Merge branch 'authKey'

This commit is contained in:
Fred Tempez 2024-09-06 18:49:18 +02:00
commit 12c7682a26
11 changed files with 53 additions and 34 deletions

View File

@ -330,7 +330,7 @@ class layout extends common
// Affichage du lien de connexion // Affichage du lien de connexion
if ( if (
($this->getData(['theme', 'footer', 'loginLink']) ($this->getData(['theme', 'footer', 'loginLink'])
and $this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === false
) )
or $this->getUrl(0) === 'theme' or $this->getUrl(0) === 'theme'
) { ) {
@ -493,7 +493,7 @@ class layout extends common
// Lien de connexion // Lien de connexion
if ( if (
($this->getData(['theme', 'menu', 'loginLink']) ($this->getData(['theme', 'menu', 'loginLink'])
and $this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === false
) )
or $this->getUrl(0) === 'theme' or $this->getUrl(0) === 'theme'
) { ) {
@ -580,9 +580,9 @@ class layout extends common
if ( if (
($this->getData(['page', $parentPageId, 'disable']) === true ($this->getData(['page', $parentPageId, 'disable']) === true
and $this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === false
) or ($this->getData(['page', $parentPageId, 'disable']) === true ) or ($this->getData(['page', $parentPageId, 'disable']) === true
and $this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === true
and $this->getUser('group') < self::GROUP_EDITOR and $this->getUser('group') < self::GROUP_EDITOR
) )
) { ) {
@ -646,9 +646,9 @@ class layout extends common
$items .= '<li id=' . $childKey . '>'; $items .= '<li id=' . $childKey . '>';
if ( if (
($this->getData(['page', $childKey, 'disable']) === true ($this->getData(['page', $childKey, 'disable']) === true
and $this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === false
) or ($this->getData(['page', $childKey, 'disable']) === true ) or ($this->getData(['page', $childKey, 'disable']) === true
and $this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === true
and $this->getUser('group') < self::GROUP_EDITOR and $this->getUser('group') < self::GROUP_EDITOR
) )
) { ) {
@ -742,7 +742,7 @@ class layout extends common
$items .= '<li class="menuSideChild">'; $items .= '<li class="menuSideChild">';
if ( if (
$this->getData(['page', $parentPageId, 'disable']) === true $this->getData(['page', $parentPageId, 'disable']) === true
and $this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === false
) { ) {
$items .= '<a href="' . $this->getUrl(1) . '">'; $items .= '<a href="' . $this->getUrl(1) . '">';
} else { } else {
@ -766,7 +766,7 @@ class layout extends common
if ( if (
$this->getData(['page', $childKey, 'disable']) === true $this->getData(['page', $childKey, 'disable']) === true
and $this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === false
) { ) {
$itemsChildren .= '<a href="' . $this->getUrl(1) . '">'; $itemsChildren .= '<a href="' . $this->getUrl(1) . '">';
} else { } else {
@ -902,7 +902,7 @@ class layout extends common
*/ */
public function showBar() public function showBar()
{ {
if ($this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD')) { if ($this->isConnected() === true) {
// Items de gauche // Items de gauche
$leftItems = ''; $leftItems = '';
// Sélecteur de langues // Sélecteur de langues
@ -1188,7 +1188,7 @@ class layout extends common
$vars = 'var baseUrl = ' . json_encode(helper::baseUrl(false)) . ';'; $vars = 'var baseUrl = ' . json_encode(helper::baseUrl(false)) . ';';
$vars .= 'var baseUrlQs = ' . json_encode(helper::baseUrl()) . ';'; $vars .= 'var baseUrlQs = ' . json_encode(helper::baseUrl()) . ';';
if ( if (
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === true
and $this->getUser('group') >= self::GROUP_EDITOR and $this->getUser('group') >= self::GROUP_EDITOR
) { ) {
$vars .= 'var privateKey = ' . json_encode(md5_file(self::DATA_DIR . 'core.json')) . ';'; $vars .= 'var privateKey = ' . json_encode(md5_file(self::DATA_DIR . 'core.json')) . ';';

