aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/mayor-base/www/include
diff options
context:
space:
mode:
authorM.Gergo2021-05-17 17:50:05 +0200
committerM.Gergo2021-05-17 17:50:05 +0200
commitef8b3fd973fa34b303370d5acc21744e57bca507 (patch)
tree67a42f55b0f36f024c33d8892c1112e8c5746556 /mayor-orig/mayor-base/www/include
parentfb24a50c54d5776468e49def08aea44c4077eb47 (diff)
downloadmayor-rev4787.tar.gz
mayor-rev4787.zip
Rev: 4787rev4787
Diffstat (limited to 'mayor-orig/mayor-base/www/include')
-rw-r--r--mayor-orig/mayor-base/www/include/backend/ldap/password/changePassword.php4
-rw-r--r--mayor-orig/mayor-base/www/include/backend/ldap/session/createAccount.php2
-rw-r--r--mayor-orig/mayor-base/www/include/base/base.php2
-rw-r--r--mayor-orig/mayor-base/www/include/base/config.php1
-rw-r--r--mayor-orig/mayor-base/www/include/base/error.php40
-rw-r--r--mayor-orig/mayor-base/www/include/base/log.php5
-rw-r--r--mayor-orig/mayor-base/www/include/base/mysql.php10
-rw-r--r--mayor-orig/mayor-base/www/include/base/rights.php3
-rw-r--r--mayor-orig/mayor-base/www/include/base/var.php3
-rw-r--r--mayor-orig/mayor-base/www/include/share/auth/base.php3
-rw-r--r--mayor-orig/mayor-base/www/include/share/net/googleapi.php74
-rw-r--r--mayor-orig/mayor-base/www/include/share/session/base.php4
12 files changed, 131 insertions, 20 deletions
diff --git a/mayor-orig/mayor-base/www/include/backend/ldap/password/changePassword.php b/mayor-orig/mayor-base/www/include/backend/ldap/password/changePassword.php
index 22ace5ca..3821c06c 100644
--- a/mayor-orig/mayor-base/www/include/backend/ldap/password/changePassword.php
+++ b/mayor-orig/mayor-base/www/include/backend/ldap/password/changePassword.php
@@ -23,7 +23,7 @@ function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy =
if ($ds) {
$b_ok = ldap_bind($ds,$userDn,$userPassword);
if ($b_ok) {
- $info['userPassword'][0] = '{crypt}' . crypt($newPassword);
+ $info['userPassword'][0] = '{crypt}' . crypt($newPassword, __SALTVALUE);
// Ezekre nincs jogosultsága a felhasználónak, nem változnak:
// _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
$info['shadowlastchange'][0] = $shadowLastChange;
@@ -69,7 +69,7 @@ function changePassword($userAccount, $newPassword, $toPolicy = '') {
if ($ds) {
$b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD);
if ($b_ok) {
- $info['userPassword'][0] = '{crypt}' . crypt($newPassword);
+ $info['userPassword'][0] = '{crypt}' . crypt($newPassword, __SALTVALUE);
// Ezekre nincs jogosultsága a felhasználónak, nem változnak:
// _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE
$info['shadowlastchange'][0] = $shadowLastChange;
diff --git a/mayor-orig/mayor-base/www/include/backend/ldap/session/createAccount.php b/mayor-orig/mayor-base/www/include/backend/ldap/session/createAccount.php
index 79f40530..3089929f 100644
--- a/mayor-orig/mayor-base/www/include/backend/ldap/session/createAccount.php
+++ b/mayor-orig/mayor-base/www/include/backend/ldap/session/createAccount.php
@@ -1,8 +1,6 @@
<?php
/*
Modules: base/session
-
- UNTESTED!!!!
