use cookies instead of session to manage login

diff --git a/application/Bootstrap.php b/application/Bootstrap.php
index a8bc3a66e91d07ab3daa2ac79780c5bb2af9067d..60e06279a2e25c2bae5437813e626b84191a63a6 100644 (file)
--- a/application/Bootstrap.php
+++ b/application/Bootstrap.php
@@ -15,10 +15,7 @@ class Bootstrap extends Zend_Application_Bootstrap_Bootstrap {
     }
 
     public function run() {
     }
 
     public function run() {

-        $sessionConfig = new Zend_Config_Ini(APPLICATION_PATH . '/configs/session.ini', APPLICATION_ENV);
-        Zend_Session::setOptions($sessionConfig->toArray());

         Zend_Controller_Action_HelperBroker::getStaticHelper('ViewRenderer')->initView(APPLICATION_PATH . '/views/', 'Syj_View');
         Zend_Controller_Action_HelperBroker::getStaticHelper('ViewRenderer')->initView(APPLICATION_PATH . '/views/', 'Syj_View');

-

         parent::run();
     }
 
         parent::run();
     }
 

diff --git a/application/configs/session.ini b/application/configs/session.ini
deleted file mode 100644 (file)
index 664acba..0000000
--- a/application/configs/session.ini
+++ /dev/null
@@ -1,10 +0,0 @@
-; This file is part of Syj, Copyright (c) 2010-2011 Arnaud Renevier,
-; and is published under the AGPL license. */
-[production]
-name = syj_session
-use_cookies = on
-use_trans_sid = off
-use_only_cookies = on
-cookie_httponly = on
-
-[development:production]

diff --git a/application/controllers/AccountController.php b/application/controllers/AccountController.php
index 40eba9ac68c003d5b1e62b5dc98a5721377191f2..c79b4769cc84439a4fe273838d2e20c0b25c96d8 100644 (file)
--- a/application/controllers/AccountController.php
+++ b/application/controllers/AccountController.php
@@ -6,7 +6,7 @@ class AccountController extends Zend_Controller_Action
 {
 
     public function init() {
 {
 
     public function init() {

-        $this->_helper->SyjSession->needsLogin();
+        $this->_helper->SyjUserManager->needsLogin();

         $this->_helper->SyjMedias->addScripts('account');
 
         $this->view->headLink()->appendStylesheet('css/generic.css', 'all');
         $this->_helper->SyjMedias->addScripts('account');
 
         $this->view->headLink()->appendStylesheet('css/generic.css', 'all');


@@ -16,7 +16,7 @@ class AccountController extends Zend_Controller_Action
     }
 
     public function indexAction() {
     }
 
     public function indexAction() {

-        $user = $this->_helper->SyjSession->user();
+        $user = $this->_helper->SyjUserManager->current();

         $request = $this->getRequest();
 
         $form = new Syj_Form_Account(array('name' => 'accountform'));
         $request = $this->getRequest();
 
         $form = new Syj_Form_Account(array('name' => 'accountform'));

diff --git a/application/controllers/ContactController.php b/application/controllers/ContactController.php
index aabd9f6630f1c804fa04e35a34bc9a60b013cd6a..8ff629ba597b42ce02bc1824842dcd9d50569196 100644 (file)
--- a/application/controllers/ContactController.php
+++ b/application/controllers/ContactController.php
@@ -83,7 +83,7 @@ class ContactController extends Zend_Controller_Action
         }
 
         if (empty($formData)) {
         }
 
         if (empty($formData)) {

-            $user = $this->_helper->SyjSession->user();
+            $user = $this->_helper->SyjUserManager->current();

             if ($user) {
                 $form->contact_email->setValue($user->email)
                                     ->setAttrib('readonly', 'true');
             if ($user) {
                 $form->contact_email->setValue($user->email)
                                     ->setAttrib('readonly', 'true');

diff --git a/application/controllers/IdxController.php b/application/controllers/IdxController.php
index 983cf3ec735bc61ffc096a2409bdd58a244faef7..91606e61ebeb7e93898f2e23b69b931f2986037a 100644 (file)
--- a/application/controllers/IdxController.php
+++ b/application/controllers/IdxController.php
@@ -75,7 +75,7 @@ class IdxController extends Zend_Controller_Action
         $this->view->headTitle($title);
         $this->view->headMeta()->appendName('description', $this->view->translate('website to share routes'));
 
         $this->view->headTitle($title);
         $this->view->headMeta()->appendName('description', $this->view->translate('website to share routes'));
 