View File

@ -415,7 +415,7 @@ class core extends common
// Force la déconnexion des membres bannis ou d'une seconde session // Force la déconnexion des membres bannis ou d'une seconde session
if ( if (
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === true
and ($this->getUser('group') === common::GROUP_BANNED and ($this->getUser('group') === common::GROUP_BANNED
or ($_SESSION['csrf'] !== $this->getData(['user', $this->getUser('id'), 'accessCsrf']) or ($_SESSION['csrf'] !== $this->getData(['user', $this->getUser('id'), 'accessCsrf'])
and $this->getData(['config', 'connect', 'autoDisconnect']) === true) and $this->getData(['config', 'connect', 'autoDisconnect']) === true)
@ -429,8 +429,8 @@ class core extends common
$this->getData(['config', 'maintenance']) $this->getData(['config', 'maintenance'])
and in_array($this->getUrl(0), ['maintenance', 'user']) === false and in_array($this->getUrl(0), ['maintenance', 'user']) === false
and $this->getUrl(1) !== 'login' and $this->getUrl(1) !== 'login'
and ($this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD') and ($this->isConnected() === false
or ($this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') or ($this->isConnected() === true
and $this->getUser('group') < common::GROUP_ADMIN and $this->getUser('group') < common::GROUP_ADMIN
) )
) )
@ -449,7 +449,7 @@ class core extends common
if ($this->getData(['page', $this->getUrl(0)]) !== null) { if ($this->getData(['page', $this->getUrl(0)]) !== null) {
if ( if (
$this->getData(['page', $this->getUrl(0), 'group']) === common::GROUP_VISITOR $this->getData(['page', $this->getUrl(0), 'group']) === common::GROUP_VISITOR
or ($this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') or ($this->isConnected() === true
// and $this->getUser('group') >= $this->getData(['page', $this->getUrl(0), 'group']) // and $this->getUser('group') >= $this->getData(['page', $this->getUrl(0), 'group'])
// Modification qui tient compte du profil de la page // Modification qui tient compte du profil de la page
and ($this->getUser('group') * 10 + $this->getUser('profil')) >= ($this->getData(['page', $this->getUrl(0), 'group']) * 10 + $this->getData(['page', $this->getUrl(0), 'profil'])) and ($this->getUser('group') * 10 + $this->getUser('profil')) >= ($this->getData(['page', $this->getUrl(0), 'group']) * 10 + $this->getData(['page', $this->getUrl(0), 'profil']))
@ -466,9 +466,9 @@ class core extends common
// Empêcher l'accès aux pages désactivées par URL directe // Empêcher l'accès aux pages désactivées par URL directe
if ( if (
($this->getData(['page', $this->getUrl(0), 'disable']) === true ($this->getData(['page', $this->getUrl(0), 'disable']) === true
and $this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === false
) or ($this->getData(['page', $this->getUrl(0), 'disable']) === true ) or ($this->getData(['page', $this->getUrl(0), 'disable']) === true
and $this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === true
and $this->getUser('group') < common::GROUP_EDITOR and $this->getUser('group') < common::GROUP_EDITOR
) )
) { ) {
@ -515,7 +515,7 @@ class core extends common
} }
// Accès concurrent stocke la page visitée // Accès concurrent stocke la page visitée
if ( if (
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === true
&& $this->getUser('id') && $this->getUser('id')
) { ) {
$this->setData(['user', $this->getUser('id'), 'accessUrl', $this->getUrl()]); $this->setData(['user', $this->getUser('id'), 'accessUrl', $this->getUrl()]);
@ -635,7 +635,7 @@ class core extends common
// Check le groupe de l'utilisateur // Check le groupe de l'utilisateur
if ( if (
($module::$actions[$action] === common::GROUP_VISITOR ($module::$actions[$action] === common::GROUP_VISITOR
or ($this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') or ($this->isConnected() === true
and $this->getUser('group') >= $module::$actions[$action] and $this->getUser('group') >= $module::$actions[$action]
and $this->getUser('permission', $moduleId, $action) and $this->getUser('permission', $moduleId, $action)
) )