*/
function ldapCreateAccount(
diff --git a/mayor-orig/mayor-base/www/include/base/base.php b/mayor-orig/mayor-base/www/include/base/base.php
index 378b31fd..f2d64583 100644
--- a/mayor-orig/mayor-base/www/include/base/base.php
+++ b/mayor-orig/mayor-base/www/include/base/base.php
@@ -62,6 +62,8 @@ function isMobile() {
$_SESSION['alert'] - figyelmeztető üzenet (tömb) - opcionális
*/
+ if (!defined('_DEFAULT_LANG')) define('_DEFAULT_LANG','hu_HU');
+
if (($__key = array_search('blue', $SKINS)) !== false) unset($SKINS[$__key]);
if (($__key = array_search('pda', $SKINS)) !== false) unset($SKINS[$__key]);
if ($AUTH['public']['skin'] == 'blue') $AUTH['public']['skin'] = 'classic';
diff --git a/mayor-orig/mayor-base/www/include/base/config.php b/mayor-orig/mayor-base/www/include/base/config.php
index 991e249e..01755b79 100644
--- a/mayor-orig/mayor-base/www/include/base/config.php
+++ b/mayor-orig/mayor-base/www/include/base/config.php
@@ -24,6 +24,7 @@ if (_RUNLEVEL === 'cron') {
}
}
+if (!defined('_ENVIRONMENT')) define('_ENVIRONMENT','production');
if (!defined('_LOGLEVEL')) define('_LOGLEVEL',10);
if (!defined('__DEBUG')) define('__DEBUG',false);
diff --git a/mayor-orig/mayor-base/www/include/base/error.php b/mayor-orig/mayor-base/www/include/base/error.php
index e790d65a..2b817ab3 100644
--- a/mayor-orig/mayor-base/www/include/base/error.php
+++ b/mayor-orig/mayor-base/www/include/base/error.php
@@ -38,7 +38,45 @@
}
/* Írjuk felül a gyárit */
- $old_error_handler = set_error_handler("mayorErrorHandler");
+ //$old_error_handler = set_error_handler("mayorErrorHandler");
//restore_error_handler();
+
+// checkcheck
+
+#try {
+# throw new \Exception('test exception');
+#} catch (\Exception $e) {
+# Rollbar::log(Level::DEBUG, $e);
+#}
+
+use \Rollbar\Rollbar;
+use \Rollbar\Payload\Level;
+
+if (defined('_MAYOR_REMOTE_LOGGER_ENABLED') && _MAYOR_REMOTE_LOGGER_ENABLED===true) {
+
+ if (defined('_MAYOR_REMOTE_LOGGER_SENTRY_URL')) {
+ $sentryClient = new Raven_Client(_MAYOR_REMOTE_LOGGER_SENTRY_URL);
+ $sentryClient->release = _MAYORREV;
+ $sentryClient->environment = _ENVIRONMENT;
+ $error_handler = new Raven_ErrorHandler($sentryClient);
+ $error_handler->registerExceptionHandler();
+ $error_handler->registerErrorHandler();
+ $error_handler->registerShutdownFunction();
+ }
+
+ if (defined('_MAYOR_REMOTE_LOGGER_ROLLBAR_ACCESSTOKEN')) {
+ $rollbarconfig = array(
+ 'access_token' => _MAYOR_REMOTE_LOGGER_ROLLBAR_ACCESSTOKEN,
+ 'environment' => _ENVIRONMENT,
+ 'root' => _BASEDIR,
+ 'use_error_reporting' => true
+ );
+
+ Rollbar::init($rollbarconfig);
+ if (is_array($_SESSION['alert']) && count($_SESSION['alert'])>0) {
+ Rollbar::log(Level::INFO, 'mayor alert msg', array('revision'=>_MAYORREV));
+ }
+ }
+}
?>
diff --git a/mayor-orig/mayor-base/www/include/base/log.php b/mayor-orig/mayor-base/www/include/base/log.php
index 4ea4f4f7..0e949ac1 100644
--- a/mayor-orig/mayor-base/www/include/base/log.php
+++ b/mayor-orig/mayor-base/www/include/base/log.php
@@ -28,9 +28,10 @@
fputs($fp,$msg);
fclose($fp);
} else {
- echo 'fatal error 004';
- die();
+ // echo 'fatal error 004';
