lychee/php/modules/Session.php

<?php

###
# @name			Session Module
# @copyright	2015 by Tobias Reich
###

if (!defined('LYCHEE')) exit('Error: Direct access is not allowed!');

class Session extends Module {

	private $settings = null;

	public function __construct($plugins, $settings) {

		# Init vars
		$this->plugins	= $plugins;
		$this->settings	= $settings;

		return true;

	}

	public function init($database, $dbName, $public, $version) {

		# Check dependencies
		self::dependencies(isset($this->settings, $public, $version));

		# Call plugins
		$this->plugins(__METHOD__, 0, func_get_args());

		# Update
		if (!isset($this->settings['version'])||$this->settings['version']!==$version) {
			if (!Database::update($database, $dbName, @$this->settings['version'])) {
				Log::error($database, __METHOD__, __LINE__, 'Updating the database failed');
				exit('Error: Updating the database failed!');
			}
		}

		# Return settings
		$return['config'] = $this->settings;

		# Remove username and password from response
		unset($return['config']['username']);
		unset($return['config']['password']);

		# Remove identifier from response
		unset($return['config']['identifier']);

		# Path to Lychee for the server-import dialog
		$return['config']['location'] = LYCHEE;

		# Check if login credentials exist and login if they don't
		if ($this->noLogin()===true) {
			$public = false;
			$return['config']['login'] = false;
		} else {
			$return['config']['login'] = true;
		}

		if ($public===false) {

			# Logged in
			$return['status'] = LYCHEE_STATUS_LOGGEDIN;

		} else {

			# Logged out
			$return['status'] = LYCHEE_STATUS_LOGGEDOUT;

			# Unset unused vars
			unset($return['config']['thumbQuality']);
			unset($return['config']['sortingAlbums']);
			unset($return['config']['sortingPhotos']);
			unset($return['config']['dropboxKey']);
			unset($return['config']['login']);
			unset($return['config']['location']);
			unset($return['config']['imagick']);
			unset($return['config']['medium']);
			unset($return['config']['plugins']);

		}

		# Call plugins
		$this->plugins(__METHOD__, 1, func_get_args());

		return $return;

	}

	public function login($username, $password) {

		# Check dependencies
		self::dependencies(isset($this->settings, $username, $password));

		# Call plugins
		$this->plugins(__METHOD__, 0, func_get_args());

		$username = crypt($username, $this->settings['username']);
		$password = crypt($password, $this->settings['password']);

		# Check login with crypted hash
		if ($this->settings['username']===$username&&
			$this->settings['password']===$password) {
				$_SESSION['login']		= true;
				$_SESSION['identifier']	= $this->settings['identifier'];
				return true;
		}

		# No login
		if ($this->noLogin()===true) return true;

		# Call plugins
		$this->plugins(__METHOD__, 1, func_get_args());

		return false;

	}

	private function noLogin() {

		# Check dependencies
		self::dependencies(isset($this->settings));

		# Check if login credentials exist and login if they don't
		if ($this->settings['username']===''&&
			$this->settings['password']==='') {
				$_SESSION['login']		= true;
				$_SESSION['identifier']	= $this->settings['identifier'];
				return true;
		}

		return false;

	}

	public function logout() {

		# Call plugins
		$this->plugins(__METHOD__, 0, func_get_args());

		$_SESSION['login']		= null;
		$_SESSION['identifier']	= null;

		session_destroy();

		# Call plugins
		$this->plugins(__METHOD__, 1, func_get_args());

		return true;

	}

}

?>
Session class 2014-04-04 19:10:32 +00:00			`<?php`

			`###`
Comment cleanup 2014-10-21 11:45:11 +00:00			`# @name Session Module`
Updated copyright 2015-02-01 21:08:37 +00:00			`# @copyright 2015 by Tobias Reich`
Session class 2014-04-04 19:10:32 +00:00			`###`

			`if (!defined('LYCHEE')) exit('Error: Direct access is not allowed!');`

Extends Module 2014-04-04 19:27:10 +00:00			`class Session extends Module {`
Session class 2014-04-04 19:10:32 +00:00
Extends Module 2014-04-04 19:27:10 +00:00			`private $settings = null;`
Session class 2014-04-04 19:10:32 +00:00
			`public function __construct($plugins, $settings) {`

