diff options
| author | M.Gergo | 2019-03-08 21:20:34 +0100 |
|---|---|---|
| committer | M.Gergo | 2019-03-08 21:20:34 +0100 |
| commit | f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0 (patch) | |
| tree | e13e60e4b94a3b58f1e2bfbe271102c8f04b67bd /mayor-orig/www/include/modules/auth | |
| parent | c76a004b0135786f2742283f8d5f917106f58bd8 (diff) | |
| download | mayor-f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0.tar.gz mayor-f51c9ed2abe5c68211bb3736be5f70b1fe2c9ec0.zip | |
további rendrakás
Diffstat (limited to 'mayor-orig/www/include/modules/auth')
| -rw-r--r-- | mayor-orig/www/include/modules/auth/base/forgotten.php | 53 | ||||
| -rw-r--r-- | mayor-orig/www/include/modules/auth/base/login.php | 37 | ||||
| -rw-r--r-- | mayor-orig/www/include/modules/auth/base/token.php | 116 |
3 files changed, 0 insertions, 206 deletions
diff --git a/mayor-orig/www/include/modules/auth/base/forgotten.php b/mayor-orig/www/include/modules/auth/base/forgotten.php deleted file mode 100644 index 16571855..00000000 --- a/mayor-orig/www/include/modules/auth/base/forgotten.php +++ /dev/null @@ -1,53 +0,0 @@ -<?php - - function generatePasswordRecoveryRequest($accountData) { - - $URL = 'https://'.$_SERVER['SERVER_NAME'].'/index.php?page=password&f=resetPassword&'; - - if (version_compare(PHP_VERSION,'5.3.0')>=0) { - $selector = bin2hex(openssl_random_pseudo_bytes(8)); - $token = openssl_random_pseudo_bytes(32); - } elseif (version_compare(PHP_VERSION,'7.0.0')>=0) { - $selector = bin2hex(random_bytes(8)); - $token = random_bytes(32); - } else { - return false; // nem támogatjuk - } - $urlToEmail = href($URL.http_build_query(array( - 'selector' => $selector, - 'validator' => bin2hex($token) - ),'','&')); - - $expires = new DateTime('NOW'); - $expires->add(new DateInterval('PT01H')); // 1 hour - - // rate limiting és karbantartás - $lr = db_connect('login'); - db_start_trans($lr); - - $q = "DELETE FROM accountRecovery WHERE expires <= NOW() - INTERVAL 10 DAY"; - db_query($q, array('debug'=>false,'fv' => 'generatePasswordRecoveryRequest', 'modul'=>'login', 'result'=>'delete'),$lr); - - $q = "SELECT count(*) as db FROM accountRecovery WHERE policy='%s' AND userAccount='%s'"; - $v = array($accountData['policy'], $accountData['userAccount']); - $recoveryRequestDb = db_query($q, array('debug'=>false,'fv' => 'generatePasswordRecoveryRequest', 'modul'=>'login', 'result'=>'value', 'values'=>$v),$lr); - - if ($recoveryRequestDb<5) { - $q = "INSERT INTO accountRecovery (policy, userAccount, selector, token, expires) VALUES ('%s', '%s', '%s', '%s', '%s');"; - $v = array($accountData['policy'], $accountData['userAccount'], - $selector, - hash('sha256', $token), - $expires->format('Y-m-d\TH:i:s')); - $recoveryId = db_query($q, array('debug'=>false,'fv' => 'generatePasswordRecoveryRequest', 'modul'=>'login', 'result'=>'insert', 'values'=>$v),$lr); - } else { - return false; - } - db_commit($lr); - db_close($lr); - - if ($recoveryId !== false) return $urlToEmail; - else return false; - - } - -?>
\ No newline at end of file diff --git a/mayor-orig/www/include/modules/auth/base/login.php b/mayor-orig/www/include/modules/auth/base/login.php deleted file mode 100644 index f9cb3a2d..00000000 --- a/mayor-orig/www/include/modules/auth/base/login.php +++ /dev/null @@ -1,37 +0,0 @@ -<?php - - function userAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) { - global $AUTH; - require_once('include/share/auth/base.php'); - - if (file_exists('include/backend/'.$AUTH[$toPolicy]['backend'].'/auth/login.php')) { - require_once('include/backend/'.$AUTH[$toPolicy]['backend'].'/auth/login.php'); - } else { - throw new Exception('Fatal Error'); - } - - //$x = call_user_func( str_replace('-','_',$AUTH[$toPolicy]['backend'])."UserAuthentication",$userAccount, $userPassword, $accountInformation, $toPolicy); - switch ($AUTH[$toPolicy]['backend']) { - case 'mysql': - $r = mysqlUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy); - break; - case 'ldap': - $r = ldapUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy); - break; - case 'ldap-ng': - $r = ldap_ngUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy); - break; - case 'ldapng': - $r = ldapngUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy); - break; - case 'ads': - $r = adsUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy); - break; - case 'file': - $r = fileUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy); - break; - } - return $r; - } - -?>
