lychee/php/Modules/Session.php

<?php

namespace Lychee\Modules;

final class Session {

	/**
	 * Reads and returns information about the Lychee installation.
	 * @return array Returns an array with the login status and configuration.
	 */
	public function init($public = true) {

		// Call plugins
		Plugins::get()->activate(__METHOD__, 0, func_get_args());

		// Return settings
		$return['config'] = Settings::get();

		// Path to Lychee for the server-import dialog
		$return['config']['location'] = LYCHEE;

		// Remove sensitive from response
		unset($return['config']['username']);
		unset($return['config']['password']);
		unset($return['config']['identifier']);

		// Check if login credentials exist and login if they don't
		if ($this->noLogin()===true) {
			$public = false;
			$return['config']['login'] = false;
		} else {
			$return['config']['login'] = true;
		}

		if ($public===false) {

			// Logged in
			$return['status'] = LYCHEE_STATUS_LOGGEDIN;

		} else {

			// Logged out
			$return['status'] = LYCHEE_STATUS_LOGGEDOUT;

			// Unset unused vars
			unset($return['config']['skipDuplicates']);
			unset($return['config']['sortingAlbums']);
			unset($return['config']['sortingPhotos']);
			unset($return['config']['dropboxKey']);
			unset($return['config']['login']);
			unset($return['config']['location']);
			unset($return['config']['imagick']);
			unset($return['config']['plugins']);

		}

		// Call plugins
		Plugins::get()->activate(__METHOD__, 1, func_get_args());

		return $return;

	}

	/**
	 * Sets the session values when username and password correct.
	 * @return boolean Returns true when login was successful.
	 */
	public function login($username, $password) {

		// Call plugins
		Plugins::get()->activate(__METHOD__, 0, func_get_args());

		$username_crypt = crypt($username, Settings::get()['username']);
		$password_crypt = crypt($password, Settings::get()['password']);

		// Check login with crypted hash
		if (Settings::get()['username']===$username_crypt&&
			Settings::get()['password']===$password_crypt) {
				$_SESSION['login']      = true;
				$_SESSION['identifier'] = Settings::get()['identifier'];
				Log::notice(Database::get(), __METHOD__, __LINE__, 'User (' . $username . ') has logged in from ' . $_SERVER['REMOTE_ADDR']);
				return true;
		}

		// No login
		if ($this->noLogin()===true) return true;

		// Call plugins
		Plugins::get()->activate(__METHOD__, 1, func_get_args());

		// Log failed log in
		Log::error(Database::get(), __METHOD__, __LINE__, 'User (' . $username . ') has tried to log in from ' . $_SERVER['REMOTE_ADDR']);

		return false;

	}

	/**
	 * Sets the session values when no there is no username and password in the database.
	 * @return boolean Returns true when no login was found.
	 */
	private function noLogin() {

		// Check if login credentials exist and login if they don't
		if (Settings::get()['username']===''&&
			Settings::get()['password']==='') {
				$_SESSION['login']      = true;
				$_SESSION['identifier'] = Settings::get()['identifier'];
				return true;
		}

		return false;

	}

	/**
	 * Unsets the session values.
	 * @return boolean Returns true when logout was successful.
	 */
	public function logout() {

		// Call plugins
		Plugins::get()->activate(__METHOD__, 0, func_get_args());

		session_unset();
		session_destroy();

		// Call plugins
		Plugins::get()->activate(__METHOD__, 1, func_get_args());

		return true;

