authentication: manage the session only if the authentication page is required.
Do not set a session cookie if the user don't need to be authenticated git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@4260 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
@@ -84,6 +84,8 @@ class authentication
|
||||
*/
|
||||
public function logout ($url = "")
|
||||
{
|
||||
if (! isset ($_SESSION))
|
||||
session_start ();
|
||||
if ($this->debug) echo "<pre>LOGOUT\n";
|
||||
$authsession = new \authsession ();
|
||||
$param = $authsession->getdetails ();
|
||||
@@ -112,6 +114,8 @@ class authentication
|
||||
public function pageHTML ($url = "")
|
||||
{
|
||||
// If the user is already connected, redirect to the main page of the site
|
||||
if (! isset ($_SESSION))
|
||||
session_start ();
|
||||
$auth = new \auth ();
|
||||
$pre = new \authparams (array ("session"));
|
||||
if (isset ($_SESSION["domframework"]["authentication"]["message"]))
|
||||
@@ -134,6 +138,9 @@ class authentication
|
||||
*/
|
||||
public function verifAuthLoginPage ($url = "")
|
||||
{
|
||||
if (! isset ($_SESSION))
|
||||
session_start ();
|
||||
if ($this->debug) echo "Call verifAuthLoginPage ($url) : Start\n";
|
||||
// rate-limit the connections
|
||||
$ratelimiter = new \ratelimitfile ();
|
||||
// 3 connections by minutes
|
||||
@@ -145,6 +152,7 @@ class authentication
|
||||
$ipClient = $_SERVER["REMOTE_ADDR"];
|
||||
if ($ratelimiter->set ("loggin-$ipClient") === false)
|
||||
{
|
||||
if ($this->debug) echo "Call verifAuthLoginPage ($url) : Ratelimit\n";
|
||||
call_user_func ($this->loggingFunc,
|
||||
LOG_WARNING,
|
||||
"Ratelimiting for $ipClient");
|
||||
@@ -163,6 +171,7 @@ class authentication
|
||||
$res = $this->verifAuth ($authparams->email, $authparams->password);
|
||||
if (! is_array ($res))
|
||||
{
|
||||
if ($this->debug) echo "Call verifAuthLoginPage ($url) : ERROR\n";
|
||||
// Authentication error
|
||||
// Redirect to login page after logout
|
||||
call_user_func ($this->loggingFunc,
|
||||
@@ -183,6 +192,7 @@ class authentication
|
||||
}
|
||||
}
|
||||
// Login OK : save in SESSION and go to main page
|
||||
if ($this->debug) echo "Call verifAuthLoginPage ($url) : USER OK\n";
|
||||
call_user_func ($this->loggingFunc,
|
||||
LOG_NOTICE,
|
||||
"Logging in for '$authparams->email'");
|
||||
@@ -229,6 +239,8 @@ class authentication
|
||||
*/
|
||||
public function verifAuthHTML ()
|
||||
{
|
||||
// Do not force the session_start ! We don't want the cookie on all the
|
||||
// pages
|
||||
if ($this->debug)
|
||||
echo "=== entering verifAuthHTML (htmlMethods=".
|
||||
print_r ($this->htmlMethods, true).")\n";
|
||||
@@ -353,6 +365,8 @@ class authentication
|
||||
$this->route
|
||||
->get ("authentication/logout({url})?", function ($url) use ($authObj)
|
||||
{
|
||||
if (! isset ($_SESSION))
|
||||
session_start ();
|
||||
$authObj->logout ($url);
|
||||
})
|
||||
|
||||
@@ -363,12 +377,16 @@ class authentication
|
||||
|
||||
->get ("authentication/({url})?", function ($url) use ($authObj)
|
||||
{
|
||||
if (! isset ($_SESSION))
|
||||
session_start ();
|
||||
$authObj->pageHTML ($url);
|
||||
exit;
|
||||
})
|
||||
|
||||
->post ("authentication/({url})?", function ($url) use ($authObj)
|
||||
{
|
||||
if (! isset ($_SESSION))
|
||||
session_start ();
|
||||
$authObj->verifAuthLoginPage ($url);
|
||||
exit;
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user