\ No newline at end of file diff --git a/mayor-orig/www/include/modules/auth/base/token.php b/mayor-orig/www/include/modules/auth/base/token.php deleted file mode 100644 index 72cbcffb..00000000 --- a/mayor-orig/www/include/modules/auth/base/token.php +++ /dev/null @@ -1,116 +0,0 @@ -<?php - - function generateAuthToken($accountData) { - - if (!defined('AUTHTOKENENABLED') || AUTHTOKENENABLED!==true) return false; - - if (version_compare(PHP_VERSION,'5.3.0')>=0) { - $selector = bin2hex(openssl_random_pseudo_bytes(8)); - $token = openssl_random_pseudo_bytes(32); - } elseif (version_compare(PHP_VERSION,'7.0.0')>=0) { - $selector = bin2hex(random_bytes(8)); - $token = random_bytes(32); - } else { - return false; // nem támogatjuk - } - - if (isset($_COOKIE['t_selector'])===true && isset($_COOKIE['t_validator'])===true) return true; // már van selector/validator elmentve - - $lr = db_connect('login'); - db_start_trans($lr); - - $q = "DELETE FROM authToken WHERE expires <= NOW() - INTERVAL 10 DAY"; - db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete'),$lr); - - $q = "INSERT INTO authToken (policy, userAccount, - userCn, studyId, - selector, token, expires, activity, ipAddress) VALUES ('%s', '%s', '%s', '%s', '%s','%s',NOW() + INTERVAL 30 DAY,NOW(),'%s')"; - $v = array($accountData['policy'], $accountData['userAccount'], - $accountData['userCn'], $accountData['studyId'], - $selector, - hash('sha256', $token), - CLIENTIPADDRESS - ); - $Id = db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'insert', 'values'=>$v),$lr); - db_commit($lr); - db_close($lr); - - if ($Id !== false) { - setcookie('t_selector',$selector,time()+604800*5,'/','',TRUE,TRUE); - setcookie('t_validator',bin2hex($token),time()+604800*5,'/','',TRUE,TRUE); - $_SESSION['mayorapiauth'] = true; - return true; - } else { - return false; - } - } - - function unsetTokenCookies() { // + MS_* - $selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null)); - if ($selector!='') { - $q = "DELETE FROM authToken WHERE selector='%s'"; - $values = array($selector); - db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete', 'values'=>$values),$lr); - } - setcookie('t_selector','',time() - 3600,'/','',TRUE,TRUE); - setcookie('t_validator','',time() - 3600,'/','',TRUE,TRUE); - if (is_array($_COOKIE)) { - foreach($_COOKIE as $key => $value) { - if (substr($key,0,3) == 'MS_') { - setcookie($key,'',time() - 3600,'/','',TRUE,TRUE); - } - } - } - $_SESSION['mayorapiauth'] = false; - } - - function mayorApiAuth() { - - // $MAYORAPIDATA tömb feltöltése - $selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null)); - $validator = readVariable($_COOKIE['t_validator'], 'string', readVariable($_GET['t_validator'], 'hexa', null)); - if ($selector!='' && $validator!='') { - $q = "SELECT * FROM authToken WHERE selector = '%s' AND expires >= NOW()"; - $r = db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'record','values'=>array($selector))); - } - if (is_array($r)) { - $calc = hash('sha256', hex2bin($validator)); - if (hash_equals($calc, $r['token'])) { // valid token - global $sessionMode; - $sessionMode = 2; - // reauth AS: - $toPolicy = $r['policy']; - $userAccount = $r['userAccount']; - $userCn = $r['userCn']; - $studyId = $r['studyId']; - $userPassword = ''; // ??? - $lang = _DEFAULT_LANG; - $data = $r; - $_SESSION['mayorapiauth'] = true; - $q = "UPDATE authToken SET activity=NOW(), ipAddress='%s' WHERE selector = '%s'"; - $v = array(CLIENTIPADDRESS,$selector); - db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'update','values'=>$v)); - return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'studyId'=>$data['studyId'],'userCn'=>$data['userCn'],'valid'=>true); - } else { - unsetTokenCookies(); - } - } else { - unsetTokenCookies(); - } - return false; - } - - function getMyActivity() { - $q = "SELECT ipAddress,activity FROM authToken WHERE userAccount ='%s' AND policy='%s'"; - $v = array(_USERACCOUNT,_POLICY); - return db_query($q, array('fv'=>'rights/getMyActivity','modul'=>'login','result'=>'indexed','values'=>$v)); - } - - function revokeTokens() { - unsetTokenCookies(); - $q = "DELETE FROM authToken WHERE userAccount ='%s' AND policy='%s'"; - $v = array(_USERACCOUNT,_POLICY); - return db_query($q, array('fv'=>'rights/revokeTokens','modul'=>'login','result'=>'delete','values'=>$v)); - } - -?> |