strk/friendica
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'develop' of https://github.com/friendica/friendica into develop

Browse source
This commit is contained in:
Hypolite Petovan 2017-03-14 23:11:53 -04:00
parent 6d087aae23 e57bd5fe55
commit 2ff494d899
6 changed files with 115 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
include/auth.php
View file

@ -125,6 +125,7 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params'
$openid = new LightOpenID;
$openid->identity = $openid_url;
$_SESSION['openid'] = $openid_url;
$_SESSION['remember'] = $_POST['remember'];
$openid->returnUrl = App::get_baseurl(true).'/openid';
goaway($openid->authUrl());
} catch (Exception $e) {
@ -178,17 +179,12 @@ if (isset($_SESSION) && x($_SESSION,'authenticated') && (!x($_POST,'auth-params'
goaway(z_root());
}
// If the user specified to remember the authentication, then set a cookie
// that expires after one week (the default is when the browser is closed).
// The cookie will be renewed automatically.
// The week ensures that sessions will expire after some inactivity.
if ($_POST['remember'])
new_cookie(604800, $r[0]);
else
if (! $_POST['remember']) {
new_cookie(0); // 0 means delete on browser exit
}
// if we haven't failed up this point, log them in.
$_SESSION['remember'] = $_POST['remember'];
$_SESSION['last_login_date'] = datetime_convert('UTC','UTC');
authenticate_success($record, true, true);
}
@ -203,39 +199,3 @@ function nuke_session() {
session_unset();
session_destroy();
}
/**
* @brief Calculate the hash that is needed for the "Friendica" cookie
*
* @param array $user Record from "user" table
*
* @return string Hashed data
*/
function cookie_hash($user) {
return(hash("sha256", get_config("system", "site_prvkey").
$user["uprvkey"].
$user["password"]));
}
/**
* @brief Set the "Friendica" cookie
*
* @param int $time
* @param array $user Record from "user" table
*/
function new_cookie($time, $user = array()) {
if ($time != 0)
$time = $time + time();
if ($user)
$value = json_encode(array("uid" => $user["uid"],
"hash" => cookie_hash($user),
"ip" => $_SERVER['REMOTE_ADDR']));
else
$value = "";
setcookie("Friendica", $value, $time, "/", "",
(get_config('system', 'ssl_policy') == SSL_POLICY_FULL), true);
}

54
include/security.php
View file

@ -1,5 +1,44 @@
<?php
/**
* @brief Calculate the hash that is needed for the "Friendica" cookie
*
* @param array $user Record from "user" table
*
* @return string Hashed data
*/
function cookie_hash($user) {
return(hash("sha256", get_config("system", "site_prvkey").
$user["uprvkey"].
$user["password"]));
}
/**
* @brief Set the "Friendica" cookie
*
* @param int $time
* @param array $user Record from "user" table
*/
function new_cookie($time, $user = array()) {
if ($time != 0) {
$time = $time + time();
}
if ($user) {
$value = json_encode(array("uid" => $user["uid"],
"hash" => cookie_hash($user),
"ip" => $_SERVER['REMOTE_ADDR']));
}
else {
$value = "";
}
setcookie("Friendica", $value, $time, "/", "",
(get_config('system', 'ssl_policy') == SSL_POLICY_FULL), true);
}
function authenticate_success($user_record, $login_initial = false, $interactive = false, $login_refresh = false) {
$a = get_app();
@ -94,6 +133,21 @@ function authenticate_success($user_record, $login_initial = false, $interactive
}
if ($login_initial) {
// If the user specified to remember the authentication, then set a cookie
// that expires after one week (the default is when the browser is closed).
// The cookie will be renewed automatically.
// The week ensures that sessions will expire after some inactivity.
if ($_SESSION['remember']) {
logger('Injecting cookie for remembered user '. $_SESSION['remember_user']['nickname']);
new_cookie(604800, $user_record);
unset($_SESSION['remember']);
}
}
if ($login_initial) {
call_hooks('logged_in', $a->user);

9
include/text.php
View file

@ -291,8 +291,8 @@ function paginate_data(App $a, $count = null) {
}
$url = $stripped;
$data = array();
function _l(&$d, $name, $url, $text, $class = '') {
if (strpos($url, '?') === false && ($pos = strpos($url, '&')) !== false) {
$url = substr($url, 0, $pos) . '?' . substr($url, $pos + 1);
@ -318,9 +318,10 @@ function paginate_data(App $a, $count = null) {
$numstart = 1;
$numstop = $numpages;
if ($numpages > 14) {
$numstart = (($pagenum > 7) ? ($pagenum - 7) : 1);
$numstop = (($pagenum > ($numpages - 7)) ? $numpages : ($numstart + 14));
// Limit the number of displayed page number buttons.
if ($numpages > 8) {
$numstart = (($pagenum > 4) ? ($pagenum - 4) : 1);
$numstop = (($pagenum > ($numpages - 7)) ? $numpages : ($numstart + 8));
}
$pages = array();