	}

}

?>
Session class 2014-04-04 19:10:32 +00:00			`<?php`

Namespaces, Plugins via Namespaces, API entry file renamned, Settings::set() 2016-01-26 14:31:53 +00:00			`namespace Lychee\Modules;`
Session class 2014-04-04 19:10:32 +00:00
Added Validator, removed Module, changed Access classes 2016-01-30 20:33:31 +00:00			`final class Session {`
Session class 2014-04-04 19:10:32 +00:00
Added phpDoc comments 2016-02-13 16:32:44 +00:00			`/**`
			`* Reads and returns information about the Lychee installation.`
			`* @return array Returns an array with the login status and configuration.`
			`*/`
Default param for Session init 2016-01-30 19:18:10 +00:00			`public function init($public = true) {`
Session class 2014-04-04 19:10:32 +00:00
// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Call plugins`
Activate plugins directly without extending Module 2016-01-29 23:27:50 +00:00			`Plugins::get()->activate(__METHOD__, 0, func_get_args());`
Added plugin-call to Session 2014-04-04 19:12:49 +00:00
// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Return settings`
Singleton pattern for Settings::get(), Database::get() and Plugins::get() What could properly go wrong? ¯\_(ツ)_/¯ 2016-01-24 21:14:20 +00:00			`$return['config'] = Settings::get();`
Stop init from returning username 2015-04-17 20:50:35 +00:00
// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Path to Lychee for the server-import dialog`
PHP code style adjustments 2016-01-19 10:03:28 +00:00			`$return['config']['location'] = LYCHEE;`

Added phpDoc comments 2016-02-13 16:32:44 +00:00			`// Remove sensitive from response`
Stop init from returning username 2015-04-17 20:50:35 +00:00			`unset($return['config']['username']);`
Session class 2014-04-04 19:10:32 +00:00			`unset($return['config']['password']);`
Use identifier to prevent login of multiple instances of lychee #344 2015-05-14 19:07:42 +00:00			`unset($return['config']['identifier']);`

// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Check if login credentials exist and login if they don't`
Auto login after installation 2015-01-23 20:00:27 +00:00			`if ($this->noLogin()===true) {`
			`$public = false;`
			`$return['config']['login'] = false;`
			`} else {`
			`$return['config']['login'] = true;`
			`}`
Session class 2014-04-04 19:10:32 +00:00
			`if ($public===false) {`

// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Logged in`
Simplified response of session init 2015-03-06 22:29:55 +00:00			`$return['status'] = LYCHEE_STATUS_LOGGEDIN;`
Session class 2014-04-04 19:10:32 +00:00
			`} else {`

// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Logged out`
Simplified response of session init 2015-03-06 22:29:55 +00:00			`$return['status'] = LYCHEE_STATUS_LOGGEDOUT;`

// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Unset unused vars`
Remove skipDuplicates from init response when logged out 2016-01-30 19:18:24 +00:00			`unset($return['config']['skipDuplicates']);`
Added album sorting #98 2015-05-14 15:20:33 +00:00			`unset($return['config']['sortingAlbums']);`
Updated default tables and changed sorting var/entry to sortingPhotos #98 2015-05-14 15:47:17 +00:00			`unset($return['config']['sortingPhotos']);`
Session class 2014-04-04 19:10:32 +00:00			`unset($return['config']['dropboxKey']);`
			`unset($return['config']['login']);`
Server returns location of lychee Used for the new server-import dialog 2014-07-23 19:24:25 +00:00			`unset($return['config']['location']);`
Added album sorting #98 2015-05-14 15:20:33 +00:00			`unset($return['config']['imagick']);`
Do not return list of plugins when logged out 2014-07-27 12:17:01 +00:00			`unset($return['config']['plugins']);`
Session class 2014-04-04 19:10:32 +00:00
			`}`

// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Call plugins`
Activate plugins directly without extending Module 2016-01-29 23:27:50 +00:00			`Plugins::get()->activate(__METHOD__, 1, func_get_args());`
Added plugin-call to Session 2014-04-04 19:12:49 +00:00
Session class 2014-04-04 19:10:32 +00:00			`return $return;`

			`}`

Added phpDoc comments 2016-02-13 16:32:44 +00:00			`/**`
			`* Sets the session values when username and password correct.`
			`* @return boolean Returns true when login was successful.`
			`*/`
Session class 2014-04-04 19:10:32 +00:00			`public function login($username, $password) {`

// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Call plugins`
Activate plugins directly without extending Module 2016-01-29 23:27:50 +00:00			`Plugins::get()->activate(__METHOD__, 0, func_get_args());`
Added plugin-call to Session 2014-04-04 19:12:49 +00:00
Add login logs 2016-03-16 19:20:21 +00:00			`$username_crypt = crypt($username, Settings::get()['username']);`
Small adjustments to #491 2016-03-19 15:16:41 +00:00			`$password_crypt = crypt($password, Settings::get()['password']);`
Session class 2014-04-04 19:10:32 +00:00
// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Check login with crypted hash`
Add login logs 2016-03-16 19:20:21 +00:00			`if (Settings::get()['username']===$username_crypt&&`
Small adjustments to #491 2016-03-19 15:16:41 +00:00			`Settings::get()['password']===$password_crypt) {`
// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`$_SESSION['login'] = true;`
			`$_SESSION['identifier'] = Settings::get()['identifier'];`
Small adjustments to #491 2016-03-19 15:16:41 +00:00			`Log::notice(Database::get(), __METHOD__, __LINE__, 'User (' . $username . ') has logged in from ' . $_SERVER['REMOTE_ADDR']);`
Removed useless md5 hashing in front-end and added username hashing in back-end 2015-02-08 14:36:13 +00:00			`return true;`
[Feature] don't hash passwords with MD5 in DB #114 All newly set and resetted passwords will now be stored as blowfish hashed string generated via crypt(). Refs: #114 2014-04-21 00:19:23 +00:00			`}`

// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// No login`
Use identifier to prevent login of multiple instances of lychee #344 2015-05-14 19:07:42 +00:00			`if ($this->noLogin()===true) return true;`
Session class 2014-04-04 19:10:32 +00:00
// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Call plugins`
Activate plugins directly without extending Module 2016-01-29 23:27:50 +00:00			`Plugins::get()->activate(__METHOD__, 1, func_get_args());`
Added plugin-call to Session 2014-04-04 19:12:49 +00:00
Small adjustments to #491 2016-03-19 15:16:41 +00:00			`// Log failed log in`
			`Log::error(Database::get(), __METHOD__, __LINE__, 'User (' . $username . ') has tried to log in from ' . $_SERVER['REMOTE_ADDR']);`

Session class 2014-04-04 19:10:32 +00:00			`return false;`

			`}`

Added phpDoc comments 2016-02-13 16:32:44 +00:00			`/**`
			`* Sets the session values when no there is no username and password in the database.`
			`* @return boolean Returns true when no login was found.`
			`*/`
Auto login after installation 2015-01-23 20:00:27 +00:00			`private function noLogin() {`

// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Check if login credentials exist and login if they don't`
Singleton pattern for Settings::get(), Database::get() and Plugins::get() What could properly go wrong? ¯\_(ツ)_/¯ 2016-01-24 21:14:20 +00:00			`if (Settings::get()['username']===''&&`
			`Settings::get()['password']==='') {`
// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`$_SESSION['login'] = true;`
			`$_SESSION['identifier'] = Settings::get()['identifier'];`
Removed useless md5 hashing in front-end and added username hashing in back-end 2015-02-08 14:36:13 +00:00			`return true;`
Auto login after installation 2015-01-23 20:00:27 +00:00			`}`

			`return false;`

			`}`

Added phpDoc comments 2016-02-13 16:32:44 +00:00			`/**`
			`* Unsets the session values.`
			`* @return boolean Returns true when logout was successful.`
			`*/`
Session class 2014-04-04 19:10:32 +00:00			`public function logout() {`

// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Call plugins`
Activate plugins directly without extending Module 2016-01-29 23:27:50 +00:00			`Plugins::get()->activate(__METHOD__, 0, func_get_args());`
Added plugin-call to Session 2014-04-04 19:12:49 +00:00
Added phpDoc comments 2016-02-13 16:32:44 +00:00			`session_unset();`
Session class 2014-04-04 19:10:32 +00:00			`session_destroy();`
Added plugin-call to Session 2014-04-04 19:12:49 +00:00
// for comments and spaces for alignment 2016-01-30 20:43:57 +00:00			`// Call plugins`
Activate plugins directly without extending Module 2016-01-29 23:27:50 +00:00			`Plugins::get()->activate(__METHOD__, 1, func_get_args());`
Added plugin-call to Session 2014-04-04 19:12:49 +00:00
Session class 2014-04-04 19:10:32 +00:00			`return true;`

			`}`

			`}`

			`?>`