From: Mischa POSLAWSKY Date: Fri, 6 Dec 2019 22:05:18 +0000 (+0100) Subject: auth: create user object regardless of login X-Git-Tag: v4.5~25 X-Git-Url: http://git.shiar.nl/minimedit.git/commitdiff_plain/621fc2f9638a1a92aa8535310e7852de5542f11e auth: create user object regardless of login Simplify code not having to check for object existence. --- diff --git a/auth.inc.php b/auth.inc.php index 3901609..b22ed5b 100644 --- a/auth.inc.php +++ b/auth.inc.php @@ -3,8 +3,13 @@ date_default_timezone_set('Europe/Amsterdam'); class User { - function __construct($dir, $existing = TRUE) + public $dir, $login; + + function __construct($dir = NULL, $existing = TRUE) { + if (empty($dir)) { + return; + } if (!file_exists($dir) and $existing) { throw new Exception("Gebruiker niet gevonden in $dir"); } @@ -55,7 +60,7 @@ class User } return isset($this->admin[$permission]); # check level } - if (!@file_exists("{$this->dir}/.admin")) { + if (!$this->dir or !@file_exists("{$this->dir}/.admin")) { return FALSE; # not an admin } return array_fill_keys(explode("\n", file_get_contents("{$this->dir}/.admin")), TRUE); @@ -122,8 +127,11 @@ function login($inuser, $inpass = NULL) return $user; } +global $User; if (isset($_COOKIE['login'])) { - global $User; $User = login($_COOKIE['login']); } +if (!$User) { + $User = new User; +} diff --git a/edit/foto/cover/index.php b/edit/foto/cover/index.php index ab86a2f..2558e10 100644 --- a/edit/foto/cover/index.php +++ b/edit/foto/cover/index.php @@ -1,5 +1,5 @@ admin('foto')) { +if (!$User->admin('foto')) { http_response_code(403); print "Beheerrechten verplicht voor instellen van covers\n"; exit; diff --git a/edit/nieuws/tag/index.php b/edit/nieuws/tag/index.php index 9bfb515..ca477c8 100644 --- a/edit/nieuws/tag/index.php +++ b/edit/nieuws/tag/index.php @@ -5,7 +5,7 @@ if (!$Args) abort("pagina niet opgegeven", '409 input error'); $pagename = ltrim($Args, '/').'.html'; -if (!$User or !$User->admin("edit $pagename")) +if (!$User->admin("edit $pagename")) abort("geen beheersrechten", '401 unauthorised'); @list ($category, $year, $article) = explode('/', $pagename); diff --git a/edit/page/index.php b/edit/page/index.php index 48f8942..8989dd5 100644 --- a/edit/page/index.php +++ b/edit/page/index.php @@ -1,5 +1,5 @@ admin("edit $Page$Args")) +if (!$User->admin("edit $Page$Args")) abort("geen beheersrechten", '401 unauthorised'); if ($_FILES) { diff --git a/foto/album.inc.php b/foto/album.inc.php index 7a3f917..92a7395 100644 --- a/foto/album.inc.php +++ b/foto/album.inc.php @@ -24,7 +24,7 @@ function openphotoswipe(index) { closeElClasses: [], shareButtons: [ admin('foto')) { +if ($User->admin('foto')) { printf("\t\t\t{id:'%s', label:'%s', url:'%s'},\n", 'cover', 'Cover instellen', "/edit/foto/cover$Args?img={{image_url}}" ); diff --git a/foto/index.php b/foto/index.php index 89f5d06..a97ec1c 100644 --- a/foto/index.php +++ b/foto/index.php @@ -1,7 +1,7 @@ admin('foto')) { +if ($User->admin('foto')) { $access = '🔓 Openbaar'; if (!empty($PageAccess)) { $access = "🔒 Bewoners"; @@ -64,7 +64,7 @@ if ($imgs = glob("$rootdir/*", GLOB_ONLYDIR)) { $html = ''; $html .= "
$album
"; - if (empty($User) and file_exists("$path/.private")) { + if (!$User->login and file_exists("$path/.private")) { $html = ''.$html.''; } $html = "
$html
"; diff --git a/login/admin/index.php b/login/admin/index.php index eb8a877..0688f17 100644 --- a/login/admin/index.php +++ b/login/admin/index.php @@ -1,5 +1,5 @@ admin('site')) { +if (!$User->admin('site')) { http_response_code(403); ?>

