diff --git a/misuzu.php b/misuzu.php index cf5b6237..02b482f3 100644 --- a/misuzu.php +++ b/misuzu.php @@ -322,20 +322,22 @@ MIG; empty($userDisplayInfo) ? ip_remote_address() : $_COOKIE['msz_sid'] ); - $privateInfo = $app->getPrivateInfo(); - - if (!$misuzuBypassLockdown && $privateInfo['enabled']) { + if (!$misuzuBypassLockdown && boolval(config_get_default(false, 'Private', 'enabled'))) { if (user_session_active()) { - $generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id']); + $privatePermission = intval(config_get_default(0, 'Private', 'permission')); - if ($privateInfo['permission'] && !perms_check($generalPerms, $privateInfo['permission'])) { - unset($userDisplayInfo); - user_session_stop(); // au revoir + if ($privatePermission > 0) { + $generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id']); + + if (!perms_check($generalPerms, $privatePermission)) { + unset($userDisplayInfo); + user_session_stop(); // au revoir + } } } else { http_response_code(401); echo tpl_render('auth.private', [ - 'private_info'=> $privateInfo, + 'private_message'=> config_get_default('', 'Private', 'message'), ]); exit; } diff --git a/public/auth.php b/public/auth.php index 8dea54c1..aa9e1dd5 100644 --- a/public/auth.php +++ b/public/auth.php @@ -15,8 +15,12 @@ $usernameValidationErrors = [ 'in-use' => 'This username is already taken!', ]; -$preventRegistration = $app->disableRegistration(); -$preventPasswordReset = ($privateInfo['enabled'] ?? false) && !($privateInfo['password_reset'] ?? true); +$siteIsPrivate = boolval(config_get_default(false, 'Private', 'enabled')); +$loginPermission = $siteIsPrivate ? intval(config_get_default(0, 'Private', 'permission')) : 0; +$canResetPassword = $siteIsPrivate ? boolval(config_get_default(false, 'Private', 'password_reset')) : true; +$canCreateAccount = !$siteIsPrivate + && !boolval(config_get_default(false, 'Auth', 'lockdown')) + && !boolval(config_get_default(false, 'Auth', 'prevent_registration')); $authUsername = $isSubmission ? ($_POST['auth']['username'] ?? '') : ($_GET['username'] ?? ''); $authEmail = $isSubmission ? ($_POST['auth']['email'] ?? '') : ($_GET['email'] ?? ''); @@ -24,8 +28,8 @@ $authPassword = $_POST['auth']['password'] ?? ''; $authVerification = $_POST['auth']['verification'] ?? ''; tpl_vars([ - 'prevent_registration' => $preventRegistration, - 'prevent_password_reset' => $preventPasswordReset, + 'can_create_account' => $canCreateAccount, + 'can_reset_password' => $canResetPassword, 'auth_mode' => $authMode, 'auth_username' => $authUsername, 'auth_email' => $authEmail, @@ -59,7 +63,7 @@ switch ($authMode) { break; } - if ($preventPasswordReset) { + if (!$canResetPassword) { header('Location: /'); return; } @@ -151,7 +155,7 @@ switch ($authMode) { break; case 'forgot': - if (user_session_active() || $preventPasswordReset) { + if (user_session_active() || !$canResetPassword) { header('Location: /'); break; } @@ -300,10 +304,10 @@ MSG; user_login_attempt_record(true, $userId, $ipAddress, $userAgent); - if (!empty($privateInfo['permission'])) { + if ($loginPermission > 0) { $generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $userId); - if (!perms_check($generalPerms, $privateInfo['permission'])) { + if (!perms_check($generalPerms, $loginPermission)) { $authLoginError = 'Your credentials were correct, but your account lacks the proper permissions to use this website.'; break; } @@ -327,8 +331,8 @@ MSG; if (!empty($authLoginError)) { tpl_var('auth_login_error', $authLoginError); - } elseif (!empty($privateInfo['enabled'])) { - tpl_var('auth_register_message', $privateInfo['message'] ?? ''); + } elseif ($siteIsPrivate) { + tpl_var('auth_register_message', config_get_default('', 'Private', 'message')); } echo tpl_render('auth.auth'); @@ -342,8 +346,8 @@ MSG; $authRegistrationError = ''; while ($isSubmission) { - if ($preventRegistration) { - $authRegistrationError = 'Registration is not allowed on this instance.'; + if (!$canCreateAccount) { + $authRegistrationError = 'You may not create an account right now.'; break; } diff --git a/src/Application.php b/src/Application.php index 1b144e20..9c7bc2dd 100644 --- a/src/Application.php +++ b/src/Application.php @@ -124,15 +124,10 @@ final class Application public function disableRegistration(): bool { return $this->underLockdown() - || $this->getPrivateInfo()['enabled'] + || boolval(config_get_default(false, 'Private', 'enabled')) || boolval(config_get_default(false, 'Auth', 'prevent_registration')); } - public function getPrivateInfo(): array - { - return config_get_default(['enabled' => false], 'Private'); - } - // used in some of the user functions still, fix that public static function getInstance(): Application { diff --git a/templates/auth/auth.twig b/templates/auth/auth.twig index 749d2988..17dc0395 100644 --- a/templates/auth/auth.twig +++ b/templates/auth/auth.twig @@ -8,7 +8,7 @@ auth_register_message is defined ) }} - {% if not prevent_registration %} + {% if can_create_account %}
{{ 'register'|csrf|raw }} @@ -43,7 +43,7 @@
{% endif %} - {% if not prevent_password_reset %} + {% if can_reset_password %}
{{ 'passforgot'|csrf|raw }} diff --git a/templates/auth/private.twig b/templates/auth/private.twig index 08085e14..4bb18590 100644 --- a/templates/auth/private.twig +++ b/templates/auth/private.twig @@ -4,7 +4,7 @@ {% block content %} {{ auth_login( auth_username|default(''), - auth_login_error|default(private_info.message|default('')), + auth_login_error|default(private_message|default('')), auth_login_error is not defined ) }} {% endblock %}