Common access for user data everywhere.
18 files changed:
{
return @filemtime("{$this->dir}/last.log");
}
{
return @filemtime("{$this->dir}/last.log");
}
+
+ function logclient()
+ {
+ if ($log = @fopen("{$this->dir}/last.log", 'w')) {
+ $line = $_SERVER['REMOTE_ADDR'].' '.$_SERVER['HTTP_USER_AGENT'];
+ fwrite($log, $line."\n");
+ }
+ }
}
function login_password_verify($input, $test)
}
function login_password_verify($input, $test)
function login_setcookie()
{
global $User;
function login_setcookie()
{
global $User;
- return setcookie('login', $User['auth'], 0, '/');
+ return setcookie('login', $User->auth, 0, '/');
}
function login($inuser, $inpass = NULL)
}
function login($inuser, $inpass = NULL)
if (function_exists('apache_note')) apache_note('user', $inuser);
if (function_exists('apache_note')) apache_note('user', $inuser);
- if ($log = @fopen("$userdir/last.log", 'w')) {
- fwrite($log, "{$_SERVER['REMOTE_ADDR']} {$_SERVER['HTTP_USER_AGENT']}\n");
- }
-
- return [
- 'name' => $inuser,
- 'dir' => $userdir,
- 'admin' => file_exists("$userdir/.admin"),
- 'pass' => $usertest,
- 'auth' => "$inuser:$authhash",
- ];
+ $user = new User($userdir);
+ $user->logclient();
+ $user->pass = $usertest;
+ $user->auth = "$inuser:$authhash";
+ return $user;
}
if (isset($_COOKIE['login'])) {
}
if (isset($_COOKIE['login'])) {
$error = NULL;
if ($_POST) {
global $User;
$error = NULL;
if ($_POST) {
global $User;
- if (!empty($User)) {
- $_REQUEST['login'] = $User['name'];
+ if ($User) {
+ $_REQUEST['login'] = $User->login;
}
$error = mailform($_REQUEST);
if (!empty($error)) {
}
$error = mailform($_REQUEST);
if (!empty($error)) {
-if (empty($User['admin'])) {
+if (!$User or !$User->admin) {
http_response_code(403);
print "Beheerrechten verplicht voor instellen van covers\n";
exit;
http_response_code(403);
print "Beheerrechten verplicht voor instellen van covers\n";
exit;
-if (empty($User['admin']))
+if (!$User or !$User->admin)
abort("geen beheersrechten", '401 unauthorised');
if (!$_POST)
abort("geen beheersrechten", '401 unauthorised');
if (!$_POST)
-if (empty($User['admin']))
+if (!$User or !$User->admin)
abort("geen beheersrechten", '401 unauthorised');
if ($_FILES) {
abort("geen beheersrechten", '401 unauthorised');
if ($_FILES) {
if (is_writable('../.git')) {
$gitmsg = preg_replace('/\.html$/', '', $filename).": edit from {$_SERVER['REMOTE_ADDR']}";
$gitcmd = 'git';
if (is_writable('../.git')) {
$gitmsg = preg_replace('/\.html$/', '', $filename).": edit from {$_SERVER['REMOTE_ADDR']}";
$gitcmd = 'git';
- $gitcmd .= ' -c user.name='.escapeshellarg($User['name']);
- $gitcmd .= ' -c user.email='.escapeshellarg("{$User['name']}@lijtweg.nl");
+ $gitcmd .= ' -c user.name='.escapeshellarg($User->name ?: $User->login);
+ $gitcmd .= ' -c user.email='.escapeshellarg($User->email ?: "{$User->login}@lijtweg.nl");
$gitcmd .= ' commit -q';
$gitcmd .= ' -m '.escapeshellarg($gitmsg);
$gitcmd .= ' -- '.escapeshellarg($filename);
$gitcmd .= ' commit -q';
$gitcmd .= ' -m '.escapeshellarg($gitmsg);
$gitcmd .= ' -- '.escapeshellarg($filename);
closeElClasses: [],
shareButtons: [
<?php
closeElClasses: [],
shareButtons: [
<?php
-if (!empty($User['admin'])) {
+if ($User and $User->admin) {
printf("\t\t\t{id:'%s', label:'%s', url:'%s'},\n",
'cover', 'Cover instellen', "/edit/foto/cover$Args?img={{image_url}}"
);
printf("\t\t\t{id:'%s', label:'%s', url:'%s'},\n",
'cover', 'Cover instellen', "/edit/foto/cover$Args?img={{image_url}}"
);
$rootdir = $Page . $Args;
$rootdir = $Page . $Args;
