projects / GitHub / WoltLab / WCF.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch '3.0' into master
[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / page / AbstractAuthedPage.class.php
1 <?php
2 namespace wcf\page;
3 use wcf\data\user\User;
4 use wcf\system\exception\IllegalLinkException;
5 use wcf\system\session\SessionHandler;
6 use wcf\system\WCF;
7 use wcf\util\CryptoUtil;
8 use wcf\util\StringUtil;
9
10 /**
11 * Automatically authes the user for the current request via an access-token.
12 * A missing token will be ignored, an invalid token results in a throw of a IllegalLinkException.
13 *
14 * @author Tim Duesterhus
15 * @copyright 2001-2018 WoltLab GmbH
16 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
17 * @package WoltLabSuite\Core\Page
18 */
19 abstract class AbstractAuthedPage extends AbstractPage {
20 /**
21 * @inheritDoc
22 */
23 public function readParameters() {
24 parent::readParameters();
25
26 // check security token
27 $this->checkAccessToken();
28 }
29
30 /**
31 * Validates the access-token and performs the login.
32 */
33 protected function checkAccessToken() {
34 if (isset($_REQUEST['at'])) {
35 list($userID, $token) = array_pad(explode('-', StringUtil::trim($_REQUEST['at']), 2), 2, null);
36
37 if (WCF::getUser()->userID) {
38 if ($userID == WCF::getUser()->userID && CryptoUtil::secureCompare(WCF::getUser()->accessToken, $token)) {
39 // everything is fine, but we are already logged in
40 return;
41 }
42 else {
43 // token is invalid
44 throw new IllegalLinkException();
45 }
46 }
47 else {
48 $user = new User($userID);
49 if (CryptoUtil::secureCompare($user->accessToken, $token)) {
50 // token is valid -> change user
51 SessionHandler::getInstance()->changeUser($user, true);
52 }
53 else {
54 // token is invalid
55 throw new IllegalLinkException();
56 }
57 }
58 }
59 }
60 }
WoltLab Suite Core (previously WoltLab Community Framework)