aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/www/include/base
diff options
context:
space:
mode:
authorM.Gergo2019-01-20 11:48:48 +0100
committerM.Gergo2019-01-20 11:48:48 +0100
commitf70027ffbedce10f412868a7bf9b0b67b113f1b1 (patch)
treefbcc48049f1e66fe3ec66a0f3d8eee47bb400cdb /mayor-orig/www/include/base
parente6988247360fa98b85915a38803d018dd353df00 (diff)
downloadmayor-f70027ffbedce10f412868a7bf9b0b67b113f1b1.tar.gz
mayor-f70027ffbedce10f412868a7bf9b0b67b113f1b1.zip
Rev: 4423
Diffstat (limited to 'mayor-orig/www/include/base')
-rw-r--r--mayor-orig/www/include/base/log.php2
-rw-r--r--mayor-orig/www/include/base/login.php23
-rw-r--r--mayor-orig/www/include/base/rights.php69
3 files changed, 67 insertions, 27 deletions
diff --git a/mayor-orig/www/include/base/log.php b/mayor-orig/www/include/base/log.php
index 0b8f6fd1..14e214a9 100644
--- a/mayor-orig/www/include/base/log.php
+++ b/mayor-orig/www/include/base/log.php
@@ -5,7 +5,7 @@
function naploz($aCode)
function szamlal($policy,$page)
*/
-
+ define('CLIENTIPADDRESS',_clientIp());
function _clientIp() {
return ($_SERVER['HTTP_X_FORWARDED_FOR']!='')?$_SERVER['HTTP_X_FORWARDED_FOR']:$_SERVER['REMOTE_ADDR'];
}
diff --git a/mayor-orig/www/include/base/login.php b/mayor-orig/www/include/base/login.php
index da3217a9..4624a92a 100644
--- a/mayor-orig/www/include/base/login.php
+++ b/mayor-orig/www/include/base/login.php
@@ -1,6 +1,6 @@
<?php
- if ($action == 'mayorGlobalLogin' || $action == 'facebooklogin' || $action== 'googleapilogin') {
+ if ($sessionMode===2 || $action == 'mayorGlobalLogin' || $action == 'facebooklogin' || $action== 'googleapilogin') {
$toPolicy = readVariable($_REQUEST['toPolicy'], 'enum', 'private', $POLICIES);
$policyOrderIndex = readVariable($_POST['policyOrderIndex'], 'id', 0);
@@ -46,6 +46,15 @@
$userAccount = $GOOGLEAPIDATA['userAccount'];
$googleapiAuth = true;
}
+ } elseif ($sessionMode===2) {
+ $MAYORAPIDATA = mayorApiAuth();
+ if ($MAYORAPIDATA!==false && $MAYORAPIDATA['userAccount']!="") {
+ $userAccount = $MAYORAPIDATA['userAccount'];
+ $toPolicy = $MAYORAPIDATA['toPolicy'];
+ $mayorapiAuth = true;
+ } else {
+ unsetTokenCookies(); // + unregister token
+ }
} else {
$userPassword = readVariable($_POST['userPassword'], 'string');
// $userAccount = readVariable($_POST['userAccount'], 'regexp', null, array("^([a-z]|[A-Z]|[0-9]| |\.|,|_|[űáéúőóüöíŰÁÉÚŐÓÜÖÍäÄ]|-|@)*$"));
@@ -56,7 +65,7 @@
if (is_array($AUTH[$toPolicy]['allowOnly']) && !in_array($userAccount,$AUTH[$toPolicy]['allowOnly'])) $userAccount='';
if ($sessionID != '') $accountInformation['sessionID'] = $sessionID;
- if ($userAccount != '' and ($userPassword != '' or $fbAuth===true or $googleapiAuth===true)) {
+ if ($userAccount != '' and ($userPassword != '' or $fbAuth===true or $googleapiAuth===true or $mayorapiAuth === true)) {
for ($i=0; $i<count($__POLICYORDER[$policyOrderIndex]); $i++) {
$toPolicy=$__POLICYORDER[$policyOrderIndex][$i];
@@ -84,6 +93,15 @@
$_SESSION['alert'][] = 'info:A google azonosító nincs még összekötve! Először lépj be a MaYoR-ba, és kezdeményezd!';
continue;;
}
+ } elseif ($mayorapiAuth===true) {
+ if ($MAYORAPIDATA['toPolicy'] == $toPolicy) {
+ $result = _AUTH_SUCCESS; // az authentikációt a mayorApiAuth() csinálta
+ $accountInformation['cn'] = $MAYORAPIDATA['userCn'];
+ // $accountInformation['mail'] = $MAYORAPIDATA['userEmail'];
+ $accountInformation['studyId'] = $MAYORAPIDATA['studyId'];
+ } else {
+ continue;;
+ }
} else {
$result = userAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy); // ??? toPolicy benne van az AccountInformation-ben!!! Ldap backend only?