-if (!empty($User['admin'])) {
+if ($User and $User->admin) {
$access = '🔓 Openbaar';
if (isset($PageAccess)) {
$access = "🔒 Bewoners";
$access = '🔓 Openbaar';
if (isset($PageAccess)) {
$access = "🔒 Bewoners";
-if (empty($User['admin'])) {
+if (!$User or !$User->admin) {
ob_clean();
http_response_code(403);
?>
ob_clean();
http_response_code(403);
?>
-if (!empty($User['admin'])
-and !empty($Place['user']) and $Place['user'] !== $User['name']) {
+if ($User->admin
+and !empty($Place['user']) and $Place['user'] !== $User->login) {
$username = strtolower($Place['user']);
unset($user);
$username = strtolower($Place['user']);
unset($user);
- $user = [
- 'dir' => "profile/$username",
- 'name' => $username,
- ];
+ $user = new User("profile/$username");
}
require_once('edit.inc.php');
foreach ($cols as $col => &$colconf) {
if (isset($colconf['visible'])) {
}
require_once('edit.inc.php');
foreach ($cols as $col => &$colconf) {
if (isset($colconf['visible'])) {
- if ($colconf['visible'] == 'admin' and empty($User['admin'])) {
+ if ($colconf['visible'] == 'admin' and !$User->admin) {
$colconf['visible'] = FALSE;
continue;
}
$colconf['visible'] = FALSE;
continue;
}
$tags = [];
foreach (glob($colconf['filename'] . '/*') as $tag) {
$tagname = pathinfo($tag, PATHINFO_BASENAME);
$tags = [];
foreach (glob($colconf['filename'] . '/*') as $tag) {
$tagname = pathinfo($tag, PATHINFO_BASENAME);
- $target = "$tag/{$user['name']}";
+ $target = "$tag/{$user->login}";
$val = file_exists($target);
$tagopt = &$colconf['values'][$tagname] ?: [];
$tagopt['value'] = $val;
$val = file_exists($target);
$tagopt = &$colconf['values'][$tagname] ?: [];
$tagopt['value'] = $val;
}
$filetype = @$colconf['type'] == 'file' ? 'jpg' : 'txt';
}
$filetype = @$colconf['type'] == 'file' ? 'jpg' : 'txt';
- $colpath = $user['dir'] . '/' . $colconf['filename'];
+ $colpath = $user->dir . '/' . $colconf['filename'];
if (file_exists($colpath)) {
$colconf['value'] = $filetype != 'txt' ? '' :
rtrim(file_get_contents($colpath));
}
if (file_exists($colpath)) {
$colconf['value'] = $filetype != 'txt' ? '' :
rtrim(file_get_contents($colpath));
}
- if (file_exists($user['dir']) and !is_writable($user['dir'])) {
+ if (file_exists($user->dir) and !is_writable($user->dir)) {
continue; # locked parent directory
}
if (isset($colconf['value']) and !is_writable($colpath)) {
continue; # locked parent directory
}
if (isset($colconf['value']) and !is_writable($colpath)) {
$colwarn = [];
if ($_POST) {
$colwarn = [];
if ($_POST) {
- if (!file_exists($user['dir']) and !@mkdir($user['dir'])) {
- print "<p class=warn>Fout bij het aanmaken van gebruikersprofiel voor <em>{$user['name']}</em>.</p>\n\n";
+ if (!file_exists($user->dir) and !@mkdir($user->dir)) {
+ print "<p class=warn>Fout bij het aanmaken van gebruikersprofiel voor <em>{$user->login}</em>.</p>\n\n";
}
else {
# link option target to current user dir
}
else {
# link option target to current user dir
- $optok = @symlink("../../{$user['name']}", $option['target']);
+ $optok = @symlink("../../{$user->login}", $option['target']);
}
$option['value'] = $optval; # update form value
if (!$optok) {
}
$option['value'] = $optval; # update form value
if (!$optok) {
-if (empty($Args) and !empty($User['admin'])) {
+if (empty($Args) and $User and $User->admin) {
include_once 'login/admin.html';
}
include_once 'login/admin.html';
}
foreach ($users as $user) {
$name = $user->name ?: $user->login;
foreach ($users as $user) {
$name = $user->name ?: $user->login;
- if (!empty($GLOBALS['User']['admin'])) {