View File

@ -768,7 +768,7 @@ class common
$this->getData(['page', $pageId, 'parentPageId']) === "" $this->getData(['page', $pageId, 'parentPageId']) === ""
// Ignore les pages dont l'utilisateur n'a pas accès // Ignore les pages dont l'utilisateur n'a pas accès
and ($this->getData(['page', $pageId, 'group']) === self::GROUP_VISITOR and ($this->getData(['page', $pageId, 'group']) === self::GROUP_VISITOR
or ($this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') or ($this->isConnected() === true
//and $this->getUser('group') >= $this->getData(['page', $pageId, 'group']) //and $this->getUser('group') >= $this->getData(['page', $pageId, 'group'])
// Modification qui tient compte du profil de la page // Modification qui tient compte du profil de la page
and ($this->getUser('group') * self::MAX_PROFILS + $this->getUser('profil')) >= ($this->getData(['page', $pageId, 'group']) * self::MAX_PROFILS + $this->getData(['page', $pageId, 'profil'])) and ($this->getUser('group') * self::MAX_PROFILS + $this->getUser('profil')) >= ($this->getData(['page', $pageId, 'group']) * self::MAX_PROFILS + $this->getData(['page', $pageId, 'profil']))
@ -799,7 +799,7 @@ class common
$this->getData(['page', $parentId, 'group']) === self::GROUP_VISITOR $this->getData(['page', $parentId, 'group']) === self::GROUP_VISITOR
) )
or ( or (
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === true
and and
$this->getUser('group') * self::MAX_PROFILS + $this->getUser('profil')) >= ($this->getData(['page', $pageId, 'group']) * self::MAX_PROFILS + $this->getData(['page', $pageId, 'profil']) $this->getUser('group') * self::MAX_PROFILS + $this->getUser('profil')) >= ($this->getData(['page', $pageId, 'group']) * self::MAX_PROFILS + $this->getData(['page', $pageId, 'profil'])
@ -1028,6 +1028,13 @@ class common
} }
/**
* @return bool l'utilisateur est connecté true sinon false
*/
public function isConnected() {
return ($this->getUser('authKey') === $this->getInput('ZWII_AUTH_KEY'));
}
/** /**
* Check qu'une valeur est transmise par la méthode _POST * Check qu'une valeur est transmise par la méthode _POST
* @return bool * @return bool

View File

@ -54,7 +54,7 @@
if ( if (
$this->getData(['theme', 'menu', 'position']) === 'top' $this->getData(['theme', 'menu', 'position']) === 'top'
and $this->getData(['theme', 'menu', 'fixed']) === true and $this->getData(['theme', 'menu', 'fixed']) === true
and $this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') and $this->isConnected() === true
and $this->getUser('group') > self::GROUP_MEMBER and $this->getUser('group') > self::GROUP_MEMBER
) { ) {
echo '<nav id="navfixedconnected" >'; echo '<nav id="navfixedconnected" >';

