bn8/eesyphp
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix handling authentication

Browse source 
- URL routes now defaulty required authentication if
  force_authentication special function is defined.
- handle_request() now trigger a fatal error if user try to access to
  a required route and if force_authentication function is not defined.
- logging() now retreive username from $auth_user['username'].
This commit is contained in:
Benjamin Renard 2022-04-25 18:42:18 +02:00
parent e533ec9148
commit 01759fb4c2
7 changed files with 82 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
includes/logging.php
View file

@ -60,7 +60,7 @@ function logging($level, $message) {
$_SERVER['REMOTE_ADDR'], $_SERVER['REMOTE_ADDR'],
); );
if (isset($auth_user)) if (isset($auth_user))
$msg[] = ($auth_user?$auth_user:'anonymous'); $msg[] = ($auth_user['username']?$auth_user['username']:'anonymous');
$msg[] = $level; $msg[] = $level;
$msg[] = $message; $msg[] = $message;
$msg = implode(' - ', $msg)."\n"; $msg = implode(' - ', $msg)."\n";

21
includes/url.php
View file

@ -29,14 +29,20 @@ $url_patterns =array();
* @param $pattern string The URL pattern (required) * @param $pattern string The URL pattern (required)
* @param $handler callable The URL pattern handler (must be callable, required) * @param $handler callable The URL pattern handler (must be callable, required)
* @param $authenticated boolean Permit to define if this URL is accessible only for * @param $authenticated boolean Permit to define if this URL is accessible only for
* authenticated users (optional, default: true) * authenticated users (optional, default: true if the special
* force_authentication function is defined, false otherwise)
* @param $override boolean Allow override if a command already exists with the * @param $override boolean Allow override if a command already exists with the
* same name (optional, default: false) * same name (optional, default: false)
* @param $api_mode boolean Enable API mode (optional, default: false) * @param $api_mode boolean Enable API mode (optional, default: false)
* @param $methods array|null HTTP method (optional, default: array('GET', 'POST')) * @param $methods array|null HTTP method (optional, default: array('GET', 'POST'))
**/ **/
function add_url_handler($pattern, $handler=null, $authenticated=false, $override=true, function add_url_handler($pattern, $handler=null, $authenticated=null, $override=true,
$api_mode=false, $methods=null) { $api_mode=false, $methods=null) {
$authenticated = (
is_null($authenticated)?
function_exists('force_authentication'):
(bool)$authenticated
);
if (is_null($methods)) if (is_null($methods))
$methods = array('GET', 'POST'); $methods = array('GET', 'POST');
elseif (!is_array($methods)) elseif (!is_array($methods))
@ -322,6 +328,10 @@ function redirect($go=false) {
/** /**
* Handle the current requested URL * Handle the current requested URL
* *
* Note: if the route required that user is authenticated, this method will
* invoke the force_authentication() special function (or trigger a fatal error
* if it's not defined).
*
* @param $default_url string|null The default URL if current one does not * @param $default_url string|null The default URL if current one does not
* match with any configured pattern. * match with any configured pattern.
* *
@ -343,8 +353,11 @@ function handle_request($default_url=null) {
$smarty -> assign('request', $request); $smarty -> assign('request', $request);
// Check authentication (if need) // Check authentication (if need)
if($request -> authenticated && function_exists('force_authentication')) if($request -> authenticated)
force_authentication(); if (function_exists('force_authentication'))
force_authentication();
else
logging('FATAL', _("Authentication required but force_authentication function is not defined."));
try { try {
return call_user_func($request -> handler, $request); return call_user_func($request -> handler, $request);

BIN
lang/fr_FR.UTF8/LC_MESSAGES/DEFAULT.mo
View file

Binary file not shown.