+ // die();
}
}
}
+
?>
diff --git a/mayor-orig/mayor-base/www/include/base/mysql.php b/mayor-orig/mayor-base/www/include/base/mysql.php
index e4322dc8..8e692a44 100644
--- a/mayor-orig/mayor-base/www/include/base/mysql.php
+++ b/mayor-orig/mayor-base/www/include/base/mysql.php
@@ -1,6 +1,6 @@
<?php
- error_reporting(E_ALL && ~E_NOTICE);
+// error_reporting(E_ALL && ~E_NOTICE);
// error_reporting(E_ALL);
//if (!defined("MYSQLI_ENABLED")) define("MYSQLI_ENABLED",function_exists('mysqli_connect'));
@@ -162,7 +162,7 @@
else $lr = @db_connect($SET['modul'], array('priv' => 'Write', 'fv' => $SET['fv']));
}
if ($lr === false) {
- if ($SET['detailed'] === true || __DETAILED) $_SESSION['alert'][] = 'message:sql_connect_failure:db_query/'.$SET['fv'].':'.$SET['modul'].':'.$q;
+ if ($SET['detailed'] === true || (defined('__DETAILED') && __DETAILED)) $_SESSION['alert'][] = 'message:sql_connect_failure:db_query/'.$SET['fv'].':'.$SET['modul'].':'.$q;
else $_SESSION['alert'][] = 'message:sql_connect_failure:db_query/'.$SET['fv'];
return false;
}
@@ -189,7 +189,7 @@
}
}
if (
- ($SET['detailed'] === true || __DETAILED)
+ ($SET['detailed'] === true || (defined('__DETAILED') && __DETAILED))
&& strpos($q_pattern, '%s') !== false
&& (strpos($q_pattern, '`%s`') === false && strpos($q_pattern, "'%s'") === false)
) $_SESSION['alert'][] = 'message:lehet hiba?:db_query/'.$SET['fv'].':'.$SET['modul'].':'.$q_pattern;
@@ -204,7 +204,7 @@
$_insert_id = mysql_insert_id($lr);
$_affected_rows = mysql_affected_rows($lr);
}
- define(MYSQL_LOGGER,false);
+ define('MYSQL_LOGGER',false);
if (MYSQL_LOGGER === true) {
$filename = '/tmp/mysql.log';
$fp = fopen($filename, "a+");
@@ -241,7 +241,7 @@
/* WARNING HANDLER */
if (!$r) {
// if ($SET['detailed'] === true || __DETAILED) $_SESSION['alert'][] = 'message:sql_query_failure:'.$SET['fv'].':'.':'.$q;
- if ($SET['detailed'] === true || __DETAILED) {
+ if ($SET['detailed'] === true || (defined('__DETAILED') && __DETAILED)) {
if (MYSQLI_ENABLED===true) {
$_SESSION['alert'][] = 'message:sql_query_failure:mysqli:'.$SET['fv'].':'.mysqli_error($lr).':'.$q;
} else {
diff --git a/mayor-orig/mayor-base/www/include/base/rights.php b/mayor-orig/mayor-base/www/include/base/rights.php
index c30a927d..1fe87148 100644
--- a/mayor-orig/mayor-base/www/include/base/rights.php
+++ b/mayor-orig/mayor-base/www/include/base/rights.php
@@ -383,7 +383,7 @@ function validUser($sessionID,$policy,$skin='',$lang='') {
}
// ---------
//Breadcrumb
- if (count($_SESSION['breadcrumb'])>10) array_shift($_SESSION['breadcrumb']);
+ if (is_array($_SESSION['breadcrumb']) && count($_SESSION['breadcrumb'])>10) array_shift($_SESSION['breadcrumb']);
$_SESSION['breadcrumb'][] = array('page'=>"$page",'sub'=>"$sub",'f'=>"$f");
// ---------
if (file_exists($includeFile)) require($includeFile);
@@ -396,5 +396,4 @@ function validUser($sessionID,$policy,$skin='',$lang='') {
$_DEBUG = ob_get_contents();
ob_end_clean();
-
?> \ No newline at end of file
diff --git a/mayor-orig/mayor-base/www/include/base/var.php b/mayor-orig/mayor-base/www/include/base/var.php
index fda47dd2..98d4908a 100644
