3caebb3b20
* Add feed widget * add feed render * Add CommentPage widget * New theme (#1390) * 调整忽略目录 * add theme * fix theme scss build Co-authored-by: fen <f3nb0x@gmail.com> * s/is_writeable/is_writable/g * New upgrade method * merge new fixes from master * add pgsql ssl mode support (ref #1600) (#1623) * Feat/code refactor (#1626) * remove all magic methods, add type for class properties * refactor codes * fix all * refactor code * fix type * fix all * fix request is method * fix all * fix router * fix get page * fix 1.3.0 upgrade * [feat] support high resolution avatar * fix types in i18n component * Implement Ctrl+S or Command+S for save draft (#1628) * Implement Ctrl+S or Command+S for save draft * rename * add Typecho.savePost * fix upload file size * add new uploader * replace new uploader * fix textarea change * fix preview * refactor post edit * fix issue * fix page edit --------- Co-authored-by: joyqi <joyqi@segmentfault.com> Co-authored-by: joyqi <magike.net@gmail.com> * fix #1632 * Add svg to image types * Feat/tree pages (#1646) * add tree trait * finish category tree trait * support select fields * fix select fields * refactor admin trait * fix draft status * Add new contents type "revision" * minor refactor * add more tree view abstracts * add tree trait to pages * get ready for tree view pages * improve page edit * fix revision * fix slug * add router params delegate * fix params delegate * fix * fix * fix all * fix all * fix tree * fix page link * fix feed * fix page * fix permalink * fix permalink input * fix offset query * Support IDN (#1629) * Support IDN * use js * Optimize code * Optimize code * fix URL script * remove unnecessary use --------- Co-authored-by: joyqi <joyqi@segmentfault.com> * fix input element * fix #1651, close #1653 * Use json instead of serialize (#1624) * Use json instead of serialize * Fix Upgrade code * add tree trait * finish category tree trait * support select fields * fix select fields * refactor admin trait * fix draft status * Add new contents type "revision" * minor refactor * add more tree view abstracts * add tree trait to pages * get ready for tree view pages * improve page edit * fix revision * fix slug * add router params delegate * fix params delegate * fix * fix * fix all * fix all * fix tree * fix page link * fix feed * fix page * fix permalink * fix permalink input * fix offset query * Fix typo * remove proxy methods * remove unnecessary useage --------- Co-authored-by: joyqi <joyqi@segmentfault.com> Co-authored-by: joyqi <magike.net@gmail.com> * Fix Prevent XSS vulnerability in default theme (#1654) * Fix Prevent XSS vulnerability in default theme * Update var/Typecho/Db/Adapter/Pdo.php * fix the getter --------- Co-authored-by: joyqi <joyqi@segmentfault.com> * add throwCallback to widget response * fix: cut down fields when selecting recent posts * fix typo errors * fix typo errors * fix http client cookie * add throw finish * fix theme lang * fix default theme * fix query * add open graph and twitter card support add canonical link * fix canonical link meta * fix theme classic-22 * remove unnecessary scss file when packaging * init plugin signal * improve: remove feather-icon js file * fix: typo * improve: post detail layout * fix tags saving * improve: nav search * fix: theme screenshot * fix: theme page layout * remove php 7.2/7.3 env --------- Co-authored-by: fen <f3nb0x@gmail.com> Co-authored-by: Lu Fei <52o@qq52o.cn>
283 lines
7.8 KiB
PHP
283 lines
7.8 KiB
PHP
<?php
|
|
|
|
namespace Widget;
|
|
|
|
use Typecho\Common;
|
|
use Typecho\Cookie;
|
|
use Typecho\Db\Exception as DbException;
|
|
use Typecho\Widget;
|
|
use Utils\PasswordHash;
|
|
use Widget\Base\Users;
|
|
|
|
if (!defined('__TYPECHO_ROOT_DIR__')) {
|
|
exit;
|
|
}
|
|
|
|
/**
|
|
* 当前登录用户
|
|
*
|
|
* @category typecho
|
|
* @package Widget
|
|
* @copyright Copyright (c) 2008 Typecho team (http://www.typecho.org)
|
|
* @license GNU General Public License 2.0
|
|
*/
|
|
class User extends Users
|
|
{
|
|
/**
|
|
* 用户组
|