37
lang/fr_FR.UTF8/LC_MESSAGES/DEFAULT.po
View file

@ -1,7 +1,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: \n" "Project-Id-Version: \n"
"POT-Creation-Date: 2022-04-24 19:09+0200\n" "POT-Creation-Date: 2022-04-25 18:40+0200\n"
"PO-Revision-Date: \n" "PO-Revision-Date: \n"
"Last-Translator: Benjamin Renard <brenard@easter-eggs.com>\n" "Last-Translator: Benjamin Renard <brenard@easter-eggs.com>\n"
"Language-Team: \n" "Language-Team: \n"
@ -351,27 +351,27 @@ msgstr ""
"\n" "\n"
"Mail originalement destiné à %s." "Mail originalement destiné à %s."
#: /home/brenard/dev/eesyphp/includes/url.php:92 #: /home/brenard/dev/eesyphp/includes/url.php:98
msgid "Bad request" msgid "Bad request"
msgstr "Mauvaise requête" msgstr "Mauvaise requête"
#: /home/brenard/dev/eesyphp/includes/url.php:93 #: /home/brenard/dev/eesyphp/includes/url.php:99
msgid "Invalid request." msgid "Invalid request."
msgstr "Requête invalide." msgstr "Requête invalide."
#: /home/brenard/dev/eesyphp/includes/url.php:96 #: /home/brenard/dev/eesyphp/includes/url.php:102
msgid "Authentication required" msgid "Authentication required"
msgstr "Authentification requise" msgstr "Authentification requise"
#: /home/brenard/dev/eesyphp/includes/url.php:97 #: /home/brenard/dev/eesyphp/includes/url.php:103
msgid "You have to be authenticated to access to this page." msgid "You have to be authenticated to access to this page."
msgstr "Vous devez être authentifié pour accéder à cette page." msgstr "Vous devez être authentifié pour accéder à cette page."
#: /home/brenard/dev/eesyphp/includes/url.php:100 #: /home/brenard/dev/eesyphp/includes/url.php:106
msgid "Access denied" msgid "Access denied"
msgstr "Accès interdit" msgstr "Accès interdit"
#: /home/brenard/dev/eesyphp/includes/url.php:101 #: /home/brenard/dev/eesyphp/includes/url.php:107
msgid "" msgid ""
"You do not have access to this application. If you think this is an error, " "You do not have access to this application. If you think this is an error, "
"please contact support." "please contact support."
@ -379,25 +379,25 @@ msgstr ""
"Vous n'avez pas accès à cette application. Si vous pensez qu'il s'agit d'une " "Vous n'avez pas accès à cette application. Si vous pensez qu'il s'agit d'une "
"erreur, merci de prendre contact avec le support." "erreur, merci de prendre contact avec le support."
#: /home/brenard/dev/eesyphp/includes/url.php:104 #: /home/brenard/dev/eesyphp/includes/url.php:110
msgid "Whoops ! Page not found" msgid "Whoops ! Page not found"
msgstr "Oups ! Page introuvable" msgstr "Oups ! Page introuvable"
#: /home/brenard/dev/eesyphp/includes/url.php:105 #: /home/brenard/dev/eesyphp/includes/url.php:111
msgid "The requested page can not be found." msgid "The requested page can not be found."
msgstr "La page demandée est introuvable." msgstr "La page demandée est introuvable."
#: /home/brenard/dev/eesyphp/includes/url.php:113 #: /home/brenard/dev/eesyphp/includes/url.php:119
msgid "Error" msgid "Error"
msgstr "Erreur" msgstr "Erreur"
#: /home/brenard/dev/eesyphp/includes/url.php:114 #: /home/brenard/dev/eesyphp/includes/url.php:120
msgid "An unknown error occurred. If problem persist, please contact support." msgid "An unknown error occurred. If problem persist, please contact support."
msgstr "" msgstr ""
"Une erreur inconnue est survenue. Si le problème persiste, merci de prendre " "Une erreur inconnue est survenue. Si le problème persiste, merci de prendre "
"contact avec le support." "contact avec le support."
#: /home/brenard/dev/eesyphp/includes/url.php:159 #: /home/brenard/dev/eesyphp/includes/url.php:165
msgid "" msgid ""
"Unable to determine the requested page. If the problem persists, please " "Unable to determine the requested page. If the problem persists, please "
"contact support." "contact support."
@ -405,7 +405,7 @@ msgstr ""
"Impossible de déterminer la page demandée. Si le problème persiste, merci de " "Impossible de déterminer la page demandée. Si le problème persiste, merci de "
"prendre contact avec le support." "prendre contact avec le support."
#: /home/brenard/dev/eesyphp/includes/url.php:312 #: /home/brenard/dev/eesyphp/includes/url.php:318
msgid "" msgid ""
"Unable to determine the requested page (loop detected). If the problem " "Unable to determine the requested page (loop detected). If the problem "
"persists, please contact support." "persists, please contact support."
@ -413,11 +413,18 @@ msgstr ""
"Impossible de déterminer la page demandée (boucle détectée). Si le problème " "Impossible de déterminer la page demandée (boucle détectée). Si le problème "
"persiste, merci de prendre contact avec le support." "persiste, merci de prendre contact avec le support."
#: /home/brenard/dev/eesyphp/includes/url.php:337 #: /home/brenard/dev/eesyphp/includes/url.php:347
msgid "This request cannot be processed." msgid "This request cannot be processed."
msgstr "Cette requête ne peut être traitée." msgstr "Cette requête ne peut être traitée."
#: /home/brenard/dev/eesyphp/includes/url.php:355 #: /home/brenard/dev/eesyphp/includes/url.php:360
msgid ""
"Authentication required but force_authentication function is not defined."
msgstr ""
"Authentification requise mais la fonction force_authentication n'est pas "
"définie."
#: /home/brenard/dev/eesyphp/includes/url.php:368
msgid "This request could not be processed correctly." msgid "This request could not be processed correctly."
msgstr "Cette requête n'a put être traitée correctement." msgstr "Cette requête n'a put être traitée correctement."