+ if ($GLOBALS['User'] and $GLOBALS['User']->admin) {
$link = '/login/edit/'.$user->login;
$name = sprintf('<a href="%s">%s</a>', $link, $name);
}
$link = '/login/edit/'.$user->login;
$name = sprintf('<a href="%s">%s</a>', $link, $name);
}
-$info = new User($User['dir']);
-print $info->name;
return "Log eerst (opnieuw?) in.";
}
return "Log eerst (opnieuw?) in.";
}
- $pwfile = "{$user['dir']}/.passwd";
+ $pwfile = "{$user->dir}/.passwd";
if (file_exists($pwfile) and !is_writable($pwfile)) {
return "Het wachtwoord kan niet worden aangepast voor deze gebruiker.";
}
if (file_exists($pwfile) and !is_writable($pwfile)) {
return "Het wachtwoord kan niet worden aangepast voor deze gebruiker.";
}
- if (!empty($user['pass'])) {
+ if (!empty($user->pass)) {
if (empty($input['oldpass'])) {
return "Als extra beveiliging tegen ongewenste aanpassingen moet het bestaande wachtwoord worden ingevoerd.";
}
if (empty($input['oldpass'])) {
return "Als extra beveiliging tegen ongewenste aanpassingen moet het bestaande wachtwoord worden ingevoerd.";
}
- if (!login_password_verify($input['oldpass'], $user['pass'])) {
+ if (!login_password_verify($input['oldpass'], $user->pass)) {
return "Het bestaande wachtwoord is onjuist ingevoerd; niet aangepast.";
}
}
return "Het bestaande wachtwoord is onjuist ingevoerd; niet aangepast.";
}
}
return "Zo'n kort wachtwoord is een slecht idee.";
}
return "Zo'n kort wachtwoord is een slecht idee.";
}
- if ($input['newpass'] == $user['name']) {
+ if ($input['newpass'] == $user->login) {
return "De loginnaam is wel heel makkelijk raadbaar als wachtwoord.";
}
return "De loginnaam is wel heel makkelijk raadbaar als wachtwoord.";
}
return "Het nieuwe wachtwoord kon niet worden opgeslagen. Het oude wachtwoord is behouden.";
}
return "Het nieuwe wachtwoord kon niet worden opgeslagen. Het oude wachtwoord is behouden.";
}
- @unlink("{$user['dir']}/.token"); # invalidate reset token
+ @unlink("{$user->dir}/.token"); # invalidate reset token
$authhash = md5($passstore);
$authhash = md5($passstore);
- $user['auth'] = "{$user['name']}:$authhash";
+ $user->auth = "{$user->login}:$authhash";
if ($GLOBALS['User'] === $user) {
login_setcookie();
}
if ($GLOBALS['User'] === $user) {
login_setcookie();
}
$userdir = strtolower("profile/$username");
if ($verify = @file_get_contents("$userdir/.token")
and $verify == $token) {
$userdir = strtolower("profile/$username");
if ($verify = @file_get_contents("$userdir/.token")
and $verify == $token) {
- $User = [
- 'name' => $username,
- 'dir' => $userdir,
- 'pass' => NULL,
- ];
+ $User = new User($userdir);
+ $User->pass = NULL;
}
else {
http_response_code(403);
}
else {
http_response_code(403);
require_once('login/pass.inc.php');
$error = passform($User, $_POST);
if (empty($error)) {
require_once('login/pass.inc.php');
$error = passform($User, $_POST);
if (empty($error)) {
- print "<p>Het wachtwoord is aangepast voor <em>{$User['name']}</em>. Voortaan met het nieuwe wachtwoord inloggen.</p>\n\n";
+ print "<p>Het wachtwoord is aangepast voor <em>{$User->login}</em>. Voortaan met het nieuwe wachtwoord inloggen.</p>\n\n";
return;
}
http_response_code(400);
return;
}
http_response_code(400);
?>
<form method="post">
<p>
?>
<form method="post">
<p>
-Hier kun je een nieuwe inlogcode instellen voor <em><?= htmlspecialchars($User['name']) ?></em>.
+Hier kun je een nieuwe inlogcode instellen voor <em><?= htmlspecialchars($User->login) ?></em>.
Dit zal de huidige code vervangen.
</p>
<p>
Dit zal de huidige code vervangen.