			`# Init vars`
			`$this->plugins = $plugins;`
			`$this->settings = $settings;`

			`return true;`

			`}`

Improved update to v2.5 - Removed `sysdate` and `systime`(#115) - Add `plugins` - Convert to utf-8 (#111) 2014-04-11 20:25:03 +00:00			`public function init($database, $dbName, $public, $version) {`
Session class 2014-04-04 19:10:32 +00:00
Improved error handling by checking the dependencies (e.g. vars and parameters) 2014-04-19 19:07:36 +00:00			`# Check dependencies`
Fixed a static warning (#172) 2014-06-25 12:50:49 +00:00			`self::dependencies(isset($this->settings, $public, $version));`
Session class 2014-04-04 19:10:32 +00:00
Added plugin-call to Session 2014-04-04 19:12:49 +00:00			`# Call plugins`
			`$this->plugins(__METHOD__, 0, func_get_args());`

Session class 2014-04-04 19:10:32 +00:00			`# Update`
Added Log to Session 2014-05-30 14:55:56 +00:00			`if (!isset($this->settings['version'])\|\|$this->settings['version']!==$version) {`
			`if (!Database::update($database, $dbName, @$this->settings['version'])) {`
			`Log::error($database, __METHOD__, __LINE__, 'Updating the database failed');`
			`exit('Error: Updating the database failed!');`
			`}`
			`}`
Session class 2014-04-04 19:10:32 +00:00
			`# Return settings`
			`$return['config'] = $this->settings;`
Stop init from returning username 2015-04-17 20:50:35 +00:00
			`# Remove username and password from response`
			`unset($return['config']['username']);`
Session class 2014-04-04 19:10:32 +00:00			`unset($return['config']['password']);`

Use identifier to prevent login of multiple instances of lychee #344 2015-05-14 19:07:42 +00:00			`# Remove identifier from response`
			`unset($return['config']['identifier']);`

Server returns location of lychee Used for the new server-import dialog 2014-07-23 19:24:25 +00:00			`# Path to Lychee for the server-import dialog`
			`$return['config']['location'] = LYCHEE;`

Auto login after installation 2015-01-23 20:00:27 +00:00			`# Check if login credentials exist and login if they don't`
			`if ($this->noLogin()===true) {`
			`$public = false;`
			`$return['config']['login'] = false;`
			`} else {`
			`$return['config']['login'] = true;`
			`}`
Session class 2014-04-04 19:10:32 +00:00
			`if ($public===false) {`

			`# Logged in`
Simplified response of session init 2015-03-06 22:29:55 +00:00			`$return['status'] = LYCHEE_STATUS_LOGGEDIN;`
Session class 2014-04-04 19:10:32 +00:00
			`} else {`

Simplified response of session init 2015-03-06 22:29:55 +00:00			`# Logged out`
			`$return['status'] = LYCHEE_STATUS_LOGGEDOUT;`

Session class 2014-04-04 19:10:32 +00:00			`# Unset unused vars`
			`unset($return['config']['thumbQuality']);`
Added album sorting #98 2015-05-14 15:20:33 +00:00			`unset($return['config']['sortingAlbums']);`
Updated default tables and changed sorting var/entry to sortingPhotos #98 2015-05-14 15:47:17 +00:00			`unset($return['config']['sortingPhotos']);`
Session class 2014-04-04 19:10:32 +00:00			`unset($return['config']['dropboxKey']);`
			`unset($return['config']['login']);`
Server returns location of lychee Used for the new server-import dialog 2014-07-23 19:24:25 +00:00			`unset($return['config']['location']);`
Added album sorting #98 2015-05-14 15:20:33 +00:00			`unset($return['config']['imagick']);`
			`unset($return['config']['medium']);`
Do not return list of plugins when logged out 2014-07-27 12:17:01 +00:00			`unset($return['config']['plugins']);`
Session class 2014-04-04 19:10:32 +00:00
			`}`