4
lang/headers.pot
View file

@ -1,7 +1,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"POT-Creation-Date: 2022-04-24 20:13+0200\n" "POT-Creation-Date: 2022-04-25 18:40+0200\n"
"PO-Revision-Date: 2022-04-24 20:13+0200\n" "PO-Revision-Date: 2022-04-25 18:40+0200\n"
"MIME-Version: 1.0\n" "MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n" "Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"

37
lang/messages.pot
View file

@ -1,7 +1,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"POT-Creation-Date: 2022-04-24 20:13+0200\n" "POT-Creation-Date: 2022-04-25 18:40+0200\n"
"PO-Revision-Date: 2022-04-24 20:13+0200\n" "PO-Revision-Date: 2022-04-25 18:40+0200\n"
"MIME-Version: 1.0\n" "MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n" "Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
@ -305,65 +305,70 @@ msgid ""
"Mail initialy intended for %s." "Mail initialy intended for %s."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:92 #: /home/brenard/dev/eesyphp/includes/url.php:98
msgid "Bad request" msgid "Bad request"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:93 #: /home/brenard/dev/eesyphp/includes/url.php:99
msgid "Invalid request." msgid "Invalid request."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:96 #: /home/brenard/dev/eesyphp/includes/url.php:102
msgid "Authentication required" msgid "Authentication required"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:97 #: /home/brenard/dev/eesyphp/includes/url.php:103
msgid "You have to be authenticated to access to this page." msgid "You have to be authenticated to access to this page."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:100 #: /home/brenard/dev/eesyphp/includes/url.php:106
msgid "Access denied" msgid "Access denied"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:101 #: /home/brenard/dev/eesyphp/includes/url.php:107
msgid "" msgid ""
"You do not have access to this application. If you think this is an error, " "You do not have access to this application. If you think this is an error, "
"please contact support." "please contact support."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:104 #: /home/brenard/dev/eesyphp/includes/url.php:110
msgid "Whoops ! Page not found" msgid "Whoops ! Page not found"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:105 #: /home/brenard/dev/eesyphp/includes/url.php:111
msgid "The requested page can not be found." msgid "The requested page can not be found."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:113 #: /home/brenard/dev/eesyphp/includes/url.php:119
msgid "Error" msgid "Error"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:114 #: /home/brenard/dev/eesyphp/includes/url.php:120
msgid "An unknown error occurred. If problem persist, please contact support." msgid "An unknown error occurred. If problem persist, please contact support."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:159 #: /home/brenard/dev/eesyphp/includes/url.php:165
msgid "" msgid ""
"Unable to determine the requested page. If the problem persists, please " "Unable to determine the requested page. If the problem persists, please "
"contact support." "contact support."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:312 #: /home/brenard/dev/eesyphp/includes/url.php:318
msgid "" msgid ""
"Unable to determine the requested page (loop detected). If the problem " "Unable to determine the requested page (loop detected). If the problem "
"persists, please contact support." "persists, please contact support."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:337 #: /home/brenard/dev/eesyphp/includes/url.php:347
msgid "This request cannot be processed." msgid "This request cannot be processed."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:355 #: /home/brenard/dev/eesyphp/includes/url.php:360
msgid ""
"Authentication required but force_authentication function is not defined."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:368
msgid "This request could not be processed correctly." msgid "This request could not be processed correctly."
msgstr "" msgstr ""