-        $this->view->loggedUser = $this->_helper->SyjSession->user();
+        $this->view->loggedUser = $this->_helper->SyjUserManager->current();

     }
 
     protected function _initForms() {
     }
 
     protected function _initForms() {


@@ -107,7 +107,7 @@ class IdxController extends Zend_Controller_Action
 
         $this->view->headTitle("Show your journey");
         $this->view->headMeta()->appendName('description', $this->view->translate('website to share routes'));
 
         $this->view->headTitle("Show your journey");
         $this->view->headMeta()->appendName('description', $this->view->translate('website to share routes'));

-        $this->view->loggedUser = $this->_helper->SyjSession->user();
+        $this->view->loggedUser = $this->_helper->SyjUserManager->current();

         $this->_helper->ViewRenderer->setViewScriptPathSpec(':controller/index.:suffix');
 
         $error = $this->_getParam('error_handler');
         $this->_helper->ViewRenderer->setViewScriptPathSpec(':controller/index.:suffix');
 
         $error = $this->_getParam('error_handler');


@@ -125,7 +125,7 @@ class IdxController extends Zend_Controller_Action
     protected function _jsLoggedInfo(Syj_Model_Path $path = null) {
         $loggedinfo = new phptojs\JsObject('gLoggedInfo', array('connections' => 0));
 
     protected function _jsLoggedInfo(Syj_Model_Path $path = null) {
         $loggedinfo = new phptojs\JsObject('gLoggedInfo', array('connections' => 0));
 

-        $user = $this->_helper->SyjSession->user();
+        $user = $this->_helper->SyjUserManager->current();

         if ($user) {
             $loggedinfo->logged = true;
         } else {
         if ($user) {
             $loggedinfo->logged = true;
         } else {

diff --git a/application/controllers/ListController.php b/application/controllers/ListController.php
index 9dfac813582fb20222363dbd0fca0576d0f5867a..1cf030809025e75f4aced523656451e1548b1800 100644 (file)
--- a/application/controllers/ListController.php
+++ b/application/controllers/ListController.php
@@ -6,7 +6,7 @@ class ListController extends Zend_Controller_Action
 {
 
     public function init() {
 {
 
     public function init() {

-        $this->_helper->SyjSession->needsLogin();
+        $this->_helper->SyjUserManager->needsLogin();

 
         $this->_helper->SyjMedias->addScripts('list');
 
 
         $this->_helper->SyjMedias->addScripts('list');
 


@@ -16,7 +16,7 @@ class ListController extends Zend_Controller_Action
     }
 
     public function indexAction() {
     }
 
     public function indexAction() {

-        $user = $this->_helper->SyjSession->user();
+        $user = $this->_helper->SyjUserManager->current();

         $pathMapper = new Syj_Model_PathMapper();
         $list = $pathMapper->fetchByCreator($user);
         $paginator = Zend_Paginator::factory($list);
         $pathMapper = new Syj_Model_PathMapper();
         $list = $pathMapper->fetchByCreator($user);
         $paginator = Zend_Paginator::factory($list);

diff --git a/application/controllers/LoginController.php b/application/controllers/LoginController.php
index f5e89b8d81a4f5d1a5ef3419957d6b7ceb63d44a..85c7ac1541a972c3966d5a6798146167531a2704 100644 (file)
--- a/application/controllers/LoginController.php
+++ b/application/controllers/LoginController.php
@@ -32,15 +32,7 @@ class LoginController extends Zend_Controller_Action
         }
 
         /* form has been filled */
         }
 
         /* form has been filled */

-
-        $adapter = Zend_Db_Table_Abstract::getDefaultAdapter();
-        $authAdapter = new Zend_Auth_Adapter_DbTable($adapter, 'users', 'pseudo', 'password');
-        $authAdapter->setIdentity($formData['login_user'])
-                ->setCredential(sha1($formData['login_password']));
-
-        $auth = Zend_Auth::getInstance();
-        $result = $auth->authenticate($authAdapter);
-        if (!$result->isValid()) {
+        if (!$this->_helper->SyjUserManager->validate($formData['login_user'], sha1($formData['login_password']))) {

             if ($httprequest) {
                 throw new Syj_Exception_Forbidden();
             } else {
             if ($httprequest) {
                 throw new Syj_Exception_Forbidden();
             } else {


@@ -49,9 +41,7 @@ class LoginController extends Zend_Controller_Action
             }
         }
 
