aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/www/include/modules/auth
diff options
context:
space:
mode:
Diffstat (limited to 'mayor-orig/www/include/modules/auth')
-rw-r--r--mayor-orig/www/include/modules/auth/base/forgotten.php53
-rw-r--r--mayor-orig/www/include/modules/auth/base/login.php37
-rw-r--r--mayor-orig/www/include/modules/auth/base/token.php116
3 files changed, 0 insertions, 206 deletions
diff --git a/mayor-orig/www/include/modules/auth/base/forgotten.php b/mayor-orig/www/include/modules/auth/base/forgotten.php
deleted file mode 100644
index 16571855..00000000
--- a/mayor-orig/www/include/modules/auth/base/forgotten.php
+++ /dev/null
@@ -1,53 +0,0 @@
-<?php
-
- function generatePasswordRecoveryRequest($accountData) {
-
- $URL = 'https://'.$_SERVER['SERVER_NAME'].'/index.php?page=password&f=resetPassword&';
-
- if (version_compare(PHP_VERSION,'5.3.0')>=0) {
- $selector = bin2hex(openssl_random_pseudo_bytes(8));
- $token = openssl_random_pseudo_bytes(32);
- } elseif (version_compare(PHP_VERSION,'7.0.0')>=0) {
- $selector = bin2hex(random_bytes(8));
- $token = random_bytes(32);
- } else {
- return false; // nem támogatjuk
- }
- $urlToEmail = href($URL.http_build_query(array(
- 'selector' => $selector,
- 'validator' => bin2hex($token)
- ),'','&'));
-
- $expires = new DateTime('NOW');
- $expires->add(new DateInterval('PT01H')); // 1 hour
-
- // rate limiting és karbantartás
- $lr = db_connect('login');
- db_start_trans($lr);
-
- $q = "DELETE FROM accountRecovery WHERE expires <= NOW() - INTERVAL 10 DAY";
- db_query($q, array('debug'=>false,'fv' => 'generatePasswordRecoveryRequest', 'modul'=>'login', 'result'=>'delete'),$lr);
-
- $q = "SELECT count(*) as db FROM accountRecovery WHERE policy='%s' AND userAccount='%s'";
- $v = array($accountData['policy'], $accountData['userAccount']);
- $recoveryRequestDb = db_query($q, array('debug'=>false,'fv' => 'generatePasswordRecoveryRequest', 'modul'=>'login', 'result'=>'value', 'values'=>$v),$lr);
-
- if ($recoveryRequestDb<5) {
- $q = "INSERT INTO accountRecovery (policy, userAccount, selector, token, expires) VALUES ('%s', '%s', '%s', '%s', '%s');";
- $v = array($accountData['policy'], $accountData['userAccount'],
- $selector,
- hash('sha256', $token),
- $expires->format('Y-m-d\TH:i:s'));
- $recoveryId = db_query($q, array('debug'=>false,'fv' => 'generatePasswordRecoveryRequest', 'modul'=>'login', 'result'=>'insert', 'values'=>$v),$lr);
- } else {
- return false;
- }
- db_commit($lr);
- db_close($lr);
-
- if ($recoveryId !== false) return $urlToEmail;
- else return false;
-
- }
-
-?> \ No newline at end of file
diff --git a/mayor-orig/www/include/modules/auth/base/login.php b/mayor-orig/www/include/modules/auth/base/login.php
deleted file mode 100644
index f9cb3a2d..00000000
--- a/mayor-orig/www/include/modules/auth/base/login.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-
- function userAuthentication($userAccount, $userPassword, &$accountInformation, $toPolicy) {
- global $AUTH;
- require_once('include/share/auth/base.php');
-
- if (file_exists('include/backend/'.$AUTH[$toPolicy]['backend'].'/auth/login.php')) {
- require_once('include/backend/'.$AUTH[$toPolicy]['backend'].'/auth/login.php');
- } else {
- throw new Exception('Fatal Error');
- }
-
- //$x = call_user_func( str_replace('-','_',$AUTH[$toPolicy]['backend'])."UserAuthentication",$userAccount, $userPassword, $accountInformation, $toPolicy);
- switch ($AUTH[$toPolicy]['backend']) {
- case 'mysql':
- $r = mysqlUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy);
- break;
- case 'ldap':
- $r = ldapUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy);
- break;
- case 'ldap-ng':
- $r = ldap_ngUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy);
- break;
- case 'ldapng':
- $r = ldapngUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy);
- break;
- case 'ads':
- $r = adsUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy);
- break;
- case 'file':
- $r = fileUserAuthentication($userAccount, $userPassword, $accountInformation, $toPolicy);
- break;
- }
- return $r;
- }
-
-?> \ No newline at end of file
diff --git a/mayor-orig/www/include/modules/auth/base/token.php b/mayor-orig/www/include/modules/auth/base/token.php