33
lang/php-messages.pot
View file

@ -297,65 +297,70 @@ msgid ""
"Mail initialy intended for %s." "Mail initialy intended for %s."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:92 #: /home/brenard/dev/eesyphp/includes/url.php:98
msgid "Bad request" msgid "Bad request"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:93 #: /home/brenard/dev/eesyphp/includes/url.php:99
msgid "Invalid request." msgid "Invalid request."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:96 #: /home/brenard/dev/eesyphp/includes/url.php:102
msgid "Authentication required" msgid "Authentication required"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:97 #: /home/brenard/dev/eesyphp/includes/url.php:103
msgid "You have to be authenticated to access to this page." msgid "You have to be authenticated to access to this page."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:100 #: /home/brenard/dev/eesyphp/includes/url.php:106
msgid "Access denied" msgid "Access denied"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:101 #: /home/brenard/dev/eesyphp/includes/url.php:107
msgid "" msgid ""
"You do not have access to this application. If you think this is an error, " "You do not have access to this application. If you think this is an error, "
"please contact support." "please contact support."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:104 #: /home/brenard/dev/eesyphp/includes/url.php:110
msgid "Whoops ! Page not found" msgid "Whoops ! Page not found"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:105 #: /home/brenard/dev/eesyphp/includes/url.php:111
msgid "The requested page can not be found." msgid "The requested page can not be found."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:113 #: /home/brenard/dev/eesyphp/includes/url.php:119
msgid "Error" msgid "Error"
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:114 #: /home/brenard/dev/eesyphp/includes/url.php:120
msgid "An unknown error occurred. If problem persist, please contact support." msgid "An unknown error occurred. If problem persist, please contact support."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:159 #: /home/brenard/dev/eesyphp/includes/url.php:165
msgid "" msgid ""
"Unable to determine the requested page. If the problem persists, please " "Unable to determine the requested page. If the problem persists, please "
"contact support." "contact support."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:312 #: /home/brenard/dev/eesyphp/includes/url.php:318
msgid "" msgid ""
"Unable to determine the requested page (loop detected). If the problem " "Unable to determine the requested page (loop detected). If the problem "
"persists, please contact support." "persists, please contact support."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:337 #: /home/brenard/dev/eesyphp/includes/url.php:347
msgid "This request cannot be processed." msgid "This request cannot be processed."
msgstr "" msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:355 #: /home/brenard/dev/eesyphp/includes/url.php:360
msgid ""
"Authentication required but force_authentication function is not defined."
msgstr ""
#: /home/brenard/dev/eesyphp/includes/url.php:368
msgid "This request could not be processed correctly." msgid "This request could not be processed correctly."
msgstr "" msgstr ""