}
@@ -93,6 +111,7 @@
if ($result === _AUTH_SUCCESS) {
$_SESSION['alert'] = array();
$sessionID = newSession($accountInformation, $toPolicy);
+ if ($mayorapiAuth!==true) generateAuthToken(array('userAccount'=>$userAccount, 'policy'=>$toPolicy, 'userCn'=>$accountInformation['cn'], 'studyId'=>$accountInformation['studyId'])); // --TODO untrusted clients
if ($toSkin == '') $toSkin = $skin;
header('Location: '.location("index.php?page=$toPage&sub=$toSub&f=$toF&sessionID=$sessionID&policy=$toPolicy&lang=$lang&skin=$toSkin", array('alertOLD')));
break;
diff --git a/mayor-orig/www/include/base/rights.php b/mayor-orig/www/include/base/rights.php
index 1f3eed0f..dc6b7aa7 100644
--- a/mayor-orig/www/include/base/rights.php
+++ b/mayor-orig/www/include/base/rights.php
@@ -1,4 +1,9 @@
<?php
+
+// --TODO-- ez nem ide való!
+require_once('include/modules/auth/base/token.php');
+
+
/*
Module: base
@@ -43,16 +48,14 @@ function sessionCookieEncode($sessionID,$now,$extra='')
{
if ($extra=='') $extra = uniqid(rand(), true);
$extraHash=sessionHash('ripemd160',$extra);
-// pwHash added
-// $value = base64_encode(strtotime($now).'g'.$extraHash);
$pwHash = sessionHash('ripemd160',uniqid(rand(), true));
$value = base64_encode(strtotime($now).'g'.$extraHash.'g'.$pwHash);
- return array('name'=>md5($sessionID), 'value'=>$value, 'store'=> $extraHash, 'pwHash'=>$pwHash);
+ return array('name'=>($sessionID), 'value'=>$value, 'store'=> $extraHash, 'pwHash'=>$pwHash);
}
function sessionCookieDecode($sessionID)
{
- return explode('g',base64_decode($_COOKIE[md5($sessionID)]));
+ return explode('g',base64_decode($_COOKIE[($sessionID)]));
}
function pseudoTokenGenerator() {
@@ -68,10 +71,8 @@ function pseudoTokenGenerator() {
# Azonosított user ellenőrzése a session tábla alapján
######################################################################
-
-
function validUser($sessionID,$policy,$skin='',$lang='') {
-
+ global $page;
if (_RUNLEVEL === 'cron') {
define('_USERPASSWORD','MaYoR-cron');
define('_USERACCOUNT','MaYoR-cron');
@@ -82,31 +83,25 @@ function validUser($sessionID,$policy,$skin='',$lang='') {
return true;
}
+// if ($sessionID == '' || $MAYORAPIAUTH['valid']!==true) {
if ($sessionID == '') {
-
- if ($policy == _POLICY) {
+ $MAYORAPIAUTH = mayorApiAuth(); // van-e hosszulejáratu session-je
+ if ($policy == _POLICY && $MAYORAPIAUTH['valid']!==true) {
define('_USERPASSWORD','');
define('_USERACCOUNT','');
define('_USERCN','');
define('_STUDYID','');
-// define('_SKIN',$skin);
define('_LANG',$lang);
define('_SESSIONID','');
}
return false;
-
} else {
$lr = db_connect('login', array('fv' => 'validUser'));
if ($lr === false) die('A keretrendeszer adatbázisa nem érhető el! (validUser)');
// ha nem tudta beállítani a sütit, akkor az $_sc üres lesz így a dt feltétel 1970-01-01, ami nem gond.