deleted file mode 100644
index 72cbcffb..00000000
--- a/mayor-orig/www/include/modules/auth/base/token.php
+++ /dev/null
@@ -1,116 +0,0 @@
-<?php
-
- function generateAuthToken($accountData) {
-
- if (!defined('AUTHTOKENENABLED') || AUTHTOKENENABLED!==true) return false;
-
- if (version_compare(PHP_VERSION,'5.3.0')>=0) {
- $selector = bin2hex(openssl_random_pseudo_bytes(8));
- $token = openssl_random_pseudo_bytes(32);
- } elseif (version_compare(PHP_VERSION,'7.0.0')>=0) {
- $selector = bin2hex(random_bytes(8));
- $token = random_bytes(32);
- } else {
- return false; // nem támogatjuk
- }
-
- if (isset($_COOKIE['t_selector'])===true && isset($_COOKIE['t_validator'])===true) return true; // már van selector/validator elmentve
-
- $lr = db_connect('login');
- db_start_trans($lr);
-
- $q = "DELETE FROM authToken WHERE expires <= NOW() - INTERVAL 10 DAY";
- db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete'),$lr);
-
- $q = "INSERT INTO authToken (policy, userAccount,
- userCn, studyId,
- selector, token, expires, activity, ipAddress) VALUES ('%s', '%s', '%s', '%s', '%s','%s',NOW() + INTERVAL 30 DAY,NOW(),'%s')";
- $v = array($accountData['policy'], $accountData['userAccount'],
- $accountData['userCn'], $accountData['studyId'],
- $selector,
- hash('sha256', $token),
- CLIENTIPADDRESS
- );
- $Id = db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'insert', 'values'=>$v),$lr);
- db_commit($lr);
- db_close($lr);
-
- if ($Id !== false) {
- setcookie('t_selector',$selector,time()+604800*5,'/','',TRUE,TRUE);
- setcookie('t_validator',bin2hex($token),time()+604800*5,'/','',TRUE,TRUE);
- $_SESSION['mayorapiauth'] = true;
- return true;
- } else {
- return false;
- }
- }
-
- function unsetTokenCookies() { // + MS_*
- $selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null));
- if ($selector!='') {
- $q = "DELETE FROM authToken WHERE selector='%s'";
- $values = array($selector);
- db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete', 'values'=>$values),$lr);
- }
- setcookie('t_selector','',time() - 3600,'/','',TRUE,TRUE);
- setcookie('t_validator','',time() - 3600,'/','',TRUE,TRUE);
- if (is_array($_COOKIE)) {
- foreach($_COOKIE as $key => $value) {
- if (substr($key,0,3) == 'MS_') {
- setcookie($key,'',time() - 3600,'/','',TRUE,TRUE);
- }
- }
- }
- $_SESSION['mayorapiauth'] = false;
- }
-
- function mayorApiAuth() {
-
- // $MAYORAPIDATA tömb feltöltése
- $selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null));
- $validator = readVariable($_COOKIE['t_validator'], 'string', readVariable($_GET['t_validator'], 'hexa', null));
- if ($selector!='' && $validator!='') {
- $q = "SELECT * FROM authToken WHERE selector = '%s' AND expires >= NOW()";
- $r = db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'record','values'=>array($selector)));
- }
- if (is_array($r)) {
- $calc = hash('sha256', hex2bin($validator));
- if (hash_equals($calc, $r['token'])) { // valid token
- global $sessionMode;
- $sessionMode = 2;
- // reauth AS:
- $toPolicy = $r['policy'];
- $userAccount = $r['userAccount'];
- $userCn = $r['userCn'];
- $studyId = $r['studyId'];
- $userPassword = ''; // ???
- $lang = _DEFAULT_LANG;
- $data = $r;
- $_SESSION['mayorapiauth'] = true;
- $q = "UPDATE authToken SET activity=NOW(), ipAddress='%s' WHERE selector = '%s'";
- $v = array(CLIENTIPADDRESS,$selector);
- db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'update','values'=>$v));
- return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'studyId'=>$data['studyId'],'userCn'=>$data['userCn'],'valid'=>true);
- } else {
- unsetTokenCookies();
- }
- } else {
- unsetTokenCookies();
- }
- return false;
- }
-
- function getMyActivity() {
- $q = "SELECT ipAddress,activity FROM authToken WHERE userAccount ='%s' AND policy='%s'";
- $v = array(_USERACCOUNT,_POLICY);
- return db_query($q, array('fv'=>'rights/getMyActivity','modul'=>'login','result'=>'indexed','values'=>$v));
- }
-
- function revokeTokens() {
- unsetTokenCookies();
- $q = "DELETE FROM authToken WHERE userAccount ='%s' AND policy='%s'";
- $v = array(_USERACCOUNT,_POLICY);
- return db_query($q, array('fv'=>'rights/revokeTokens','modul'=>'login','result'=>'delete','values'=>$v));
- }
-
-?>