Added plugin-call to Session 2014-04-04 19:12:49 +00:00			`# Call plugins`
			`$this->plugins(__METHOD__, 1, func_get_args());`

Session class 2014-04-04 19:10:32 +00:00			`return $return;`

			`}`

			`public function login($username, $password) {`

Improved error handling by checking the dependencies (e.g. vars and parameters) 2014-04-19 19:07:36 +00:00			`# Check dependencies`
Fixed a static warning (#172) 2014-06-25 12:50:49 +00:00			`self::dependencies(isset($this->settings, $username, $password));`
Session class 2014-04-04 19:10:32 +00:00
Added plugin-call to Session 2014-04-04 19:12:49 +00:00			`# Call plugins`
			`$this->plugins(__METHOD__, 0, func_get_args());`

Removed useless md5 hashing in front-end and added username hashing in back-end 2015-02-08 14:36:13 +00:00			`$username = crypt($username, $this->settings['username']);`
			`$password = crypt($password, $this->settings['password']);`
Session class 2014-04-04 19:10:32 +00:00
[Feature] don't hash passwords with MD5 in DB #114 All newly set and resetted passwords will now be stored as blowfish hashed string generated via crypt(). Refs: #114 2014-04-21 00:19:23 +00:00			`# Check login with crypted hash`
Removed useless md5 hashing in front-end and added username hashing in back-end 2015-02-08 14:36:13 +00:00			`if ($this->settings['username']===$username&&`
			`$this->settings['password']===$password) {`
Use identifier to prevent login of multiple instances of lychee #344 2015-05-14 19:07:42 +00:00			`$_SESSION['login'] = true;`
			`$_SESSION['identifier'] = $this->settings['identifier'];`
Removed useless md5 hashing in front-end and added username hashing in back-end 2015-02-08 14:36:13 +00:00			`return true;`
[Feature] don't hash passwords with MD5 in DB #114 All newly set and resetted passwords will now be stored as blowfish hashed string generated via crypt(). Refs: #114 2014-04-21 00:19:23 +00:00			`}`

Session class 2014-04-04 19:10:32 +00:00			`# No login`
Use identifier to prevent login of multiple instances of lychee #344 2015-05-14 19:07:42 +00:00			`if ($this->noLogin()===true) return true;`
Session class 2014-04-04 19:10:32 +00:00
Added plugin-call to Session 2014-04-04 19:12:49 +00:00			`# Call plugins`
			`$this->plugins(__METHOD__, 1, func_get_args());`

Session class 2014-04-04 19:10:32 +00:00			`return false;`

			`}`

Auto login after installation 2015-01-23 20:00:27 +00:00			`private function noLogin() {`

			`# Check dependencies`
			`self::dependencies(isset($this->settings));`

			`# Check if login credentials exist and login if they don't`
Removed useless md5 hashing in front-end and added username hashing in back-end 2015-02-08 14:36:13 +00:00			`if ($this->settings['username']===''&&`
			`$this->settings['password']==='') {`
Use identifier to prevent login of multiple instances of lychee #344 2015-05-14 19:07:42 +00:00			`$_SESSION['login'] = true;`
			`$_SESSION['identifier'] = $this->settings['identifier'];`
Removed useless md5 hashing in front-end and added username hashing in back-end 2015-02-08 14:36:13 +00:00			`return true;`
Auto login after installation 2015-01-23 20:00:27 +00:00			`}`

			`return false;`

			`}`

Session class 2014-04-04 19:10:32 +00:00			`public function logout() {`

Added plugin-call to Session 2014-04-04 19:12:49 +00:00			`# Call plugins`
			`$this->plugins(__METHOD__, 0, func_get_args());`

Use identifier to prevent login of multiple instances of lychee #344 2015-05-14 19:07:42 +00:00			`$_SESSION['login'] = null;`
			`$_SESSION['identifier'] = null;`

Session class 2014-04-04 19:10:32 +00:00			`session_destroy();`
Added plugin-call to Session 2014-04-04 19:12:49 +00:00
			`# Call plugins`
			`$this->plugins(__METHOD__, 1, func_get_args());`

Session class 2014-04-04 19:10:32 +00:00			`return true;`

			`}`

			`}`

			`?>`