mirror/processwire
1
0
Fork 0
mirror of https://github.com/processwire/processwire.git synced 2025-08-17 20:11:46 +02:00
Code Issues Releases Wiki Activity

Fix issue processwire/processwire-issues#902

Browse Source
This commit is contained in:
Ryan Cramer
2019-06-21 11:09:53 -04:00
parent 903e6b3527
commit 49d0348b4a
1 changed files with 57 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
wire/modules/Process/ProcessLogin/ProcessLogin.module
View File

@@ -8,7 +8,7 @@
* For more details about how Process modules work, please see: * For more details about how Process modules work, please see:
* /wire/core/Process.php * /wire/core/Process.php
* *
* ProcessWire 3.x, Copyright 2018 by Ryan Cramer * ProcessWire 3.x, Copyright 2019 by Ryan Cramer
* https://processwire.com * https://processwire.com
* *
* @property bool $allowForgot Whether the ProcessForgotPassword module is installed. * @property bool $allowForgot Whether the ProcessForgotPassword module is installed.
@@ -25,6 +25,7 @@
* @method void login($name, $pass) #pw-hooker * @method void login($name, $pass) #pw-hooker
* @method void loginFailed($name) #pw-hooker * @method void loginFailed($name) #pw-hooker
* @method void loginSuccess(User $user) #pw-hooker * @method void loginSuccess(User $user) #pw-hooker
* @method array getBeforeLoginVars() #pw-hooker
* *
* *
*/ */
@@ -35,7 +36,7 @@ class ProcessLogin extends Process implements ConfigurableModule {
return array( return array(
'title' => 'Login', 'title' => 'Login',
'summary' => 'Login to ProcessWire', 'summary' => 'Login to ProcessWire',
'version' => 106, 'version' => 107,
'permanent' => true, 'permanent' => true,
'permission' => 'page-view', 'permission' => 'page-view',
); );
@@ -66,6 +67,8 @@ class ProcessLogin extends Process implements ConfigurableModule {
protected $form; protected $form;
/** /**
* Requested page edit ID (no longer used, but kept in case anything else monitoring it)
*
* @var int * @var int
* *
*/ */
@@ -118,7 +121,7 @@ class ProcessLogin extends Process implements ConfigurableModule {
*/ */
public function init() { public function init() {
$this->id = isset($_GET['id']) ? (int) $_GET['id'] : ''; $this->id = isset($_GET['id']) ? (int) $_GET['id'] : ''; // id no longer used as anything but a toggle (on/off)
$this->allowForgot = $this->modules->isInstalled('ProcessForgotPassword'); $this->allowForgot = $this->modules->isInstalled('ProcessForgotPassword');
$this->isAdmin = $this->wire('page')->template == 'admin'; $this->isAdmin = $this->wire('page')->template == 'admin';
@@ -199,6 +202,9 @@ class ProcessLogin extends Process implements ConfigurableModule {
} }
// fallback if nothing set // fallback if nothing set
return $this->afterLoginOutput(); return $this->afterLoginOutput();
} else if($this->wire('input')->urlSegmentStr() === 'logout') {
$session->redirect('../');
} }
$tfa = null; $tfa = null;
@@ -230,7 +236,7 @@ class ProcessLogin extends Process implements ConfigurableModule {
if($loginSubmit) { if($loginSubmit) {
$this->form->processInput($input->post); $this->form->processInput($input->post);
} else { } else {
if($this->isAdmin) $this->beforeLogin(); $this->beforeLogin();
return $this->renderLoginForm(); return $this->renderLoginForm();
} }
@@ -289,7 +295,7 @@ class ProcessLogin extends Process implements ConfigurableModule {
public function ___executeLogout() { public function ___executeLogout() {
if($this->logoutURL) { if($this->logoutURL) {
$url = $this->logoutURL; $url = $this->logoutURL;
} else if($this->isAdmin) { } else if($this->isAdmin || $this->wire('page')->template == 'admin') {
$url = $this->config->urls->admin; $url = $this->config->urls->admin;
$this->message($this->_("You have logged out")); $this->message($this->_("You have logged out"));
} else { } else {
@@ -308,8 +314,17 @@ class ProcessLogin extends Process implements ConfigurableModule {
*/ */
protected function ___beforeLogin() { protected function ___beforeLogin() {