View File

@ -1045,19 +1045,29 @@ class user extends common
// RAZ // RAZ
$this->setData(['user', $userId, 'connectFail', 0]); $this->setData(['user', $userId, 'connectFail', 0]);
$this->setData(['user', $userId, 'connectTimeout', 0]); $this->setData(['user', $userId, 'connectTimeout', 0]);
// Clé d'authenfication
$authKey = uniqid('', true) . bin2hex(random_bytes(8));
$this->setData(['user', $userId, 'authKey', $authKey]);
// Validité du cookie // Validité du cookie
$expire = $this->getInput('userLoginLongTime', helper::FILTER_BOOLEAN) === true ? strtotime("+1 year") : 0; $expire = $this->getInput('userLoginLongTime', helper::FILTER_BOOLEAN) === true ? strtotime("+1 year") : 0;
switch ($this->getInput('userLoginLongTime', helper::FILTER_BOOLEAN)) { switch ($this->getInput('userLoginLongTime', helper::FILTER_BOOLEAN)) {
case false: case false:
// Cookie de session // Cookie de session
setcookie('ZWII_USER_ID', $userId, $expire, helper::baseUrl(false, false), '', helper::isHttps(), true); setcookie('ZWII_USER_ID', $userId, $expire, helper::baseUrl(false, false), '', helper::isHttps(), true);
setcookie('ZWII_USER_PASSWORD', $this->getData(['user', $userId, 'password']), $expire, helper::baseUrl(false, false), '', helper::isHttps(), true); //setcookie('ZWII_USER_PASSWORD', $this->getData(['user', $userId, 'password']), $expire, helper::baseUrl(false, false), '', helper::isHttps(), true);
// Connexion par clé
setcookie('ZWII_AUTH_KEY', $authKey, $expire, helper::baseUrl(false, false), '', helper::isHttps(), true);
break; break;
default: default:
// Cookie persistant // Cookie persistant
setcookie('ZWII_USER_ID', $userId, $expire, helper::baseUrl(false, false)); setcookie('ZWII_USER_ID', $userId, $expire, helper::baseUrl(false, false));
setcookie('ZWII_USER_PASSWORD', $this->getData(['user', $userId, 'password']), $expire, helper::baseUrl(false, false)); //setcookie('ZWII_USER_PASSWORD', $this->getData(['user', $userId, 'password']), $expire, helper::baseUrl(false, false));
// Connexion par clé
setcookie('ZWII_AUTH_KEY', $authKey, $expire, helper::baseUrl(false, false));
break; break;
} }
@ -1136,7 +1146,9 @@ class user extends common
public function logout() public function logout()
{ {
helper::deleteCookie('ZWII_USER_ID'); helper::deleteCookie('ZWII_USER_ID');
helper::deleteCookie('ZWII_USER_PASSWORD'); //helper::deleteCookie('ZWII_USER_PASSWORD');
helper::deleteCookie('ZWII_AUTH_KEY');
$this->setData(['user', $this->getUser('id'), 'authKey', '']);
// Détruit la session // Détruit la session
session_destroy(); session_destroy();

View File

@ -749,7 +749,7 @@ class blog extends common
) { ) {
// Check la captcha // Check la captcha
if ( if (
$this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === false
//AND $this->getInput('blogArticlecaptcha', helper::FILTER_INT) !== $this->getInput('blogArticlecaptchaFirstNumber', helper::FILTER_INT) + $this->getInput('blogArticlecaptchaSecondNumber', helper::FILTER_INT)) //AND $this->getInput('blogArticlecaptcha', helper::FILTER_INT) !== $this->getInput('blogArticlecaptchaFirstNumber', helper::FILTER_INT) + $this->getInput('blogArticlecaptchaSecondNumber', helper::FILTER_INT))
and password_verify($this->getInput('blogArticleCaptcha', helper::FILTER_INT), $this->getInput('blogArticleCaptchaResult')) === false and password_verify($this->getInput('blogArticleCaptcha', helper::FILTER_INT), $this->getInput('blogArticleCaptchaResult')) === false
) { ) {
@ -831,7 +831,7 @@ class blog extends common
// Signature de l'article // Signature de l'article
self::$articleSignature = $this->signature($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'userId'])); self::$articleSignature = $this->signature($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'userId']));
// Signature du commentaire édité // Signature du commentaire édité
if ($this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD')) { if ($this->isConnected() === true) {
self::$editCommentSignature = $this->signature($this->getUser('id')); self::$editCommentSignature = $this->signature($this->getUser('id'));
} }
// Commentaires en fonction de la pagination // Commentaires en fonction de la pagination

