diff options
author | M.Gergo | 2021-05-17 17:50:05 +0200 |
---|---|---|
committer | M.Gergo | 2021-05-17 17:50:05 +0200 |
commit | ef8b3fd973fa34b303370d5acc21744e57bca507 (patch) | |
tree | 67a42f55b0f36f024c33d8892c1112e8c5746556 /mayor-orig/mayor-base/www/include | |
parent | fb24a50c54d5776468e49def08aea44c4077eb47 (diff) | |
download | mayor-rev4787.tar.gz mayor-rev4787.zip |
Rev: 4787rev4787
Diffstat (limited to 'mayor-orig/mayor-base/www/include')
12 files changed, 131 insertions, 20 deletions
diff --git a/mayor-orig/mayor-base/www/include/backend/ldap/password/changePassword.php b/mayor-orig/mayor-base/www/include/backend/ldap/password/changePassword.php index 22ace5ca..3821c06c 100644 --- a/mayor-orig/mayor-base/www/include/backend/ldap/password/changePassword.php +++ b/mayor-orig/mayor-base/www/include/backend/ldap/password/changePassword.php @@ -23,7 +23,7 @@ function changeMyPassword($userAccount, $userPassword, $newPassword, $toPolicy = if ($ds) { $b_ok = ldap_bind($ds,$userDn,$userPassword); if ($b_ok) { - $info['userPassword'][0] = '{crypt}' . crypt($newPassword); + $info['userPassword'][0] = '{crypt}' . crypt($newPassword, __SALTVALUE); // Ezekre nincs jogosultsága a felhasználónak, nem változnak: // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE $info['shadowlastchange'][0] = $shadowLastChange; @@ -69,7 +69,7 @@ function changePassword($userAccount, $newPassword, $toPolicy = '') { if ($ds) { $b_ok = ldap_bind($ds,_USERDN,_USERPASSWORD); if ($b_ok) { - $info['userPassword'][0] = '{crypt}' . crypt($newPassword); + $info['userPassword'][0] = '{crypt}' . crypt($newPassword, __SALTVALUE); // Ezekre nincs jogosultsága a felhasználónak, nem változnak: // _SHADOWMIN, _SHADOWMAX, _SHADOWWARNING, _SHADOWINACTIVE $info['shadowlastchange'][0] = $shadowLastChange; diff --git a/mayor-orig/mayor-base/www/include/backend/ldap/session/createAccount.php b/mayor-orig/mayor-base/www/include/backend/ldap/session/createAccount.php index 79f40530..3089929f 100644 --- a/mayor-orig/mayor-base/www/include/backend/ldap/session/createAccount.php +++ b/mayor-orig/mayor-base/www/include/backend/ldap/session/createAccount.php @@ -1,8 +1,6 @@ <?php /* Modules: base/session - - UNTESTED!!!! */ function ldapCreateAccount( diff --git a/mayor-orig/mayor-base/www/include/base/base.php b/mayor-orig/mayor-base/www/include/base/base.php index 378b31fd..f2d64583 100644 --- a/mayor-orig/mayor-base/www/include/base/base.php +++ b/mayor-orig/mayor-base/www/include/base/base.php @@ -62,6 +62,8 @@ function isMobile() { $_SESSION['alert'] - figyelmeztető üzenet (tömb) - opcionális */ + if (!defined('_DEFAULT_LANG')) define('_DEFAULT_LANG','hu_HU'); + if (($__key = array_search('blue', $SKINS)) !== false) unset($SKINS[$__key]); if (($__key = array_search('pda', $SKINS)) !== false) unset($SKINS[$__key]); if ($AUTH['public']['skin'] == 'blue') $AUTH['public']['skin'] = 'classic'; diff --git a/mayor-orig/mayor-base/www/include/base/config.php b/mayor-orig/mayor-base/www/include/base/config.php index 991e249e..01755b79 100644 --- a/mayor-orig/mayor-base/www/include/base/config.php +++ b/mayor-orig/mayor-base/www/include/base/config.php @@ -24,6 +24,7 @@ if (_RUNLEVEL === 'cron') { } } +if (!defined('_ENVIRONMENT')) define('_ENVIRONMENT','production'); if (!defined('_LOGLEVEL')) define('_LOGLEVEL',10); if (!defined('__DEBUG')) define('__DEBUG',false); diff --git a/mayor-orig/mayor-base/www/include/base/error.php b/mayor-orig/mayor-base/www/include/base/error.php index e790d65a..2b817ab3 100644 --- a/mayor-orig/mayor-base/www/include/base/error.php +++ b/mayor-orig/mayor-base/www/include/base/error.php @@ -38,7 +38,45 @@ } /* Írjuk felül a gyárit */ - $old_error_handler = set_error_handler("mayorErrorHandler"); + //$old_error_handler = set_error_handler("mayorErrorHandler"); //restore_error_handler(); + +// checkcheck + +#try { +# throw new \Exception('test exception'); +#} catch (\Exception $e) { +# Rollbar::log(Level::DEBUG, $e); +#} + +use \Rollbar\Rollbar; +use \Rollbar\Payload\Level; + +if (defined('_MAYOR_REMOTE_LOGGER_ENABLED') && _MAYOR_REMOTE_LOGGER_ENABLED===true) { + + if (defined('_MAYOR_REMOTE_LOGGER_SENTRY_URL')) { + $sentryClient = new Raven_Client(_MAYOR_REMOTE_LOGGER_SENTRY_URL); + $sentryClient->release = _MAYORREV; + $sentryClient->environment = _ENVIRONMENT; + $error_handler = new Raven_ErrorHandler($sentryClient); + $error_handler->registerExceptionHandler(); + $error_handler->registerErrorHandler(); + $error_handler->registerShutdownFunction(); + } + + if (defined('_MAYOR_REMOTE_LOGGER_ROLLBAR_ACCESSTOKEN')) { + $rollbarconfig = array( + 'access_token' => _MAYOR_REMOTE_LOGGER_ROLLBAR_ACCESSTOKEN, + 'environment' => _ENVIRONMENT, + 'root' => _BASEDIR, + 'use_error_reporting' => true + ); + + Rollbar::init($rollbarconfig); + if (is_array($_SESSION['alert']) && count($_SESSION['alert'])>0) { + Rollbar::log(Level::INFO, 'mayor alert msg', array('revision'=>_MAYORREV)); + } + } +} ?> diff --git a/mayor-orig/mayor-base/www/include/base/log.php b/mayor-orig/mayor-base/www/include/base/log.php index 4ea4f4f7..0e949ac1 100644 --- a/mayor-orig/mayor-base/www/include/base/log.php +++ b/mayor-orig/mayor-base/www/include/base/log.php @@ -28,9 +28,10 @@ fputs($fp,$msg); fclose($fp); } else { - echo 'fatal error 004'; - die(); + // echo 'fatal error 004'; + // die(); } } } + ?> diff --git a/mayor-orig/mayor-base/www/include/base/mysql.php b/mayor-orig/mayor-base/www/include/base/mysql.php index e4322dc8..8e692a44 100644 --- a/mayor-orig/mayor-base/www/include/base/mysql.php +++ b/mayor-orig/mayor-base/www/include/base/mysql.php @@ -1,6 +1,6 @@ <?php - error_reporting(E_ALL && ~E_NOTICE); +// error_reporting(E_ALL && ~E_NOTICE); // error_reporting(E_ALL); //if (!defined("MYSQLI_ENABLED")) define("MYSQLI_ENABLED",function_exists('mysqli_connect')); @@ -162,7 +162,7 @@ else $lr = @db_connect($SET['modul'], array('priv' => 'Write', 'fv' => $SET['fv'])); } if ($lr === false) { - if ($SET['detailed'] === true || __DETAILED) $_SESSION['alert'][] = 'message:sql_connect_failure:db_query/'.$SET['fv'].':'.$SET['modul'].':'.$q; + if ($SET['detailed'] === true || (defined('__DETAILED') && __DETAILED)) $_SESSION['alert'][] = 'message:sql_connect_failure:db_query/'.$SET['fv'].':'.$SET['modul'].':'.$q; else $_SESSION['alert'][] = 'message:sql_connect_failure:db_query/'.$SET['fv']; return false; } @@ -189,7 +189,7 @@ } } if ( - ($SET['detailed'] === true || __DETAILED) + ($SET['detailed'] === true || (defined('__DETAILED') && __DETAILED)) && strpos($q_pattern, '%s') !== false && (strpos($q_pattern, '`%s`') === false && strpos($q_pattern, "'%s'") === false) ) $_SESSION['alert'][] = 'message:lehet hiba?:db_query/'.$SET['fv'].':'.$SET['modul'].':'.$q_pattern; @@ -204,7 +204,7 @@ $_insert_id = mysql_insert_id($lr); $_affected_rows = mysql_affected_rows($lr); } - define(MYSQL_LOGGER,false); + define('MYSQL_LOGGER',false); if (MYSQL_LOGGER === true) { $filename = '/tmp/mysql.log'; $fp = fopen($filename, "a+"); @@ -241,7 +241,7 @@ /* WARNING HANDLER */ if (!$r) { // if ($SET['detailed'] === true || __DETAILED) $_SESSION['alert'][] = 'message:sql_query_failure:'.$SET['fv'].':'.':'.