From: arno Date: Sun, 20 Mar 2011 13:11:42 +0000 (+0100) Subject: use cookies instead of session to manage login X-Git-Tag: v0.3~12 X-Git-Url: https://dev.renevier.net/?p=syj.git;a=commitdiff_plain;h=0722c496ca63f30937427e3bf8fbdd5cfee2c83d use cookies instead of session to manage login --- diff --git a/application/Bootstrap.php b/application/Bootstrap.php index a8bc3a6..60e0627 100644 --- a/application/Bootstrap.php +++ b/application/Bootstrap.php @@ -15,10 +15,7 @@ class Bootstrap extends Zend_Application_Bootstrap_Bootstrap { } public function run() { - $sessionConfig = new Zend_Config_Ini(APPLICATION_PATH . '/configs/session.ini', APPLICATION_ENV); - Zend_Session::setOptions($sessionConfig->toArray()); Zend_Controller_Action_HelperBroker::getStaticHelper('ViewRenderer')->initView(APPLICATION_PATH . '/views/', 'Syj_View'); - parent::run(); } diff --git a/application/configs/session.ini b/application/configs/session.ini deleted file mode 100644 index 664acba..0000000 --- a/application/configs/session.ini +++ /dev/null @@ -1,10 +0,0 @@ -; This file is part of Syj, Copyright (c) 2010-2011 Arnaud Renevier, -; and is published under the AGPL license. */ -[production] -name = syj_session -use_cookies = on -use_trans_sid = off -use_only_cookies = on -cookie_httponly = on - -[development:production] diff --git a/application/controllers/AccountController.php b/application/controllers/AccountController.php index 40eba9a..c79b476 100644 --- a/application/controllers/AccountController.php +++ b/application/controllers/AccountController.php @@ -6,7 +6,7 @@ class AccountController extends Zend_Controller_Action { public function init() { - $this->_helper->SyjSession->needsLogin(); + $this->_helper->SyjUserManager->needsLogin(); $this->_helper->SyjMedias->addScripts('account'); $this->view->headLink()->appendStylesheet('css/generic.css', 'all'); @@ -16,7 +16,7 @@ class AccountController extends Zend_Controller_Action } public function indexAction() { - $user = $this->_helper->SyjSession->user(); + $user = $this->_helper->SyjUserManager->current(); $request = $this->getRequest(); $form = new Syj_Form_Account(array('name' => 'accountform')); diff --git a/application/controllers/ContactController.php b/application/controllers/ContactController.php index aabd9f6..8ff629b 100644 --- a/application/controllers/ContactController.php +++ b/application/controllers/ContactController.php @@ -83,7 +83,7 @@ class ContactController extends Zend_Controller_Action } if (empty($formData)) { - $user = $this->_helper->SyjSession->user(); + $user = $this->_helper->SyjUserManager->current(); if ($user) { $form->contact_email->setValue($user->email) ->setAttrib('readonly', 'true'); diff --git a/application/controllers/IdxController.php b/application/controllers/IdxController.php index 983cf3e..91606e6 100644 --- a/application/controllers/IdxController.php +++ b/application/controllers/IdxController.php @@ -75,7 +75,7 @@ class IdxController extends Zend_Controller_Action $this->view->headTitle($title); $this->view->headMeta()->appendName('description', $this->view->translate('website to share routes')); - $this->view->loggedUser = $this->_helper->SyjSession->user(); + $this->view->loggedUser = $this->_helper->SyjUserManager->current(); } protected function _initForms() { @@ -107,7 +107,7 @@ class IdxController extends Zend_Controller_Action $this->view->headTitle("Show your journey"); $this->view->headMeta()->appendName('description', $this->view->translate('website to share routes')); - $this->view->loggedUser = $this->_helper->SyjSession->user(); + $this->view->loggedUser = $this->_helper->SyjUserManager->current(); $this->_helper->ViewRenderer->setViewScriptPathSpec(':controller/index.:suffix'); $error = $this->_getParam('error_handler'); @@ -125,7 +125,7 @@ class IdxController extends Zend_Controller_Action protected function _jsLoggedInfo(Syj_Model_Path $path = null) { $loggedinfo = new phptojs\JsObject('gLoggedInfo', array('connections' => 0)); - $user = $this->_helper->SyjSession->user(); + $user = $this->_helper->SyjUserManager->current(); if ($user) { $loggedinfo->logged = true; } else { diff --git a/application/controllers/ListController.php b/application/controllers/ListController.php index 9dfac81..1cf0308 100644 --- a/application/controllers/ListController.php +++ b/application/controllers/ListController.php @@ -6,7 +6,7 @@ class ListController extends Zend_Controller_Action { public function init() { - $this->_helper->SyjSession->needsLogin(); + $this->_helper->SyjUserManager->needsLogin(); $this->_helper->SyjMedias->addScripts('list'); @@ -16,7 +16,7 @@ class ListController extends Zend_Controller_Action } public function indexAction() { - $user = $this->_helper->SyjSession->user(); + $user = $this->_helper->SyjUserManager->current(); $pathMapper = new Syj_Model_PathMapper(); $list = $pathMapper->fetchByCreator($user); $paginator = Zend_Paginator::factory($list); diff --git a/application/controllers/LoginController.php b/application/controllers/LoginController.php index f5e89b8..85c7ac1 100644 --- a/application/controllers/LoginController.php +++ b/application/controllers/LoginController.php @@ -32,15 +32,7 @@ class LoginController extends Zend_Controller_Action } /* form has been filled */ - - $adapter = Zend_Db_Table_Abstract::getDefaultAdapter(); - $authAdapter = new Zend_Auth_Adapter_DbTable($adapter, 'users', 'pseudo', 'password'); - $authAdapter->setIdentity($formData['login_user']) - ->setCredential(sha1($formData['login_password'])); - - $auth = Zend_Auth::getInstance(); - $result = $auth->authenticate($authAdapter); - if (!$result->isValid()) { + if (!$this->_helper->SyjUserManager->validate($formData['login_user'], sha1($formData['login_password']))) { if ($httprequest) { throw new Syj_Exception_Forbidden(); } else { @@ -49,9 +41,7 @@ class LoginController extends Zend_Controller_Action } } - $userid = $authAdapter->getResultRowObject('id')->id; - $this->_helper->SyjSession->login($userid); - $user = $this->_helper->SyjSession->user(); + $user = $this->_helper->SyjUserManager->current(); if ($httprequest) { $api = $this->_helper->SyjApi->setCode(200); @@ -75,7 +65,7 @@ class LoginController extends Zend_Controller_Action } public function logoutAction() { - $this->_helper->SyjSession->logout(); + $this->_helper->SyjUserManager->logout(); $this->redirect(); } diff --git a/application/controllers/NewpwdController.php b/application/controllers/NewpwdController.php index 329b4e9..25a3862 100644 --- a/application/controllers/NewpwdController.php +++ b/application/controllers/NewpwdController.php @@ -24,7 +24,7 @@ class NewpwdController extends Zend_Controller_Action } if (empty($formData)) { - $loggeduser = $this->_helper->SyjSession->user(); + $loggeduser = $this->_helper->SyjUserManager->current(); if ($loggeduser) { $form->newpwd_email->setValue($loggeduser->email) ->setAttrib('readonly', 'true'); @@ -44,7 +44,7 @@ class NewpwdController extends Zend_Controller_Action $user = new Syj_Model_User(); if ($userMapper->findByEmail($formData['newpwd_email'], $user)) { // if no user exist with posted email, pretend everything went correct - $loggeduser = isset($loggeduser) ? $loggeduser: $this->_helper->SyjSession->user(); + $loggeduser = isset($loggeduser) ? $loggeduser: $this->_helper->SyjUserManager->current(); if ($loggeduser and ($loggeduser != $user)) { throw new Syj_Exception_Request(); } diff --git a/application/controllers/PathController.php b/application/controllers/PathController.php index 375b83e..7d7ae6a 100644 --- a/application/controllers/PathController.php +++ b/application/controllers/PathController.php @@ -8,7 +8,7 @@ class PathController extends Zend_Controller_Action $formData = $this->_helper->SyjPostData->getPostData('Syj_Form_Geom'); $path = new Syj_Model_Path(); - $user = $this->_helper->SyjSession->user(); + $user = $this->_helper->SyjUserManager->current(); if (!$user and !$formData["geom_accept"]) { throw new Syj_Exception_Request(); } @@ -52,7 +52,7 @@ class PathController extends Zend_Controller_Action } } - $user = $this->_helper->SyjSession->user(); + $user = $this->_helper->SyjUserManager->current(); if (!$path->isCreator($user)) { throw new Syj_Exception_Forbidden(); } diff --git a/application/controllers/PendingController.php b/application/controllers/PendingController.php index 1b0b237..af7135b 100644 --- a/application/controllers/PendingController.php +++ b/application/controllers/PendingController.php @@ -53,7 +53,7 @@ class PendingController extends Zend_Controller_Action $title = $this->view->translate("password changed"); $this->_helper->ViewRenderer->setViewScriptPathSpec(':controller/password_validate.:suffix'); - $this->_helper->SyjSession->logout(); + $this->_helper->SyjUserManager->logout(); } else if (array_key_exists('pending_cancel', $formData)) { if (!$pending->cancel()) { diff --git a/application/controllers/UserController.php b/application/controllers/UserController.php index 9989d31..ef7f7be 100644 --- a/application/controllers/UserController.php +++ b/application/controllers/UserController.php @@ -61,7 +61,7 @@ class UserController extends Zend_Controller_Action } } - $this->_helper->SyjSession->login($user->id); + $this->_helper->SyjUserManager->validate($user->pseudo, $user->password); $data = array('pseudo' => $user->pseudo); $this->_helper->SyjApi->setBodyJson($data)->setCode(200); diff --git a/application/controllers/helpers/SyjSession.php b/application/controllers/helpers/SyjSession.php deleted file mode 100644 index 3289f67..0000000 --- a/application/controllers/helpers/SyjSession.php +++ /dev/null @@ -1,62 +0,0 @@ -find($userid, $user)) { - throw new Zend_Exception(); - } - - $storage = new Zend_Session_Namespace('userSettings'); - $storage->user = $user->id; - Zend_Session::rememberMe(); - } - - static public function logout() { - $storage = new Zend_Session_Namespace('userSettings'); - unset($storage->user); - Zend_Session::rememberMe(); - } - - static public function user() { - $storage = new Zend_Session_Namespace('userSettings'); - $id = $storage->user; - if (!isset($id)) { - return null; - } - if (isset (self::$cache[$id])) { - return self::$cache[$id]; - } - - $userMapper = new Syj_Model_UserMapper(); - $user = new Syj_Model_User(); - if ($userMapper->find($id, $user)) { - self::$cache[$id] = $user; - return $user; - } else { - self::logout(); - return null; - } - } - - public function needsLogin() { - $user = self::user(); - if ($user) { - return; - } - $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer'); - $view = $viewRenderer->view; - $request = $this->getRequest(); - - $encodeduri = $view->UriPath(true); - $loginurl = $view->addParamToUrl($view->baseUrl() . '/' . 