--- a/mayor-orig/mayor-base/www/include/base/var.php
+++ b/mayor-orig/mayor-base/www/include/base/var.php
@@ -75,6 +75,9 @@
case 'email':
$return = filter_var($IN, FILTER_VALIDATE_EMAIL);
break;
+ case 'url':
+ $return = filter_var($IN, FILTER_VALIDATE_URL);
+ break;
case 'userAccount':
$return = (preg_match("#([a-z]|[A-Z]|[0-9]| |\.|,|_|[űáäéúőóüöíŰÁÄÉÚŐÓÜÖÍäÄ]|-|@)*$#", $IN) != false) ? $IN : $default;
break;
diff --git a/mayor-orig/mayor-base/www/include/share/auth/base.php b/mayor-orig/mayor-base/www/include/share/auth/base.php
index 8ff27f5e..b5143af5 100644
--- a/mayor-orig/mayor-base/www/include/share/auth/base.php
+++ b/mayor-orig/mayor-base/www/include/share/auth/base.php
@@ -47,8 +47,7 @@
$ret = db_query($query, array('fv' => 'newSession', 'modul' => 'login', 'result' => 'idonly', 'values' => array($sessionID)), $lr);
if (is_array($ret) && count($ret) > 0) {
reset($ret);
- while ((list($key, $_policy) = each($ret)) && $toRegister) {
- //while ((list($_policy) = m_ysql_fetch_row($r)) && $toRegister) {
+ while ((list($key, $_policy) = each($ret)) && $toRegister) { // --TODO
if ($_policy == $policy) $toRegister = false;
// mégsem kell bejegyezni, már van; és ez az. $sessionID=$sessionID
// else be kell jegyezni, de ezt a $sessionID-t, nem generálunk
diff --git a/mayor-orig/mayor-base/www/include/share/net/googleapi.php b/mayor-orig/mayor-base/www/include/share/net/googleapi.php
index bfe3642d..5d8e09fe 100644
--- a/mayor-orig/mayor-base/www/include/share/net/googleapi.php
+++ b/mayor-orig/mayor-base/www/include/share/net/googleapi.php
@@ -21,18 +21,35 @@ function mayorGoogleApiAuth() {
$client->setRedirectUri($redirect_uri);
$client->setScopes('email');
+
+
try {
$payload = $client->verifyIdToken($_GET['id_token']);
} catch(Exception $e) {
$_SESSION['alert'][] = 'info::googleapi SDK hiba: ' . $e->getMessage();
}
+
if (isset($payload['sub'])) { // subject
$_SESSION['googleapi_object'] = $payload;
// mayor auth start
$accountInformation=array();
$toPolicy = 'public';
$data = getUserByGoogleSub($payload['sub']); // subject=google user id
- if ($data === false) {
+ if ($data === false || is_null($data)) {
+ // allow automatic authentication through these domains:
+ if (in_array($payload['hd'], array('kanizsay.sulinet.hu','kanizsay.edu.hu','vmg.sulinet.hu','vmg.edu.hu'))) {
+ $_REGISTER['googleSub'] = $payload['sub'];
+ $_REGISTER['googleUserCn'] = $payload['name'];
+ $_REGISTER['googleUserEmail'] = $payload['email'];
+ $registered = googleapiGrant_light($_REGISTER);
+ if ($registered===true) {
+ $data = getUserByGoogleSub($payload['sub']); // subject=google user id
+ if (is_array($data)) {
+ setGoogleToken($payload['sub'],$_GET['id_token']); // a verifyIdToken igazolja
+ return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'googleUserEmail'=>$data['googleUserEmail'],'studyId'=>$data['studyId'],'googleUserCn'=>$data['googleUserCn'],'accessToken'=>$accessToken);
+ }
+ }
+ }
$_SESSION['alert'][] = 'info:Nincs ilyen user (még) a MaYoR-ral összekötve, kérjük jelentkezz be jelszóval!';
} elseif (is_array($data)) {
// Ha van, akkor ki az? Mert ő bemehet.
