Merge branch 'issue#73' into issue#72

jeroenrnl · Apr 4, 2016 · 213da7a · 213da7a
2 parents 8271bf1 + 06b41d7
commit 213da7a
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 8 deletions.
diff --git a/php/auth.inc.php b/php/auth.inc.php
@@ -27,7 +27,6 @@
  * @author Jason Geiger
  * @author Jeroen Roos
  */
-
 $_action="display";
 if (!defined("CLI")) {
     session_start();
@@ -81,26 +80,25 @@
         $validator = new validator($uname, $pword);
         $user = $validator->validate();
     }
-
     // we have a valid user
     if (!empty($user)) {
         $user->lookup();
         $user->lookupPerson();
         $user->lookupPrefs();
 
         // Update Last Login Fields
-        $updated_user = new user($user->get("user_id"));
-        $updated_user->set("lastlogin", "now()");
-        $updated_user->set("lastip", $_SERVER["REMOTE_ADDR"]);
-        $updated_user->update();
+        $user->set("lastlogin", "now()");
+        $user->set("lastip", $_SERVER["REMOTE_ADDR"]);
+        $user->update();
+        $user->lookup();
     } else {
         $this_page=urlencode(preg_replace("/^\//", "", $_SERVER['REQUEST_URI']));
         redirect("logon.php?redirect=" . $this_page);
     }
 
 }
 
-if (!empty($user)) {
+if (!empty($user) && !($user instanceof anonymousUser)) {
     $user->prefs->load();
     $lang=$user->loadLanguage();
     user::setCurrent($user);
@@ -123,6 +121,8 @@
     if (array_key_exists('HTTPS', $_SERVER) && (conf::get("ssl.force")=="login")) {
         redirect(getZophURL("http"), "switch back from https to http");
     }
+} else if ($user instanceof anonymousUser) {
+    user::setCurrent($user);
 } else {
     $lang = new language(conf::get("interface.language"));
 }

diff --git a/php/classes/anonymousUser.inc.php b/php/classes/anonymousUser.inc.php
@@ -62,6 +62,20 @@ public function getId() {
         return 0;
     }
 
+    /**
+     * Fake lookup
+     */
+    public function lookup() {
+        return false;
+    }
+
+    /**
+     * Fake update
+     */
+    public function update() {
+        return false;
+    }
+
     /**
      * Return a bogus person id
      */

diff --git a/php/classes/user.inc.php b/php/classes/user.inc.php
@@ -66,6 +66,17 @@ public function insert() {
         $this->prefs->insert();
     }
 
+    /**
+     * lookup user, unset password
+     * this is both to prevent hashes to be displayed in debug info
+     * and to prevent the password to be overwritten with the hash
+     * of the hash of the password
+     */
+    public function lookup() {
+        parent::lookup();
+        unset($this->fields["password"]);
+    }
+
     /**
      * Delete a user from the db
      * also delete the preferences for this user

diff --git a/php/header.inc.php b/php/header.inc.php
@@ -23,7 +23,7 @@
  */
 
 header("Content-Type: text/html; charset=utf-8");
-global $user;
+$user=user::getCurrent();
 
 $icons=array(
     "count"     => template::getImage("icons/photo.png"),