2
mod/openid.php
View file

@ -30,7 +30,7 @@ function openid_content(App $a) {
// mod/settings.php in 8367cad so it might have left mixed
// records in the user table
//
$r = q("SELECT * FROM `user`
$r = q("SELECT *, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user`
WHERE ( `openid` = '%s' OR `openid` = '%s' )
AND `blocked` = 0 AND `account_expired` = 0
AND `account_removed` = 0 AND `verified` = 1

52
view/theme/frio/css/style.css
View file

@ -2509,21 +2509,53 @@ body .tread-wrapper .hovercard:hover .hover-card-content a {
}
/* Pagination improvements */
.pagination {
text-align: center;
display: block;
}
.pagination > li > a,
.pagination > li > span {
color: $link_color;
color: $link_color;
float: none;
}
.pagination>.active>a,
.pagination>.active>a:focus,
.pagination>.active>a:hover,
.pagination>.active>span,
.pagination>.active>span:focus,
.pagination>.active>span:hover {
background-color: $link_color;
.pagination>li>a:hover,
.pagination>li>span:hover {
color: $link_hover_color;
}
.pagination > .active > a,
.pagination > .active > a:focus,
.pagination > .active > a:hover,
.pagination > .active > span,
.pagination > .active > span:focus,
.pagination > .active > span:hover {
background-color: $link_color;
border-color: $link_color;
border-radius: 3px;
}
.disabled > a {
pointer-events: none;
.pagination li.pager_n a {
margin-left: 3px;
border-radius: 3px;
}
.pagination .pager_prev a {
margin-left: -5px;
margin-right: 4px;
border-top-right-radius: 3px;
border-bottom-right-radius: 3px;
}
.pagination .pager_next a {
margin-left: 4px;
margin-right: -5px;
border-top-left-radius: 3px;
border-bottom-left-radius: 3px;
}
.pager .next > a,
.pager .previous > a {
float: none;
border-radius: 3px;
}
.pagination .disabled > a,
.pager .disabled > a {
display: none;
}
/*

16
view/theme/frio/templates/paginate.tpl
View file

@ -1,14 +1,16 @@
{{* Pager template, uses output of paginate_data() in include/text.php *}}
{{if $pager}}
<div class="{{$pager.class}}">
{{if $pager.first}}<li class="pager_first {{$pager.first.class}}"><a href="{{$pager.first.url}}">{{$pager.first.text}}</a></li>{{/if}}
<ul class="{{$pager.class}} pagination-sm">
{{if $pager.first}}<li class="pager_first {{$pager.first.class}}"><a href="{{$pager.first.url}}" title="{{$pager.first.text}}">&#8739;&lt;</a></li>{{/if}}
{{if $pager.prev}}<li class="pager_prev {{$pager.prev.class}}"><a href="{{$pager.prev.url}}">{{$pager.prev.text}}</a></li>{{/if}}
{{if $pager.prev}}<li class="pager_prev {{$pager.prev.class}}"><a href="{{$pager.prev.url}}" title="{{$pager.prev.text}}">&lt;</a></li>{{/if}}
{{foreach $pager.pages as $p}}<li class="pager_{{$p.class}}"><a href="{{$p.url}}">{{$p.text}}</a></li>{{/foreach}}
{{foreach $pager.pages as $p}}<li class="pager_{{$p.class}} hidden-xs hidden-sm"><a href="{{$p.url}}">{{$p.text}}</a></li>{{/foreach}}
{{if $pager.next}}<li class="pager_next {{$pager.next.class}}"><a href="{{$pager.next.url}}">{{$pager.next.text}}</a></li>{{/if}}
{{if $pager.next}}<li class="pager_next {{$pager.next.class}}"><a href="{{$pager.next.url}}" title="{{$pager.next.text}}">&gt;</a></li>{{/if}}
{{if $pager.last}}&nbsp;<li class="pager_last {{$pager.last.class}}"><a href="{{$pager.last.url}}">{{$pager.last.text}}</a></li>{{/if}}
</div>
{{if $pager.last}}<li class="pager_last {{$pager.last.class}}"><a href="{{$pager.last.url}}" title="{{$pager.last.text}}">&gt;&#8739;</a></li>{{/if}}
</ul>
{{/if}}