|
*
|
|
* @var array
|
|
*/
|
|
public array $groups = [
|
|
'administrator' => 0,
|
|
'editor' => 1,
|
|
'contributor' => 2,
|
|
'subscriber' => 3,
|
|
'visitor' => 4
|
|
];
|
|
|
|
/**
|
|
* 用户
|
|
*
|
|
* @var array
|
|
*/
|
|
private array $currentUser;
|
|
|
|
/**
|
|
* 是否已经登录
|
|
*
|
|
* @var boolean|null
|
|
*/
|
|
private ?bool $hasLogin = null;
|
|
|
|
/**
|
|
* @param int $components
|
|
*/
|
|
protected function initComponents(int &$components)
|
|
{
|
|
$components = self::INIT_OPTIONS;
|
|
}
|
|
|
|
/**
|
|
* 执行函数
|
|
*
|
|
* @throws DbException
|
|
*/
|
|
public function execute()
|
|
{
|
|
if ($this->hasLogin()) {
|
|
$this->push($this->currentUser);
|
|
|
|
// update last activated time
|
|
$this->db->query($this->db
|
|
->update('table.users')
|
|
->rows(['activated' => $this->options->time])
|
|
->where('uid = ?', $this->currentUser['uid']));
|
|
|
|
// merge personal options
|
|
$options = $this->personalOptions->toArray();
|
|
|
|
foreach ($options as $key => $val) {
|
|
$this->options->{$key} = $val;
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* 判断用户是否已经登录
|
|
*
|
|
* @return boolean
|
|
* @throws DbException
|
|
*/
|
|
public function hasLogin(): ?bool
|
|
{
|
|
if (null !== $this->hasLogin) {
|
|
return $this->hasLogin;
|
|
} else {
|
|
$cookieUid = Cookie::get('__typecho_uid');
|
|
if (null !== $cookieUid) {
|
|
/** 验证登录 */
|
|
$user = $this->db->fetchRow($this->db->select()->from('table.users')
|
|
->where('uid = ?', intval($cookieUid))
|
|
->limit(1));
|
|
|
|
$cookieAuthCode = Cookie::get('__typecho_authCode');
|
|
if ($user && Common::hashValidate($user['authCode'], $cookieAuthCode)) {
|
|
$this->currentUser = $user;
|
|
return ($this->hasLogin = true);
|
|
}
|
|
|
|
$this->logout();
|
|
}
|
|
|
|
return ($this->hasLogin = false);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* 用户登出函数
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
public function logout()
|
|
{
|
|
self::pluginHandle()->trigger($logoutPluggable)->call('logout');
|
|
if ($logoutPluggable) {
|
|
return;
|
|
}
|
|
|
|
Cookie::delete('__typecho_uid');
|
|
Cookie::delete('__typecho_authCode');
|
|
}
|
|
|
|
/**
|
|
* 以用户名和密码登录
|
|
*
|
|
* @access public
|
|
* @param string $name 用户名
|
|
* @param string $password 密码
|
|
* @param boolean $temporarily 是否为临时登录
|
|
* @param integer $expire 过期时间
|
|
* @return boolean
|
|
* @throws DbException
|
|
*/
|
|
public function login(string $name, string $password, bool $temporarily = false, int $expire = 0): bool
|
|
{
|
|
//插件接口
|
|
$result = self::pluginHandle()->trigger($loginPluggable)->call('login', $name, $password, $temporarily, $expire);
|
|
if ($loginPluggable) {
|
|
return $result;
|
|
}
|
|
|
|
/** 开始验证用户 **/
|
|
$user = $this->db->fetchRow($this->db->select()
|
|
->from('table.users')
|
|
->where((strpos($name, '@') ? 'mail' : 'name') . ' = ?', $name)
|
|
->limit(1));
|
|
|
|
if (empty($user)) {
|
|
return false;
|
|
}
|
|
|
|
$hashValidate = self::pluginHandle()->trigger($hashPluggable)->call('hashValidate', $password, $user['password']);
|
|
if (!$hashPluggable) {
|
|
if ('$P$' == substr($user['password'], 0, 3)) {
|
|
$hasher = new PasswordHash(8, true);
|
|
$hashValidate = $hasher->checkPassword($password, $user['password']);
|
|
} else {
|
|
$hashValidate = Common::hashValidate($password, $user['password']);
|
|
}
|
|
}
|
|
|
|
if ($hashValidate) {
|
|
if (!$temporarily) {
|
|
$this->commitLogin($user, $expire);
|
|
}
|
|
|
|
/** 压入数据 */
|
|
$this->push($user);
|
|
$this->currentUser = $user;
|
|
$this->hasLogin = true;
|
|
self::pluginHandle()->call('loginSucceed', $this, $name, $password, $temporarily, $expire);
|
|
|
|
return true;
|
|
}
|
|
|
|
self::pluginHandle()->call('loginFail', $this, $name, $password, $temporarily, $expire);
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* @param $user
|
|
* @param int $expire
|
|
* @throws DbException
|
|
*/
|
|
public function commitLogin(&$user, int $expire = 0)
|
|
{
|
|
$authCode = function_exists('openssl_random_pseudo_bytes') ?