</p>
<p>
-<?php if (!empty($User['pass'])) { ?>
+<?php if ($User and strlen($User->pass)) { ?>
<input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
<?php } ?>
<input type="password" name="newpass" value="" placeholder="Nieuw wachtwoord" />
<input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
<?php } ?>
<input type="password" name="newpass" value="" placeholder="Nieuw wachtwoord" />
$replyform = $Page == 'melding' && !empty($User);
@list ($year, $page) = explode('/', trim($Args, '/'));
$replyform = $Page == 'melding' && !empty($User);
@list ($year, $page) = explode('/', trim($Args, '/'));
-if (!empty($User['admin'])) {
+if ($User and $User->admin) {
print '<script src="/nieuws/edit.js"></script>'."\n";
}
if ($page and !is_numeric($page)) {
print '<script src="/nieuws/edit.js"></script>'."\n";
}
if ($page and !is_numeric($page)) {
- $edit = !empty($User['admin']) ? htmlspecialchars(@$_GET['edit']) : NULL;
+ $edit = $User && $User->admin ? htmlspecialchars(@$_GET['edit']) : NULL;
$article = new ArchiveArticle("$Page$Args.html");
$Place['title'] = $edit ?: $article->title;
if ($article->file) {
$article = new ArchiveArticle("$Page$Args.html");
$Place['title'] = $edit ?: $article->title;
if ($article->file) {
if ($article->file and $article->image) {
$Place['image'] = "/".$article->thumb('600x');
}
if ($article->file and $article->image) {
$Place['image'] = "/".$article->thumb('600x');
}
- if (!empty($User['admin'])) {
+ if ($User and $User->admin) {
$taglist = [];
foreach (glob("$Page/.tags/*") as $tagpath) {
$tagname = pathinfo($tagpath, PATHINFO_BASENAME);
$taglist = [];
foreach (glob("$Page/.tags/*") as $tagpath) {
$tagname = pathinfo($tagpath, PATHINFO_BASENAME);
if ($_POST) {
try {
@mkdir($pagelink);
if ($_POST) {
try {
@mkdir($pagelink);
- $target = $pagelink.'/'.date('YmdHis').':'.$User['name'].'.html';
+ $target = $pagelink.'/'.date('YmdHis').':'.$User->login.'.html';
$html = nl2br(htmlspecialchars($_POST['reply']));
$html = "<p>$html</p>\n";
$written = file_put_contents($target, $html);
$html = nl2br(htmlspecialchars($_POST['reply']));
$html = "<p>$html</p>\n";
$written = file_put_contents($target, $html);
print '<form method="post" action="">';
printf('<textarea id="%s" name="%1$s" cols=60 rows=3 placeholder="%s">%s</textarea>'."\n",
'reply',
print '<form method="post" action="">';
printf('<textarea id="%s" name="%1$s" cols=60 rows=3 placeholder="%s">%s</textarea>'."\n",
'reply',
- "Bericht van {$User['name']}",
+ "Bericht van {$User->login}",
''
);
print '<input type="submit" value="Plaatsen" />'."\n";
''
);
print '<input type="submit" value="Plaatsen" />'."\n";
ob_start();
include 'menu.html';
ob_start();
ob_start();
include 'menu.html';
ob_start();
print '<div class="login"><p>';
print '<div class="login"><p>';
- printf('<span>Ingelogd: <b><a href="%s">%s</a></b></span>', '/login', $User['name']);
- if (!empty($User['admin'])) {
+ printf('<span>Ingelogd: <b><a href="%s">%s</a></b></span>', '/login', $User->login);
+ if ($User->admin) {
$editpage = $Page.$Args;
if (is_dir($editpage)) {
if (file_exists("$editpage/index.html")) {
$editpage = $Page.$Args;
if (is_dir($editpage)) {
if (file_exists("$editpage/index.html")) {
print "</footer>\n";
global $User;
print "</footer>\n";
global $User;
- if (!empty($User['admin'])) {
+ if ($User and $User->admin) {
$ckesrc = '/lib/ckeditor'; # local install
if (!file_exists(DOCROOT . $ckesrc)) {
$ckesrc = '//cdn.ckeditor.com/4.7.3/full-all'; # remote fallback
$ckesrc = '/lib/ckeditor'; # local install
if (!file_exists(DOCROOT . $ckesrc)) {
$ckesrc = '//cdn.ckeditor.com/4.7.3/full-all'; # remote fallback
include_once 'auth.inc.php';
$Edit = isset($_GET['edit']);
include_once 'auth.inc.php';
$Edit = isset($_GET['edit']);
elseif (file_exists("$Page$Args/index.html")) {
$staticpage = "$Page$Args/index.html";
}
elseif (file_exists("$Page$Args/index.html")) {
$staticpage = "$Page$Args/index.html";
}
-elseif (!empty($User['admin'])) {
+elseif ($User and $User->admin) {
$staticpage = (file_exists("$Page/template.html") ? "$Page/template.html" : 'template.html');
}
$staticpage = (file_exists("$Page/template.html") ? "$Page/template.html" : 'template.html');
}
- 'user' => empty($User) ? '' : $User['name'],
+ 'user' => $User ? $User->login : '',
'url' => htmlspecialchars($_SERVER['REQUEST_URI']),
];
'url' => htmlspecialchars($_SERVER['REQUEST_URI']),
];