Set user related sessions for single user mode

This commit is contained in:
powerivq 2022-08-31 14:52:42 -07:00
parent 5fea1a7ea9
commit 96595ca4c5
3 changed files with 16 additions and 18 deletions

View File

@ -39,7 +39,7 @@
header("Content-Type: text/json; charset=utf-8"); header("Content-Type: text/json; charset=utf-8");
if (Config::get(Config::SINGLE_USER_MODE)) { if (Config::get(Config::SINGLE_USER_MODE)) {
UserHelper::authenticate( "admin", null); UserHelper::authenticate("admin", null);
} }
if (!empty($_SESSION["uid"])) { if (!empty($_SESSION["uid"])) {

View File

@ -394,10 +394,6 @@ class Handler_Public extends Handler {
if (UserHelper::authenticate($login, $password)) { if (UserHelper::authenticate($login, $password)) {
$_POST["password"] = ""; $_POST["password"] = "";
if (Config::get_schema_version() >= 120) {
$_SESSION["language"] = get_pref(Prefs::USER_LANGUAGE, $_SESSION["uid"]);
}
$_SESSION["ref_schema_version"] = Config::get_schema_version(); $_SESSION["ref_schema_version"] = Config::get_schema_version();
$_SESSION["bw_limit"] = !!clean($_POST["bw_limit"] ?? false); $_SESSION["bw_limit"] = !!clean($_POST["bw_limit"] ?? false);
$_SESSION["safe_mode"] = $safe_mode; $_SESSION["safe_mode"] = $safe_mode;

View File

@ -83,19 +83,15 @@ class UserHelper {
$user = ORM::for_table('ttrss_users')->find_one($user_id); $user = ORM::for_table('ttrss_users')->find_one($user_id);
if ($user && $user->access_level != self::ACCESS_LEVEL_DISABLED) { if ($user && $user->access_level != self::ACCESS_LEVEL_DISABLED) {
$_SESSION["uid"] = $user_id; self::set_session_for_user($user_id);
$_SESSION["auth_module"] = $auth_module; $_SESSION["auth_module"] = $auth_module;
$_SESSION["name"] = $user->login; $_SESSION["name"] = $user->login;
$_SESSION["access_level"] = $user->access_level; $_SESSION["access_level"] = $user->access_level;
$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
$_SESSION["ip_address"] = UserHelper::get_user_ip();
$_SESSION["pwd_hash"] = $user->pwd_hash; $_SESSION["pwd_hash"] = $user->pwd_hash;
$user->last_login = Db::NOW(); $user->last_login = Db::NOW();
$user->save(); $user->save();
$_SESSION["last_login_update"] = time();
return true; return true;
} }
@ -108,8 +104,7 @@ class UserHelper {
return false; return false;
} else { } else {
self::set_session_for_user(1);
$_SESSION["uid"] = 1;
$_SESSION["name"] = "admin"; $_SESSION["name"] = "admin";
$_SESSION["access_level"] = self::ACCESS_LEVEL_ADMIN; $_SESSION["access_level"] = self::ACCESS_LEVEL_ADMIN;
@ -118,16 +113,23 @@ class UserHelper {
$_SESSION["auth_module"] = false; $_SESSION["auth_module"] = false;
if (empty($_SESSION["csrf_token"]))
$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
$_SESSION["ip_address"] = UserHelper::get_user_ip();
$_SESSION["last_login_update"] = time();
return true; return true;
} }
} }
static function set_session_for_user(int $owner_uid): void {
$_SESSION["uid"] = $owner_uid;
$_SESSION["last_login_update"] = time();
$_SESSION["ip_address"] = UserHelper::get_user_ip();
if (empty($_SESSION["csrf_token"]))
$_SESSION["csrf_token"] = bin2hex(get_random_bytes(16));
if (Config::get_schema_version() >= 120) {
$_SESSION["language"] = get_pref(Prefs::USER_LANGUAGE, $owner_uid);
}
}
static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null): void { static function load_user_plugins(int $owner_uid, PluginHost $pluginhost = null): void {
if (!$pluginhost) $pluginhost = PluginHost::getInstance(); if (!$pluginhost) $pluginhost = PluginHost::getInstance();