-// pwHash
-// list($_sessionDt,$_sessionCookie) = sessionCookieDecode($sessionID);
list($_sessionDt,$_sessionCookie,$_sessionPwHash) = sessionCookieDecode($sessionID);
-// pwHash
-// $query = "SELECT userAccount, userCn, studyId, decode(userPassword, '"._MYSQL_ENCODE_STR."'), skin, lang, activity, dt
-// FROM session WHERE sessionID='%s' AND policy='%s'";
$query = "SELECT userAccount, userCn, studyId, aes_decrypt(userPassword, '%s'), skin, lang, activity, dt
FROM session WHERE sessionID='%s' AND policy='%s'"; // [SECURITY-002] quickfix from marton.drotos@sztaki.hu
@@ -116,12 +111,30 @@ function validUser($sessionID,$policy,$skin='',$lang='') {
$query .= " AND sessionCookie='%s'";
$ret = db_query($query, array('fv' => 'validUser', 'modul' => 'login', 'result' => 'indexed', 'values' => array($_sessionPwHash, $sessionID, $policy, $_sessionCookie)), $lr);
-
$num = count($ret);
+ $sessionMode = 1;
+
+ // ha nincs találat, nézzük meg, van-e a kliensnek hosszú lejáratú tokenje, kivéve, ha ...
+ if ($num !== 1 && $page!='password') {
+ $MAYORAPIAUTH = mayorApiAuth();
+ if ($MAYORAPIAUTH['valid'] === true) {
+ global $sessionMode;
+ $sessionMode = 2;
+ // reauth AS:
+ $toPolicy = $MAYORAPIAUTH['policy'];
+ $userAccount = $MAYORAPIAUTH['userAccount'];
+ $userCn = $MAYORAPIAUTH['userCn'];
+ $studyId = $MAYORAPIAUTH['studyId'];
+ $userPassword = '';
+ $lang = _DEFAULT_LANG;
+ } else {
+ unsetTokenCookies();
+ }
+ } // --token vizsgálat vége
+
if ($num == 1) {
- list($userAccount, $userCn, $studyId, $userPassword, $savedSkin, $lang, $activity, $dt) = array_values($ret[0]);
- /* PDA */
+ if ($sessionMode == 1) list($userAccount, $userCn, $studyId, $userPassword, $savedSkin, $lang, $activity, $dt) = array_values($ret[0]);
global $SKINS;
if (_USER_AGENT!=='ppc' && @in_array($savedSkin,$SKINS) ) $skin=$savedSkin;
if ($policy == _POLICY) {
@@ -133,7 +146,8 @@ function validUser($sessionID,$policy,$skin='',$lang='') {
define('_LANG',$lang);
define('_SESSIONID',$sessionID);
}
- // Aktivitás figyelése!
+
+ // Aktivitás figyelése! // hopp, nem biztos, hogy van session!
$query = "UPDATE session SET activity = NOW() WHERE sessionID = '%s'";
db_query($query, array('fv' => 'validUser', 'modul' => 'login', 'values' => array($sessionID)), $lr);
db_close($lr);
@@ -247,7 +261,10 @@ function validUser($sessionID,$policy,$skin='',$lang='') {
unset($_POST['action']);
unset($action);
}
- } else { // klasszikus ellenőrzés, fallback // TODO BEGIN DEPRECATED BLOCK
+ } else { // klasszikus ellenőrzés, fallback
+ echo 'FATAL ERROR 696';
+ die();
+ /*
// $_JSON['result'] = false; // ITT gátolhatjuk a működést
if ($_COOKIE[__SALTNAME]=='') { // a session átállásig - ez semmitől nem véd, adott nevű sütit generálni bárki tud
$_SESSION['alert'][] = 'message:not_valid_form:no cookie'.$_SESSION[__SALTNAME];
@@ -264,13 +281,17 @@ function validUser($sessionID,$policy,$skin='',$lang='') {
unset($_POST['action']);
unset($action);
}
+ */
} // END DEPRECATED BLOCK
}
// eredeti post kezelés + ETAG prevent cache
if (($_SERVER['HTTPS']!=='on') || (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!='' && substr($_SERVER['HTTP_REFERER'],4,1)!=='s')) $_ssl = false; else $_ssl=true;
- if (@setcookie(__SALTNAME,__SALTVALUE,time()+60*60*_SESSION_MAX_IDLE_TIME,'/','',$_ssl, true) == false) {
- $_SESSION['alert'][] = 'message:no_cookie:unabletoset';
- }
+
+//4400 if (@setcookie('xxxDEPRECATEDxxx_'.__SALTNAME,__SALTVALUE,time()+60*60*_SESSION_MAX_IDLE_TIME,'/','',$_ssl, true) == false) {
+//4400 $_SESSION['alert'][] = 'message:no_cookie:unabletoset';
+//4400 }
+
+
/* /XSRF2 previous revision: r4138 */
// betöltjük az össes config-ot... (lásd még widgets)