@@ -62,4 +79,57 @@ function setGoogleToken($googleSub, $id_token) {
$_SESSION['googleapi_id_token'] = $id_token;
}
-?>
+function googleapiGrant_light($ADAT) {
+
+ require_once('include/modules/session/search/searchAccount.php');
+
+ if ($ADAT['googleSub']=='') return false;
+ if ($ADAT['googleUserEmail']=='') return false;
+
+ $searchAttrList = array('userCn', 'userAccount', 'studyId');
+
+ $attr = 'mail';
+ $pattern = $ADAT['googleUserEmail'];
+ $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private');
+
+ if ($searchResult['count']!==1) {
+ // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be
+ return false;
+ }
+
+ $userAccount = $searchResult[0]['userAccount'][0];
+ $studyId = $searchResult[0]['studyId'][0];
+ $policy = 'private';
+
+// version b, using naplo
+/*
+ $q = "SELECT oId FROM tanar WHERE email='%s'";
+ $v = array($ADAT['googleUserEmail']);
+ $studyId = $oktId = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant_light','modul'=>'naplo_intezmeny','result'=>'value','values'=>$v));
+
+ if ($studyId=='') return false;
+
+ if ($AUTH[_POLICY]['backend'] == 'ad') $searchAttrList = array('userCn', 'userAccount', 'uidNumber', 'studyId');
+ else $searchAttrList = array('userCn', 'userAccount', 'studyId');
+
+ $attr = 'studyId';
+ $pattern = $studyId;
+ $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private');
+
+ if ($searchResult['count']!==1) {
+ // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be
+ return false;
+ }
+
+ $userAccount = $searchResult[0]['userAccount'][0];
+ $policy = 'private';
+*/
+ $q = "INSERT IGNORE INTO googleConnect (userAccount,policy,googleSub,googleUserCn,googleUserEmail,studyId) VALUES ('%s','%s','%s','%s','%s','%s')";
+ $v = array('userAccount'=>$userAccount,'policy'=>$policy,'googleSub'=>$ADAT['googleSub'],$ADAT['googleUserCn'],$ADAT['googleUserEmail'],$studyId);
+ $r = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant','modul'=>'login','result'=>'insert','values'=>$v));
+
+ return ($r!==false) ? true : false;
+
+}
+
+?> \ No newline at end of file
diff --git a/mayor-orig/mayor-base/www/include/share/session/base.php b/mayor-orig/mayor-base/www/include/share/session/base.php
index 337c72df..1e952518 100644
--- a/mayor-orig/mayor-base/www/include/share/session/base.php
+++ b/mayor-orig/mayor-base/www/include/share/session/base.php
@@ -86,7 +86,7 @@
else $return[] = $_eArr;
}
} else $cacheable = false;
- if (count($r)>0) return $return;
+ if (is_array($r) && count($r)>0) return $return;
else {
$return = array();
if (is_array($AUTH[$toPolicy]['categories']))
@@ -144,7 +144,7 @@
$backendAttrDef[$attr]['rights'] = $rights;
} else $rights = $def['rights'];
- if ($rights[_ACCESS_AS] != '-') $attrList[] = $attr;
+ if (defined('_ACCESS_AS') && $rights[_ACCESS_AS] != '-') $attrList[] = $attr;
}
return array($attrList,$backendAttrDef);