Verboden toegang

diff --git a/login/index.php b/login/index.php index c69ec3c..6783a47 100644 --- a/login/index.php +++ b/login/index.php @@ -35,7 +35,7 @@ elseif (isset($_GET['logout'])) { $message = "Je bent uitgelogd. Graag tot ziens!"; } -if (empty($User)) { +if (!$User or !$User->login) { $Article->title = 'Inloggen'; if (isset($_REQUEST['goto'])) { $target = ltrim($_REQUEST['goto'], '/'); @@ -75,7 +75,7 @@ if (isset($_REQUEST['goto'])) { if (isset($Article->raw)) { print $Article->raw; } -if (empty($Args) and $User and $User->admin) { +if (empty($Args) and $User->admin) { include_once 'login/admin.html'; } diff --git a/login/pass/index.php b/login/pass/index.php index 735770a..cd65186 100644 --- a/login/pass/index.php +++ b/login/pass/index.php @@ -13,7 +13,7 @@ if (isset($_GET['token'])) { return TRUE; } } -elseif (!$User) { +elseif (!$User->login) { http_response_code(303); $target = urlencode($_SERVER['REQUEST_URI']); header("Location: /login?goto=$target"); @@ -38,7 +38,7 @@ Hier kun je een nieuwe inlogcode instellen voor Dit zal de huidige code vervangen.

-pass)) { ?> +login and strlen($User->pass)) { ?> diff --git a/login/post/index.php b/login/post/index.php index 9621978..0beb42f 100644 --- a/login/post/index.php +++ b/login/post/index.php @@ -1,5 +1,5 @@ login) { http_response_code(303); $target = urlencode($_SERVER['REQUEST_URI']); header("Location: /login?goto=$target"); diff --git a/nieuws/index.php b/nieuws/index.php index 392a10f..f74c632 100644 --- a/nieuws/index.php +++ b/nieuws/index.php @@ -1,14 +1,14 @@ login; @list ($year, $page) = explode('/', trim($Args, '/')); -if ($User and $User->admin("edit $Page")) { +if ($User->admin("edit $Page")) { print ''."\n"; } if ($page and !is_numeric($page)) { $Article->meta['og:type'] = 'article'; - $edit = $User && $User->admin("edit $Page$Args") ? htmlspecialchars(@$_GET['edit']) : NULL; + $edit = $User->admin("edit $Page$Args") ? htmlspecialchars(@$_GET['edit']) : NULL; if ($edit) { $Article->title = $edit; } @@ -16,7 +16,7 @@ if ($page and !is_numeric($page)) { $Place[1] = ' '.$Article->date.''; } print preg_replace('{(?<=

)(.*?)(?=

)}', ($edit ?: '\1').' [[1]]', $Article->raw); - if ($User and $User->admin("edit $Page$Args")) { + if ($User->admin("edit $Page$Args")) { $taglist = []; foreach (glob("$Page/.tags/*") as $tagpath) { $tagname = pathinfo($tagpath, PATHINFO_BASENAME); diff --git a/page.inc.php b/page.inc.php index 7a54bf7..94ef7cf 100644 --- a/page.inc.php +++ b/page.inc.php @@ -7,7 +7,7 @@ print "
\n"; ob_start(); include 'menu.inc.html'; ob_start(); -if (!empty($User)) { +if ($User and $User->login) { print '