View File

@ -25,7 +25,7 @@
<?php echo helper::dateUTF8($module::$dateFormat, $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'publishedOn']), self::$i18nUI) . ' ' . helper::dateUTF8($module::$timeFormat, $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'publishedOn']), self::$i18nUI); ?> <?php echo helper::dateUTF8($module::$dateFormat, $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'publishedOn']), self::$i18nUI) . ' ' . helper::dateUTF8($module::$timeFormat, $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'publishedOn']), self::$i18nUI); ?>
<!-- Bloc edition --> <!-- Bloc edition -->
<?php if ( <?php if (
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === true
and and
( // Propriétaire ( // Propriétaire
($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'editConsent']) === $module::EDIT_OWNER ($this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'editConsent']) === $module::EDIT_OWNER
@ -88,7 +88,7 @@
'readonly' => true 'readonly' => true
]); ?> ]); ?>
<div id="blogArticleCommentWrapper" class="displayNone"> <div id="blogArticleCommentWrapper" class="displayNone">
<?php if ($this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD')): ?> <?php if ($this->isConnected() === true): ?>
<?php echo template::text('blogArticleUserName', [ <?php echo template::text('blogArticleUserName', [
'label' => 'Nom', 'label' => 'Nom',
'readonly' => true, 'readonly' => true,
@ -122,7 +122,7 @@
'maxlength' => $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'commentMaxlength']) 'maxlength' => $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'commentMaxlength'])
]); ?> ]); ?>
<div id="blogArticleContentAlarm"> </div> <div id="blogArticleContentAlarm"> </div>
<?php if ($this->getUser('password') !== $this->getInput('ZWII_USER_PASSWORD')): ?> <?php if ($this->isConnected() === false): ?>
<div class="row"> <div class="row">
<div class="col12"> <div class="col12">
<?php echo template::captcha('blogArticleCaptcha', [ <?php echo template::captcha('blogArticleCaptcha', [

View File

@ -51,7 +51,7 @@
<div class="col6 blogEdit"> <div class="col6 blogEdit">
<!-- Bloc edition --> <!-- Bloc edition -->
<?php if ( <?php if (
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === true
and and
( // Propriétaire ( // Propriétaire
($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'editConsent']) === $module::EDIT_OWNER ($this->getData(['module', $this->getUrl(0), 'posts', $articleId, 'editConsent']) === $module::EDIT_OWNER

View File

@ -19,7 +19,7 @@
<?php echo helper::dateUTF8('%d %B %Y', $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'publishedOn']), self::$i18nUI) . '&nbsp' . helper::dateUTF8('%H:%M', $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'publishedOn']), self::$i18nUI); ?> <?php echo helper::dateUTF8('%d %B %Y', $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'publishedOn']), self::$i18nUI) . '&nbsp' . helper::dateUTF8('%H:%M', $this->getData(['module', $this->getUrl(0), 'posts', $this->getUrl(1), 'publishedOn']), self::$i18nUI); ?>
<!-- Bloc edition --> <!-- Bloc edition -->
<?php if ( <?php if (
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === true
and and
( // Propriétaire ( // Propriétaire
($this->getUser('group') === self::GROUP_ADMIN) ($this->getUser('group') === self::GROUP_ADMIN)

View File

@ -26,7 +26,7 @@
<?php echo helper::dateUTF8($module::$dateFormat, $news['publishedOn'], self::$i18nUI) . '&nbsp;' . helper::dateUTF8($module::$timeFormat, $news['publishedOn'], self::$i18nUI); ?> <?php echo helper::dateUTF8($module::$dateFormat, $news['publishedOn'], self::$i18nUI) . '&nbsp;' . helper::dateUTF8($module::$timeFormat, $news['publishedOn'], self::$i18nUI); ?>
<!-- Bloc edition --> <!-- Bloc edition -->
<?php if ( <?php if (
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === true
and and
( // Propriétaire ( // Propriétaire
($this->getUser('group') === self::GROUP_ADMIN) ($this->getUser('group') === self::GROUP_ADMIN)

View File

@ -58,7 +58,7 @@ class redirection extends common
{ {
// Message si l'utilisateur peut éditer la page // Message si l'utilisateur peut éditer la page
if ( if (
$this->getUser('password') === $this->getInput('ZWII_USER_PASSWORD') $this->isConnected() === true
&& $this->getUser('group') >= self::GROUP_EDITOR && $this->getUser('group') >= self::GROUP_EDITOR
&& $this->getUrl(1) !== 'force' && $this->getUrl(1) !== 'force'
) { ) {