diff options
| -rwxr-xr-x | index.php | 48 | ||||
| -rw-r--r-- | lib/base.php | 64 |
2 files changed, 70 insertions, 42 deletions
diff --git a/index.php b/index.php index 94893e475a2..4ffd013aa86 100755 --- a/index.php +++ b/index.php @@ -31,52 +31,16 @@ if (!OC::handleRequest()) { OC_App::loadApps(array('prelogin')); $error = false; // remember was checked after last login - if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) { - OC_App::loadApps(array('authentication')); - if(defined("DEBUG") && DEBUG) { - OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG); - } - // confirm credentials in cookie - if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && - OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { - OC_User::setUserId($_COOKIE['oc_username']); - OC_Util::redirectToDefaultPage(); - } - else { - OC_User::unsetMagicInCookie(); - } + if (OC::tryRememberLogin()) { + // nothing more to do // Someone wants to log in : - } elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) { - OC_App::loadApps(); - if(OC_User::login($_POST["user"], $_POST["password"])) { - if(!empty($_POST["remember_login"])){ - if(defined("DEBUG") && DEBUG) { - OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG); - } - $token = md5($_POST["user"].time().$_POST['password']); - OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); - OC_User::setMagicInCookie($_POST["user"], $token); - } - else { - OC_User::unsetMagicInCookie(); - } - OC_Util::redirectToDefaultPage(); - } else { - $error = true; - } + } elseif (OC::tryFormLogin()) { + $error = true; // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP - } elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){ - OC_App::loadApps(array('authentication')); - if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { - //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); - OC_User::unsetMagicInCookie(); - $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:''); - OC_Util::redirectToDefaultPage(); - }else{ - $error = true; - } + } elseif(OC::tryBasicAuthLogin()) { + $error = true; } if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ $sectoken=rand(1000000,9999999); diff --git a/lib/base.php b/lib/base.php index b91945ab97b..6514a0c0b0c 100644 --- a/lib/base.php +++ b/lib/base.php @@ -446,6 +446,70 @@ class OC{ return false; } + public static function tryRememberLogin() { + if(!isset($_COOKIE["oc_remember_login"]) + || !isset($_COOKIE["oc_token"]) + || !isset($_COOKIE["oc_username"]) + || !$_COOKIE["oc_remember_login"]) { + return false; + } + OC_App::loadApps(array('authentication')); + if(defined("DEBUG") && DEBUG) { + OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG); + } + // confirm credentials in cookie + if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && + OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { + OC_User::setUserId($_COOKIE['oc_username']); + OC_Util::redirectToDefaultPage(); + } + else { + OC_User::unsetMagicInCookie(); + } + return true; + } + + public static function tryFormLogin() { + if(!isset($_POST["user"]) + || !isset($_POST['password']) + || !isset($_SESSION['sectoken']) + || !isset($_POST['sectoken']) + || ($_SESSION['sectoken']!=$_POST['sectoken']) ) { + return false; + } + OC_App::loadApps(); + if(OC_User::login($_POST["user"], $_POST["password"])) { + if(!empty($_POST["remember_login"])){ + if(defined("DEBUG") && DEBUG) { + OC_Log::write('core','Setting remember login to cookie', OC_Log::DEBUG); + } + $token = md5($_POST["user"].time().$_POST['password']); + OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); + OC_User::setMagicInCookie($_POST["user"], $token); + } + else { + OC_User::unsetMagicInCookie(); + } + OC_Util::redirectToDefaultPage(); + } + return true; + } + + public static function tryBasicAuthLogin() { + if (!isset($_SERVER["PHP_AUTH_USER"]) + || !isset($_SERVER["PHP_AUTH_PW"])){ + return false; + } + OC_App::loadApps(array('authentication')); + if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { + //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); + OC_User::unsetMagicInCookie(); + $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:''); + OC_Util::redirectToDefaultPage(); + } + return true; + } + } // define runtime variables - unless this already has been done |