             }
         }
 

-        $userid = $authAdapter->getResultRowObject('id')->id;
-        $this->_helper->SyjSession->login($userid);
-        $user = $this->_helper->SyjSession->user();
+        $user = $this->_helper->SyjUserManager->current();

 
         if ($httprequest) {
             $api = $this->_helper->SyjApi->setCode(200);
 
         if ($httprequest) {
             $api = $this->_helper->SyjApi->setCode(200);


@@ -75,7 +65,7 @@ class LoginController extends Zend_Controller_Action
     }
 
     public function logoutAction() {
     }
 
     public function logoutAction() {

-        $this->_helper->SyjSession->logout();
+        $this->_helper->SyjUserManager->logout();

         $this->redirect();
     }
 
         $this->redirect();
     }
 

diff --git a/application/controllers/NewpwdController.php b/application/controllers/NewpwdController.php
index 329b4e9cc23a14a4ab650b512024e8e4995232d7..25a386217298c01bdbd63c7fcb84c7bb3fe921de 100644 (file)
--- a/application/controllers/NewpwdController.php
+++ b/application/controllers/NewpwdController.php
@@ -24,7 +24,7 @@ class NewpwdController extends Zend_Controller_Action
         }
 
         if (empty($formData)) {
         }
 
         if (empty($formData)) {

-            $loggeduser = $this->_helper->SyjSession->user();
+            $loggeduser = $this->_helper->SyjUserManager->current();

             if ($loggeduser) {
                 $form->newpwd_email->setValue($loggeduser->email)
                                     ->setAttrib('readonly', 'true');
             if ($loggeduser) {
                 $form->newpwd_email->setValue($loggeduser->email)
                                     ->setAttrib('readonly', 'true');


@@ -44,7 +44,7 @@ class NewpwdController extends Zend_Controller_Action
         $user = new Syj_Model_User();
         if ($userMapper->findByEmail($formData['newpwd_email'], $user)) {
             // if no user exist with posted email, pretend everything went correct
         $user = new Syj_Model_User();
         if ($userMapper->findByEmail($formData['newpwd_email'], $user)) {
             // if no user exist with posted email, pretend everything went correct

-            $loggeduser = isset($loggeduser) ? $loggeduser: $this->_helper->SyjSession->user();
+            $loggeduser = isset($loggeduser) ? $loggeduser: $this->_helper->SyjUserManager->current();

             if ($loggeduser and ($loggeduser != $user)) {
                 throw new Syj_Exception_Request();
             }
             if ($loggeduser and ($loggeduser != $user)) {
                 throw new Syj_Exception_Request();
             }

diff --git a/application/controllers/PathController.php b/application/controllers/PathController.php
index 375b83e8e32c798dbcdbe956a3be3000f74f3a4e..7d7ae6af8cd2bb843fa707195671bd627a876f3b 100644 (file)
--- a/application/controllers/PathController.php
+++ b/application/controllers/PathController.php
@@ -8,7 +8,7 @@ class PathController extends Zend_Controller_Action
         $formData = $this->_helper->SyjPostData->getPostData('Syj_Form_Geom');
         $path = new Syj_Model_Path();
 
         $formData = $this->_helper->SyjPostData->getPostData('Syj_Form_Geom');
         $path = new Syj_Model_Path();
 

-        $user = $this->_helper->SyjSession->user();
+        $user = $this->_helper->SyjUserManager->current();

         if (!$user and !$formData["geom_accept"]) {
             throw new Syj_Exception_Request();
         }
         if (!$user and !$formData["geom_accept"]) {
             throw new Syj_Exception_Request();
         }


@@ -52,7 +52,7 @@ class PathController extends Zend_Controller_Action
             }
         }
 
             }
         }
 

-        $user = $this->_helper->SyjSession->user();
+        $user = $this->_helper->SyjUserManager->current();

         if (!$path->isCreator($user)) {
             throw new Syj_Exception_Forbidden();
         }
         if (!$path->isCreator($user)) {
             throw new Syj_Exception_Forbidden();
         }

diff --git a/application/controllers/PendingController.php b/application/controllers/PendingController.php
index 1b0b23795dd69f1cad9ca146e67b21ed7783c33d..af7135b6546a3aefb7e588eb71099d3e22ff507f 100644 (file)
--- a/application/controllers/PendingController.php
+++ b/application/controllers/PendingController.php
@@ -53,7 +53,7 @@ class PendingController extends Zend_Controller_Action
 
                     $title = $this->view->translate("password changed");
                     $this->_helper->ViewRenderer->setViewScriptPathSpec(':controller/password_validate.:suffix');
 
                     $title = $this->view->translate("password changed");
                     $this->_helper->ViewRenderer->setViewScriptPathSpec(':controller/password_validate.:suffix');

