;
72         }
73         return false;
74 }
75
76 # return ONLY IF the currently logged in user can $priv
77 # otherwise, it displays the login page, and exit early
78 function session_auth_must($priv) {
79         if (session_auth_can($priv)) {
80                 return;
81         }
82         if (!isset($_REQUEST['after_login'])) {
83                 $_REQUEST['after_login_url'] = this_url();
84         }
85         wfpl_main('login');
86         exit();
87 }