'login', 'redirect', $encodeduri); - $translator = Zend_Registry::get('Zend_Translate'); - $this->getActionController()->getHelper('Redirector')->gotoURL($loginurl, array('prependBase' => false)); - } -} diff --git a/application/controllers/helpers/SyjUserManager.php b/application/controllers/helpers/SyjUserManager.php new file mode 100644 index 0000000..427e6fa --- /dev/null +++ b/application/controllers/helpers/SyjUserManager.php @@ -0,0 +1,71 @@ +setIdentity($username)->setCredential($hash); + $auth = Zend_Auth::getInstance(); + $result = $auth->authenticate($authAdapter); + if (!$result->isValid()) { + self::$_current = null; + return false; + } + $userid = $authAdapter->getResultRowObject('id')->id; + $userMapper = new Syj_Model_UserMapper(); + $user = new Syj_Model_User(); + if (!$userMapper->find($userid, $user)) { + throw new Zend_Exception(); + } + + if (!isset ($_COOKIE['syj_user']) or (!isset ($_COOKIE['syj_hashpass']))) { + setcookie("syj_user", $username, 0, "", "", false, true); + setcookie("syj_hashpass", $hash, 0, "", "", false, true); + } + self::$_current = $user; + return true; + } + + static public function logout() { + self::$_current = null; + if (isset ($_COOKIE['syj_user'])) { + setcookie ('syj_user', "", time() - 3600, "" , "",false, true); + } + if (isset ($_COOKIE['syj_hashpass'])) { + setcookie ('syj_hashpass', "", time() - 3600, "" , "",false, true); + } + } + + static public function current() { + if (self::$_current === -1) { + if ((!isset ($_COOKIE['syj_user'])) || (!isset ($_COOKIE['syj_hashpass'])) + || (!self::validate($_COOKIE['syj_user'], $_COOKIE['syj_hashpass']))) { + self::logout(); + } + } + return self::$_current; + } + + public function needsLogin() { + if (self::current()) { + return; + } + + $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer'); + $view = $viewRenderer->view; + $request = $this->getRequest(); + + $encodeduri = $view->UriPath(true); + $loginurl = $view->addParamToUrl($view->baseUrl() . '/' . 'login', 'redirect', $encodeduri); + $translator = Zend_Registry::get('Zend_Translate'); + $this->getActionController()->getHelper('Redirector')->gotoURL($loginurl, array('prependBase' => false)); + } + +} diff --git a/application/controllers/plugins/SyjLoggedUser.php b/application/controllers/plugins/SyjLoggedUser.php index 5599f52..3bf13ea 100644 --- a/application/controllers/plugins/SyjLoggedUser.php +++ b/application/controllers/plugins/SyjLoggedUser.php @@ -7,7 +7,7 @@ class Syj_Controllers_Plugins_SyjLoggedUser extends Zend_Controller_Plugin_Abstr public function postDispatch(Zend_Controller_Request_Abstract $request) { $viewRenderer = Zend_Controller_Action_HelperBroker::getStaticHelper('viewRenderer'); $view = $viewRenderer->view; - $sessionHelper = Zend_Controller_Action_HelperBroker::getStaticHelper('SyjSession'); - $view->loggedUser = $sessionHelper->user(); + $helper = Zend_Controller_Action_HelperBroker::getStaticHelper('SyjUserManager'); + $view->loggedUser = $helper->current(); } } diff --git a/scripts/crontab.syj b/scripts/crontab.syj index 53159e9..a8b7871 100644 --- a/scripts/crontab.syj +++ b/scripts/crontab.syj @@ -3,8 +3,6 @@ MAILTO=arno@renevier.net */5 * * * * /data/project/syj/scripts/cron.php # every month, update geoip db 12 3 3 * * /data/project/syj/scripts/updategeoip.sh -# every day, delete old sessions files -47 4 * * * find /tmp/ -name "sess_*" -user syj -ctime +45 -exec rm -f '{}' \; # every day, vacuum tables 48 4 * * * psql syj syj -c "VACUUM ANALYZE users" > /dev/null 48 4 * * * psql syj syj -c "VACUUM ANALYZE paths" > /dev/null