-                    $this->_helper->SyjSession->logout();
+                    $this->_helper->SyjUserManager->logout();

 
                 } else if (array_key_exists('pending_cancel', $formData)) {
                     if (!$pending->cancel()) {
 
                 } else if (array_key_exists('pending_cancel', $formData)) {
                     if (!$pending->cancel()) {

diff --git a/application/controllers/UserController.php b/application/controllers/UserController.php
index 9989d311379c3369e803e5b221ce8b16dee23937..ef7f7be1d2e50da98e10f6f6423febade9c54731 100644 (file)
--- a/application/controllers/UserController.php
+++ b/application/controllers/UserController.php
@@ -61,7 +61,7 @@ class UserController extends Zend_Controller_Action
             }
         }
 
             }
         }
 

-        $this->_helper->SyjSession->login($user->id);
+        $this->_helper->SyjUserManager->validate($user->pseudo, $user->password);

 
         $data = array('pseudo' => $user->pseudo);
         $this->_helper->SyjApi->setBodyJson($data)->setCode(200);
 
         $data = array('pseudo' => $user->pseudo);
         $this->_helper->SyjApi->setBodyJson($data)->setCode(200);

diff --git a/application/controllers/helpers/SyjSession.php b/application/controllers/helpers/SyjSession.php
deleted file mode 100644 (file)
index 3289f67..0000000
--- a/application/controllers/helpers/SyjSession.php
+++ /dev/null
@@ -1,62 +0,0 @@
-<?php
-/*  This file is part of Syj, Copyright (c) 2010-2011 Arnaud Renevier,
-    and is published under the AGPL license. */
-
-class Syj_Controller_Action_Helper_SyjSession extends Zend_Controller_Action_Helper_Abstract
-{
-    protected static $cache = array();
-
-    static public function login($userid) {
-        $userMapper = new Syj_Model_UserMapper();
-        $user = new Syj_Model_User();
-        if (!$userMapper->find($userid, $user)) {
-            throw new Zend_Exception();
-        }
-
-        $storage = new Zend_Session_Namespace('userSettings');
-        $storage->user = $user->id;
-        Zend_Session::rememberMe();
-    }
-
-    static public function logout() {
-        $storage = new Zend_Session_Namespace('userSettings');
-        unset($storage->user);
-        Zend_Session::rememberMe();
-    }
-
-    static public function user() {
-        $storage = new Zend_Session_Namespace('userSettings');
-        $id = $storage->user;
-        if (!isset($id)) {
-            return null;
-        }
-        if (isset (self::$cache[$id])) {
-            return self::$cache[$id];
-        }
-
-        $userMapper = new Syj_Model_UserMapper();
-        $user = new Syj_Model_User();
-        if ($userMapper->find($id, $user)) {
-            self::$cache[$id] = $user;
-            return $user;
-        } else {
-            self::logout();
-            return null;
-        }
-    }
-
-    public function needsLogin() {
-        $user = self::user();
-        if ($user) {
-            return;
-        }
-        $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
-        $view = $viewRenderer->view;
-        $request = $this->getRequest();
-
-        $encodeduri = $view->UriPath(true);
-        $loginurl = $view->addParamToUrl($view->baseUrl() . '/' . 'login', 'redirect', $encodeduri);
-        $translator = Zend_Registry::get('Zend_Translate');
-        $this->getActionController()->getHelper('Redirector')->gotoURL($loginurl, array('prependBase' => false));
-    }
-}