$q; - if ($SET['detailed'] === true || __DETAILED) { + if ($SET['detailed'] === true || (defined('__DETAILED') && __DETAILED)) { if (MYSQLI_ENABLED===true) { $_SESSION['alert'][] = 'message:sql_query_failure:mysqli:'.$SET['fv'].':'.mysqli_error($lr).':'.$q; } else { diff --git a/mayor-orig/mayor-base/www/include/base/rights.php b/mayor-orig/mayor-base/www/include/base/rights.php index c30a927d..1fe87148 100644 --- a/mayor-orig/mayor-base/www/include/base/rights.php +++ b/mayor-orig/mayor-base/www/include/base/rights.php @@ -383,7 +383,7 @@ function validUser($sessionID,$policy,$skin='',$lang='') { } // --------- //Breadcrumb - if (count($_SESSION['breadcrumb'])>10) array_shift($_SESSION['breadcrumb']); + if (is_array($_SESSION['breadcrumb']) && count($_SESSION['breadcrumb'])>10) array_shift($_SESSION['breadcrumb']); $_SESSION['breadcrumb'][] = array('page'=>"$page",'sub'=>"$sub",'f'=>"$f"); // --------- if (file_exists($includeFile)) require($includeFile); @@ -396,5 +396,4 @@ function validUser($sessionID,$policy,$skin='',$lang='') { $_DEBUG = ob_get_contents(); ob_end_clean(); - ?>
\ No newline at end of file diff --git a/mayor-orig/mayor-base/www/include/base/var.php b/mayor-orig/mayor-base/www/include/base/var.php index fda47dd2..98d4908a 100644 --- a/mayor-orig/mayor-base/www/include/base/var.php +++ b/mayor-orig/mayor-base/www/include/base/var.php @@ -75,6 +75,9 @@ case 'email': $return = filter_var($IN, FILTER_VALIDATE_EMAIL); break; + case 'url': + $return = filter_var($IN, FILTER_VALIDATE_URL); + break; case 'userAccount': $return = (preg_match("#([a-z]|[A-Z]|[0-9]| |\.|,|_|[űáäéúőóüöíŰÁÄÉÚŐÓÜÖÍäÄ]|-|@)*$#", $IN) != false) ? $IN : $default; break; diff --git a/mayor-orig/mayor-base/www/include/share/auth/base.php b/mayor-orig/mayor-base/www/include/share/auth/base.php index 8ff27f5e..b5143af5 100644 --- a/mayor-orig/mayor-base/www/include/share/auth/base.php +++ b/mayor-orig/mayor-base/www/include/share/auth/base.php @@ -47,8 +47,7 @@ $ret = db_query($query, array('fv' => 'newSession', 'modul' => 'login', 'result' => 'idonly', 'values' => array($sessionID)), $lr); if (is_array($ret) && count($ret) > 0) { reset($ret); - while ((list($key, $_policy) = each($ret)) && $toRegister) { - //while ((list($_policy) = m_ysql_fetch_row($r)) && $toRegister) { + while ((list($key, $_policy) = each($ret)) && $toRegister) { // --TODO if ($_policy == $policy) $toRegister = false; // mégsem kell bejegyezni, már van; és ez az. $sessionID=$sessionID // else be kell jegyezni, de ezt a $sessionID-t, nem generálunk diff --git a/mayor-orig/mayor-base/www/include/share/net/googleapi.php b/mayor-orig/mayor-base/www/include/share/net/googleapi.php index bfe3642d..5d8e09fe 100644 --- a/mayor-orig/mayor-base/www/include/share/net/googleapi.php +++ b/mayor-orig/mayor-base/www/include/share/net/googleapi.php @@ -21,18 +21,35 @@ function mayorGoogleApiAuth() { $client->setRedirectUri($redirect_uri); $client->setScopes('email'); + + try { $payload = $client->verifyIdToken($_GET['id_token']); } catch(Exception $e) { $_SESSION['alert'][] = 'info::googleapi SDK hiba: ' . $e->getMessage(); } + if (isset($payload['sub'])) { // subject $_SESSION['googleapi_object'] = $payload; // mayor auth start $accountInformation=array(); $toPolicy = 'public'; $data = getUserByGoogleSub($payload['sub']); // subject=google user id - if ($data === false) { + if ($data === false || is_null($data)) { + // allow automatic authentication through these domains: + if (in_array($payload['hd'], array('kanizsay.sulinet.hu','kanizsay.edu.hu','vmg.sulinet.hu','vmg.edu.hu'))) { + $_REGISTER['googleSub'] = $payload['sub']; + $_REGISTER['googleUserCn'] = $payload['name']; + $_REGISTER['googleUserEmail'] = $payload['email']; + $registered = googleapiGrant_light($_REGISTER); + if ($registered===true) { + $data = getUserByGoogleSub($payload['sub']); // subject=google user id + if (is_array($data)) { + setGoogleToken($payload['sub'],$_GET['id_token']); // a verifyIdToken igazolja + return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'googleUserEmail'=>$data['googleUserEmail'],'studyId'=>$data['studyId'],'googleUserCn'=>$data['googleUserCn'],'accessToken'=>$accessToken); + } + } + } $_SESSION['alert'][] = 'info:Nincs ilyen user (még) a MaYoR-ral összekötve, kérjük jelentkezz be jelszóval!'; } elseif (is_array($data)) { // Ha van, akkor ki az? Mert ő bemehet. @@ -62,4 +79,57 @@ function setGoogleToken($googleSub, $id_token) { $_SESSION['googleapi_id_token'] = $id_token; } -?> +function googleapiGrant_light($ADAT) { + + require_once('include/modules/session/search/searchAccount.php'); + + if ($ADAT['googleSub']=='') return false; + if ($ADAT['googleUserEmail']=='') return false; + + $searchAttrList = array('userCn', 'userAccount', 'studyId'); + + $attr = 'mail'; + $pattern = $ADAT['googleUserEmail']; + $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private'); + + if ($searchResult['count']!==1) { + // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be + return false; + } + + $userAccount = $searchResult[0]['userAccount'][0]; + $studyId = $searchResult[0]['studyId'][0]; + $policy = 'private'; + +// version b, using naplo +/* + $q = "SELECT oId FROM tanar WHERE email='%s'"; + $v = array($ADAT['googleUserEmail']); + $studyId = $oktId = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant_light','modul'=>'naplo_intezmeny','result'=>'value','values'=>$v)); + + if ($studyId=='') return false; + + if ($AUTH[_POLICY]['backend'] == 'ad') $searchAttrList = array('userCn', 'userAccount', 'uidNumber', 'studyId'); + else $searchAttrList = array('userCn', 'userAccount', 'studyId'); + + $attr = 'studyId'; + $pattern = $studyId; + $searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private'); + + if ($searchResult['count']!==1) { + // több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be + return false; + } + + $userAccount = $searchResult[0]['userAccount'][0]; + $policy = 'private'; +*/ + $q = "INSERT IGNORE INTO googleConnect (userAccount,policy,googleSub,googleUserCn,googleUserEmail,studyId) VALUES ('%s','%s','%s','%s','%s','%s')"; + $v = array('userAccount'=>$userAccount,'policy'=>$policy,'googleSub'=>$ADAT['googleSub'],$ADAT['googleUserCn'],$ADAT['googleUserEmail'],$studyId); + $r = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant','modul'=>'login','result'=>'insert','values'=>$v)); + + return ($r!==false) ? true : false; + +} + +?>
\ No newline at end of file diff --git a/mayor-orig/mayor-base/www/include/share/session/base.php b/mayor-orig/mayor-base/www/include/share/session/base.php index 337c72df..1e952518 100644 --- a/mayor-orig/mayor-base/www/include/share/session/base.php +++ b/mayor-orig/mayor-base/www/include/share/session/base.php @@ -86,7 +86,7 @@ else $return[] = $_eArr; } } else $cacheable = false; - if (count($r)>0) return $return; + if (is_array($r) && count($r)>0) return $return; else { $return = array(); if (is_array($AUTH[$toPolicy]['categories'])) @@ -144,7 +144,7 @@ $backendAttrDef[$attr]['rights'] = $rights; } else $rights = $def['rights']; - if ($rights[_ACCESS_AS] != '-') $attrList[] = $attr; + if (defined('_ACCESS_AS') && $rights[_ACCESS_AS] != '-') $attrList[] = $attr; } return array($attrList,$backendAttrDef); |