|
|
bin2hex(openssl_random_pseudo_bytes(16)) : sha1(Common::randString(20));
|
|
$user['authCode'] = $authCode;
|
|
|
|
Cookie::set('__typecho_uid', $user['uid'], $expire);
|
|
Cookie::set('__typecho_authCode', Common::hash($authCode), $expire);
|
|
|
|
//更新最后登录时间以及验证码
|
|
$this->db->query($this->db
|
|
->update('table.users')
|
|
->expression('logged', 'activated')
|
|
->rows(['authCode' => $authCode])
|
|
->where('uid = ?', $user['uid']));
|
|
}
|
|
|
|
/**
|
|
* 只需要提供uid或者完整user数组即可登录的方法, 多用于插件等特殊场合
|
|
*
|
|
* @param int | array $uid 用户id或者用户数据数组
|
|
* @param boolean $temporarily 是否为临时登录,默认为临时登录以兼容以前的方法
|
|
* @param integer $expire 过期时间
|
|
* @return boolean
|
|
* @throws DbException
|
|
*/
|
|
public function simpleLogin($uid, bool $temporarily = true, int $expire = 0): bool
|
|
{
|
|
if (is_array($uid)) {
|
|
$user = $uid;
|
|
} else {
|
|
$user = $this->db->fetchRow($this->db->select()
|
|
->from('table.users')
|
|
->where('uid = ?', $uid)
|
|
->limit(1));
|
|
}
|
|
|
|
if (empty($user)) {
|
|
self::pluginHandle()->call('simpleLoginFail', $this);
|
|
return false;
|
|
}
|
|
|
|
if (!$temporarily) {
|
|
$this->commitLogin($user, $expire);
|
|
}
|
|
|
|
$this->push($user);
|
|
$this->currentUser = $user;
|
|
$this->hasLogin = true;
|
|
|
|
self::pluginHandle()->call('simpleLoginSucceed', $this, $user);
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* 判断用户权限
|
|
*
|
|
* @access public
|
|
* @param string $group 用户组
|
|
* @param boolean $return 是否为返回模式
|
|
* @return boolean
|
|
* @throws DbException|Widget\Exception
|
|
*/
|
|
public function pass(string $group, bool $return = false): bool
|
|
{
|
|
if ($this->hasLogin()) {
|
|
if (array_key_exists($group, $this->groups) && $this->groups[$this->group] <= $this->groups[$group]) {
|
|
return true;
|
|
}
|
|
} else {
|
|
if ($return) {
|
|
return false;
|
|
} else {
|
|
//防止循环重定向
|
|
$this->response->redirect(defined('__TYPECHO_ADMIN__') ? $this->options->loginUrl .
|
|
(0 === strpos($this->request->getReferer() ?? '', $this->options->loginUrl) ? '' :
|
|
'?referer=' . urlencode($this->request->makeUriByRequest())) : $this->options->siteUrl);
|
|
}
|
|
}
|
|
|
|
if ($return) {
|
|
return false;
|
|
} else {
|
|
throw new Widget\Exception(_t('禁止访问'), 403);
|
|
}
|
|
}
|
|
}
|