Session.php 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
  1. <?php
  2. namespace Lychee\Modules;
  3. final class Session {
  4. /**
  5. * Reads and returns information about the Lychee installation.
  6. * @return array Returns an array with the login status and configuration.
  7. */
  8. public function init($public = true) {
  9. // Call plugins
  10. Plugins::get()->activate(__METHOD__, 0, func_get_args());
  11. // Return settings
  12. $return['config'] = Settings::get();
  13. // Path to Lychee for the server-import dialog
  14. $return['config']['location'] = LYCHEE;
  15. // Remove sensitive from response
  16. unset($return['config']['username']);
  17. unset($return['config']['password']);
  18. unset($return['config']['identifier']);
  19. // Check if login credentials exist and login if they don't
  20. if ($this->noLogin()===true) {
  21. $public = false;
  22. $return['config']['login'] = false;
  23. } else {
  24. $return['config']['login'] = true;
  25. }
  26. if ($public===false) {
  27. // Logged in
  28. $return['status'] = LYCHEE_STATUS_LOGGEDIN;
  29. } else {
  30. // Logged out
  31. $return['status'] = LYCHEE_STATUS_LOGGEDOUT;
  32. // Unset unused vars
  33. unset($return['config']['skipDuplicates']);
  34. unset($return['config']['sortingAlbums']);
  35. unset($return['config']['sortingPhotos']);
  36. unset($return['config']['dropboxKey']);
  37. unset($return['config']['login']);
  38. unset($return['config']['location']);
  39. unset($return['config']['imagick']);
  40. unset($return['config']['plugins']);
  41. }
  42. // Call plugins
  43. Plugins::get()->activate(__METHOD__, 1, func_get_args());
  44. return $return;
  45. }
  46. /**
  47. * Sets the session values when username and password correct.
  48. * @return boolean Returns true when login was successful.
  49. */
  50. public function login($username, $password) {
  51. // Call plugins
  52. Plugins::get()->activate(__METHOD__, 0, func_get_args());
  53. $username_crypt = crypt($username, Settings::get()['username']);
  54. $password_crypt = crypt($password, Settings::get()['password']);
  55. // Check login with crypted hash
  56. if (Settings::get()['username']===$username_crypt&&
  57. Settings::get()['password']===$password_crypt) {
  58. $_SESSION['login'] = true;
  59. $_SESSION['identifier'] = Settings::get()['identifier'];
  60. Log::notice(Database::get(), __METHOD__, __LINE__, 'User (' . $username . ') has logged in from ' . $_SERVER['REMOTE_ADDR']);
  61. return true;
  62. }
  63. // No login
  64. if ($this->noLogin()===true) return true;
  65. // Call plugins
  66. Plugins::get()->activate(__METHOD__, 1, func_get_args());
  67. // Log failed log in
  68. Log::error(Database::get(), __METHOD__, __LINE__, 'User (' . $username . ') has tried to log in from ' . $_SERVER['REMOTE_ADDR']);
  69. return false;
  70. }
  71. /**
  72. * Sets the session values when no there is no username and password in the database.
  73. * @return boolean Returns true when no login was found.
  74. */
  75. private function noLogin() {
  76. // Check if login credentials exist and login if they don't
  77. if (Settings::get()['username']===''&&
  78. Settings::get()['password']==='') {
  79. $_SESSION['login'] = true;
  80. $_SESSION['identifier'] = Settings::get()['identifier'];
  81. return true;
  82. }
  83. return false;
  84. }
  85. /**
  86. * Unsets the session values.
  87. * @return boolean Returns true when logout was successful.
  88. */
  89. public function logout() {
  90. // Call plugins
  91. Plugins::get()->activate(__METHOD__, 0, func_get_args());
  92. session_unset();
  93. session_destroy();
  94. // Call plugins
  95. Plugins::get()->activate(__METHOD__, 1, func_get_args());
  96. return true;
  97. }
  98. }
  99. ?>