/** @var Session $session */
$session = $this->wire('session');
$beforeLoginVars = $this->getBeforeLoginVars();
$session->setFor($this, 'beforeLoginVars', $beforeLoginVars);
// any remaining checks only if currently in the admin
if(!$this->isAdmin) return;
// if checks already completed don't run them again // if checks already completed don't run them again
if($this->wire('session')->get($this, 'beforeLoginChecks')) return; if($session->getFor($this, 'beforeLoginChecks')) return;
if( ini_get('session.save_handler') == 'files' if( ini_get('session.save_handler') == 'files'
&& !$this->wire('modules')->isInstalled('SessionHandlerDB') && !$this->wire('modules')->isInstalled('SessionHandlerDB')
@@ -356,7 +371,7 @@ class ProcessLogin extends Process implements ConfigurableModule {
} }
} }
$this->wire('session')->set($this, 'beforeLoginChecks', 1); $session->setFor($this, 'beforeLoginChecks', 1);
} }
/** /**
@@ -490,7 +505,7 @@ class ProcessLogin extends Process implements ConfigurableModule {
$this->form = $this->modules->get('InputfieldForm'); $this->form = $this->modules->get('InputfieldForm');
// we'll retain an ID field in the GET url, if it was there // we'll retain an ID field in the GET url, if it was there (note: no longer used as anything but a toggle on/off)
$this->form->attr('action', "./" . ($this->id ? "?id={$this->id}" : '')); $this->form->attr('action', "./" . ($this->id ? "?id={$this->id}" : ''));
$this->form->addClass('InputfieldFormFocusFirst'); $this->form->addClass('InputfieldFormFocusFirst');
@@ -599,7 +614,10 @@ class ProcessLogin extends Process implements ConfigurableModule {
*/ */
protected function ___afterLoginRedirect($url = '') { protected function ___afterLoginRedirect($url = '') {
$url = $this->afterLoginURL($url); $url = $this->afterLoginURL($url);
$this->wire('session')->redirect($url, false); $session = $this->wire('session');
$session->removeFor($this, 'beforeLoginVars');
$session->removeFor($this, 'beforeLoginChecks');
$session->redirect($url, false);
} }
/** /**
@@ -613,6 +631,7 @@ class ProcessLogin extends Process implements ConfigurableModule {
* *
*/ */
public function ___afterLoginURL($url = '') { public function ___afterLoginURL($url = '') {
if(empty($url)) { if(empty($url)) {
$user = $this->wire('user'); $user = $this->wire('user');
if($this->loginURL) { if($this->loginURL) {
@@ -627,15 +646,39 @@ class ProcessLogin extends Process implements ConfigurableModule {
$url = './'; $url = './';
} }
} }
if($this->id && !preg_match('/[?&]id=/', $url)) {
$url .= (strpos($url, '?') ? '&' : '?') . 'id=' . $this->id; $beforeLoginVars = $this->wire('session')->getFor($this, 'beforeLoginVars');
} if(!is_array($beforeLoginVars)) $beforeLoginVars = array();
if(strpos($url, 'login=1') === false) { if(!isset($beforeLoginVars['login'])) $beforeLoginVars['login'] = 1;
$url .= (strpos($url, '?') ? '&' : '?') . 'login=1'; $url .= (strpos($url, '?') ? '&' : '?');
foreach($beforeLoginVars as $name => $value) {
if(strpos($url, "?$name=") !== false || strpos($url, "&$name=") !== false) continue; // skip if overridden
if(!is_int($value)) $value = $this->wire('sanitizer')->entities($value);
$url .= "$name=$value&";
} }
$url = rtrim($url, '&');
return $url; return $url;
} }
/**
* Get validated/sanitized variables in the query string for not logged-in user to retain after login
*
* Hook this if you need to add more than 'id' but make sure anything populated
* to the return value is fully validated and sanitized.
*
* @return array Associative array of variables
*
*/
public function ___getBeforeLoginVars() {
$session = $this->wire('session');
$vars = $session->getFor($this, 'beforeLoginVars');
if(!is_array($vars)) $vars = array();
$id = $this->wire('input')->get('id');
if($id !== null) $vars['id'] = $this->wire('sanitizer')->intUnsigned($id);
return $vars;
}
/** /**
* Hook called on login fail * Hook called on login fail
* *