mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-06 08:07:27 +02:00
Code Issues Releases Wiki Activity

Move core logic of 'onLoginSuccessful' from 'Auth' to 'UserManager'

Browse Source
This commit is contained in:
Marco
2017-11-03 08:50:59 +01:00
parent 24056e89a4
commit 67443c122a
2 changed files with 31 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Auth.php
View File

@@ -451,18 +451,8 @@ final class Auth extends UserManager {
} }
} }
/** protected function onLoginSuccessful($userId, $email, $username, $status, $roles, $remembered) {
* Called when the user has successfully logged in (via standard login or "remember me") // update the timestamp of the user's last login
*
* @param int $userId the ID of the user
* @param string $email the email address of the user
* @param string $username the display name (if any) of the user
* @param int $status the status of the user as one of the constants from the {@see Status} class
* @param int $roles the roles of the user as a bitmask using constants from the {@see Role} class
* @param bool $remembered whether the user has been remembered (instead of them having authenticated actively)
* @throws AuthError if an internal problem occurred (do *not* catch)
*/
private function onLoginSuccessful($userId, $email, $username, $status, $roles, $remembered) {
try { try {
$this->db->update( $this->db->update(
$this->dbTablePrefix . 'users', $this->dbTablePrefix . 'users',
@@ -474,17 +464,7 @@ final class Auth extends UserManager {
throw new DatabaseError(); throw new DatabaseError();
} }
// re-generate the session ID to prevent session fixation attacks (requests a cookie to be written on the client) parent::onLoginSuccessful($userId, $email, $username, $status, $roles, $remembered);
Session::regenerate(true);
// save the user data in the session variables maintained by this library
$_SESSION[self::SESSION_FIELD_LOGGED_IN] = true;
$_SESSION[self::SESSION_FIELD_USER_ID] = (int) $userId;
$_SESSION[self::SESSION_FIELD_EMAIL] = $email;
$_SESSION[self::SESSION_FIELD_USERNAME] = $username;
$_SESSION[self::SESSION_FIELD_STATUS] = (int) $status;
$_SESSION[self::SESSION_FIELD_ROLES] = (int) $roles;
$_SESSION[self::SESSION_FIELD_REMEMBERED] = $remembered;
} }
/** /**

28
src/UserManager.php
View File

@@ -9,6 +9,7 @@
namespace Delight\Auth; namespace Delight\Auth;
use Delight\Base64\Base64; use Delight\Base64\Base64;
use Delight\Cookie\Session;
use Delight\Db\PdoDatabase; use Delight\Db\PdoDatabase;
use Delight\Db\PdoDsn; use Delight\Db\PdoDsn;
use Delight\Db\Throwable\Error; use Delight\Db\Throwable\Error;
@@ -180,6 +181,33 @@ abstract class UserManager {
return $newUserId; return $newUserId;
} }
/**
* Called when a user has successfully logged in
*
* This may happen via the standard login, via the "remember me" feature, or due to impersonation by administrators
*
* @param int $userId the ID of the user
* @param string $email the email address of the user
* @param string $username the display name (if any) of the user
* @param int $status the status of the user as one of the constants from the {@see Status} class
* @param int $roles the roles of the user as a bitmask using constants from the {@see Role} class
* @param bool $remembered whether the user has been remembered (instead of them having authenticated actively)
* @throws AuthError if an internal problem occurred (do *not* catch)
*/
protected function onLoginSuccessful($userId, $email, $username, $status, $roles, $remembered) {
// re-generate the session ID to prevent session fixation attacks (requests a cookie to be written on the client)
Session::regenerate(true);
// save the user data in the session variables maintained by this library
$_SESSION[self::SESSION_FIELD_LOGGED_IN] = true;
$_SESSION[self::SESSION_FIELD_USER_ID] = (int) $userId;
$_SESSION[self::SESSION_FIELD_EMAIL] = $email;
$_SESSION[self::SESSION_FIELD_USERNAME] = $username;
$_SESSION[self::SESSION_FIELD_STATUS] = (int) $status;
$_SESSION[self::SESSION_FIELD_ROLES] = (int) $roles;
$_SESSION[self::SESSION_FIELD_REMEMBERED] = $remembered;
}
/** /**
* Returns the requested user data for the account with the specified username (if any) * Returns the requested user data for the account with the specified username (if any)
* *