diff --git a/application/controllers/helpers/SyjUserManager.php b/application/controllers/helpers/SyjUserManager.php
new file mode 100644 (file)
index 0000000..427e6fa
--- /dev/null
+++ b/application/controllers/helpers/SyjUserManager.php
@@ -0,0 +1,71 @@
+<?php
+/*  This file is part of Syj, Copyright (c) 2010-2011 Arnaud Renevier,
+    and is published under the AGPL license. */
+
+class Syj_Controller_Action_Helper_SyjUserManager extends Zend_Controller_Action_Helper_Abstract
+{
+    // -1 for undeterminated, null for non logged, Syj_Model_User for a logged user
+    protected static $_current = -1;
+
+    static public function validate($username, $hash) {
+        // TODO: try to make only one sql request
+        $adapter = Zend_Db_Table_Abstract::getDefaultAdapter();
+        $authAdapter = new Zend_Auth_Adapter_DbTable($adapter, 'users', 'pseudo', 'password');
+        $authAdapter->setIdentity($username)->setCredential($hash);
+        $auth = Zend_Auth::getInstance();
+        $result = $auth->authenticate($authAdapter);
+        if (!$result->isValid()) {
+            self::$_current = null;
+            return false;
+        }
+        $userid = $authAdapter->getResultRowObject('id')->id;
+        $userMapper = new Syj_Model_UserMapper();
+        $user = new Syj_Model_User();
+        if (!$userMapper->find($userid, $user)) {
+            throw new Zend_Exception();
+        }
+
+        if (!isset ($_COOKIE['syj_user']) or (!isset ($_COOKIE['syj_hashpass']))) {
+            setcookie("syj_user", $username, 0, "", "", false, true);
+            setcookie("syj_hashpass", $hash, 0, "", "", false, true);
+        }
+        self::$_current = $user;
+        return true;
+    }
+
+    static public function logout() {
+        self::$_current = null;
+        if (isset ($_COOKIE['syj_user'])) {
+            setcookie ('syj_user', "", time() - 3600, "" , "",false, true);
+        }
+        if (isset ($_COOKIE['syj_hashpass'])) {
+            setcookie ('syj_hashpass', "", time() - 3600, "" , "",false, true);
+        }
+    }
+
+    static public function current() {
+        if (self::$_current === -1) {
+            if ((!isset ($_COOKIE['syj_user'])) || (!isset ($_COOKIE['syj_hashpass']))
+                 || (!self::validate($_COOKIE['syj_user'], $_COOKIE['syj_hashpass']))) {
+                    self::logout();
+            }
+        }
+        return self::$_current;
+    }
+
+    public function needsLogin() {
+        if (self::current()) {
+            return;
+        }
+
+        $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
+        $view = $viewRenderer->view;
+        $request = $this->getRequest();
+
+        $encodeduri = $view->UriPath(true);
+        $loginurl = $view->addParamToUrl($view->baseUrl() . '/' . 'login', 'redirect', $encodeduri);
+        $translator = Zend_Registry::get('Zend_Translate');
+        $this->getActionController()->getHelper('Redirector')->gotoURL($loginurl, array('prependBase' => false));
+    }
+
+}

diff --git a/application/controllers/plugins/SyjLoggedUser.php b/application/controllers/plugins/SyjLoggedUser.php
index 5599f52faef7eccfaf2446113d6f56a54e4fc53d..3bf13ea7ffb075377ae0f644f34ac1ec047b0815 100644 (file)
--- a/application/controllers/plugins/SyjLoggedUser.php
+++ b/application/controllers/plugins/SyjLoggedUser.php
@@ -7,7 +7,7 @@ class Syj_Controllers_Plugins_SyjLoggedUser extends Zend_Controller_Plugin_Abstr
     public function postDispatch(Zend_Controller_Request_Abstract $request) {
         $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
         $view = $viewRenderer->view;
     public function postDispatch(Zend_Controller_Request_Abstract $request) {
         $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer');
         $view = $viewRenderer->view;

-        $sessionHelper = Zend_Controller_Action_HelperBroker::getStaticHelper('SyjSession');
-        $view->loggedUser = $sessionHelper->user();
+        $helper = Zend_Controller_Action_HelperBroker::getStaticHelper('SyjUserManager');
+        $view->loggedUser = $helper->current();

     }
 }
     }
 }

diff --git a/scripts/crontab.syj b/scripts/crontab.syj
index 53159e907448cead95c8166102c5083666fdd30f..a8b7871c85aba8391c452bc6d9cee659254298d5 100644 (file)
--- a/scripts/crontab.syj
+++ b/scripts/crontab.syj
@@ -3,8 +3,6 @@ MAILTO=arno@renevier.net
 */5 * * * * /data/project/syj/scripts/cron.php
 # every month, update geoip db
 12 3 3 * * /data/project/syj/scripts/updategeoip.sh
 */5 * * * * /data/project/syj/scripts/cron.php
 # every month, update geoip db
 12 3 3 * * /data/project/syj/scripts/updategeoip.sh

-# every day, delete old sessions files
-47 4 * * * find /tmp/ -name "sess_*" -user syj  -ctime +45 -exec rm -f '{}' \;

 # every day, vacuum tables
 48 4 * * * psql syj syj -c "VACUUM ANALYZE users" > /dev/null
 48 4 * * * psql syj syj -c "VACUUM ANALYZE paths" > /dev/null
 # every day, vacuum tables
 48 4 * * * psql syj syj -c "VACUUM ANALYZE users" > /dev/null
 48 4 * * * psql syj syj -c "VACUUM ANALYZE paths" > /dev/null