You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
3.0 KiB
94 lines
3.0 KiB
<?php |
|
|
|
class FreshRSS_FormAuth { |
|
public static function checkCredentials($username, $hash, $nonce, $challenge) { |
|
if (!FreshRSS_user_Controller::checkUsername($username) || |
|
!ctype_graph($hash) || |
|
!ctype_graph($challenge) || |
|
!ctype_alnum($nonce)) { |
|
Minz_Log::debug('Invalid credential parameters:' . |
|
' user=' . $username . |
|
' challenge=' . $challenge . |
|
' nonce=' . $nonce); |
|
return false; |
|
} |
|
|
|
return password_verify($nonce . $hash, $challenge); |
|
} |
|
|
|
public static function getCredentialsFromCookie() { |
|
$token = Minz_Session::getLongTermCookie('FreshRSS_login'); |
|
if (!ctype_alnum($token)) { |
|
return array(); |
|
} |
|
|
|
$token_file = DATA_PATH . '/tokens/' . $token . '.txt'; |
|
$mtime = @filemtime($token_file); |
|
$conf = Minz_Configuration::get('system'); |
|
$limits = $conf->limits; |
|
$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration']; |
|
if ($mtime + $cookie_duration < time()) { |
|
// Token has expired (> cookie_duration) or does not exist. |
|
@unlink($token_file); |
|
return array(); |
|
} |
|
|
|
$credentials = @file_get_contents($token_file); |
|
if ($credentials !== false && self::renewCookie($token)) { |
|
return explode("\t", $credentials, 2); |
|
} |
|
return []; |
|
} |
|
|
|
private static function renewCookie($token) { |
|
$token_file = DATA_PATH . '/tokens/' . $token . '.txt'; |
|
if (touch($token_file)) { |
|
$conf = Minz_Configuration::get('system'); |
|
$limits = $conf->limits; |
|
$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration']; |
|
$expire = time() + $cookie_duration; |
|
Minz_Session::setLongTermCookie('FreshRSS_login', $token, $expire); |
|
return $token; |
|
} |
|
return false; |
|
} |
|
|
|
public static function makeCookie($username, $password_hash) { |
|
$conf = Minz_Configuration::get('system'); |
|
do { |
|
$token = sha1($conf->salt . $username . uniqid(mt_rand(), true)); |
|
$token_file = DATA_PATH . '/tokens/' . $token . '.txt'; |
|
} while (file_exists($token_file)); |
|
|
|
if (@file_put_contents($token_file, $username . "\t" . $password_hash) === false) { |
|
return false; |
|
} |
|
|
|
return self::renewCookie($token); |
|
} |
|
|
|
public static function deleteCookie() { |
|
$token = Minz_Session::getLongTermCookie('FreshRSS_login'); |
|
if (ctype_alnum($token)) { |
|
Minz_Session::deleteLongTermCookie('FreshRSS_login'); |
|
@unlink(DATA_PATH . '/tokens/' . $token . '.txt'); |
|
} |
|
|
|
if (rand(0, 10) === 1) { |
|
self::purgeTokens(); |
|
} |
|
} |
|
|
|
public static function purgeTokens() { |
|
$conf = Minz_Configuration::get('system'); |
|
$limits = $conf->limits; |
|
$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration']; |
|
$oldest = time() - $cookie_duration; |
|
foreach (new DirectoryIterator(DATA_PATH . '/tokens/') as $file_info) { |
|
$extension = $file_info->getExtension(); |
|
if ($extension === 'txt' && $file_info->getMTime() < $oldest) { |
|
@unlink($file_info->getPathname()); |
|
} |
|
} |
|
} |
|
}
|
|
|