diff options
Diffstat (limited to 'mayor-orig/www/include/modules')
| -rw-r--r-- | mayor-orig/www/include/modules/auth/base/token.php | 116 | ||||
| -rw-r--r-- | mayor-orig/www/include/modules/portal/share/hirek.php | 1 | ||||
| -rw-r--r-- | mayor-orig/www/include/modules/session/accountInfo.php | 16 |
3 files changed, 133 insertions, 0 deletions
diff --git a/mayor-orig/www/include/modules/auth/base/token.php b/mayor-orig/www/include/modules/auth/base/token.php new file mode 100644 index 00000000..72cbcffb --- /dev/null +++ b/mayor-orig/www/include/modules/auth/base/token.php @@ -0,0 +1,116 @@ +<?php + + function generateAuthToken($accountData) { + + if (!defined('AUTHTOKENENABLED') || AUTHTOKENENABLED!==true) return false; + + if (version_compare(PHP_VERSION,'5.3.0')>=0) { + $selector = bin2hex(openssl_random_pseudo_bytes(8)); + $token = openssl_random_pseudo_bytes(32); + } elseif (version_compare(PHP_VERSION,'7.0.0')>=0) { + $selector = bin2hex(random_bytes(8)); + $token = random_bytes(32); + } else { + return false; // nem támogatjuk + } + + if (isset($_COOKIE['t_selector'])===true && isset($_COOKIE['t_validator'])===true) return true; // már van selector/validator elmentve + + $lr = db_connect('login'); + db_start_trans($lr); + + $q = "DELETE FROM authToken WHERE expires <= NOW() - INTERVAL 10 DAY"; + db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete'),$lr); + + $q = "INSERT INTO authToken (policy, userAccount, + userCn, studyId, + selector, token, expires, activity, ipAddress) VALUES ('%s', '%s', '%s', '%s', '%s','%s',NOW() + INTERVAL 30 DAY,NOW(),'%s')"; + $v = array($accountData['policy'], $accountData['userAccount'], + $accountData['userCn'], $accountData['studyId'], + $selector, + hash('sha256', $token), + CLIENTIPADDRESS + ); + $Id = db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'insert', 'values'=>$v),$lr); + db_commit($lr); + db_close($lr); + + if ($Id !== false) { + setcookie('t_selector',$selector,time()+604800*5,'/','',TRUE,TRUE); + setcookie('t_validator',bin2hex($token),time()+604800*5,'/','',TRUE,TRUE); + $_SESSION['mayorapiauth'] = true; + return true; + } else { + return false; + } + } + + function unsetTokenCookies() { // + MS_* + $selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null)); + if ($selector!='') { + $q = "DELETE FROM authToken WHERE selector='%s'"; + $values = array($selector); + db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete', 'values'=>$values),$lr); + } + setcookie('t_selector','',time() - 3600,'/','',TRUE,TRUE); + setcookie('t_validator','',time() - 3600,'/','',TRUE,TRUE); + if (is_array($_COOKIE)) { + foreach($_COOKIE as $key => $value) { + if (substr($key,0,3) == 'MS_') { + setcookie($key,'',time() - 3600,'/','',TRUE,TRUE); + } + } + } + $_SESSION['mayorapiauth'] = false; + } + + function mayorApiAuth() { + + // $MAYORAPIDATA tömb feltöltése + $selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null)); + $validator = readVariable($_COOKIE['t_validator'], 'string', readVariable($_GET['t_validator'], 'hexa', null)); + if ($selector!='' && $validator!='') { + $q = "SELECT * FROM authToken WHERE selector = '%s' AND expires >= NOW()"; + $r = db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'record','values'=>array($selector))); + } + if (is_array($r)) { + $calc = hash('sha256', hex2bin($validator)); + if (hash_equals($calc, $r['token'])) { // valid token + global $sessionMode; + $sessionMode = 2; + // reauth AS: + $toPolicy = $r['policy']; + $userAccount = $r['userAccount']; + $userCn = $r['userCn']; + $studyId = $r['studyId']; + $userPassword = ''; // ??? + $lang = _DEFAULT_LANG; + $data = $r; + $_SESSION['mayorapiauth'] = true; + $q = "UPDATE authToken SET activity=NOW(), ipAddress='%s' WHERE selector = '%s'"; + $v = array(CLIENTIPADDRESS,$selector); + db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'update','values'=>$v)); + return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'studyId'=>$data['studyId'],'userCn'=>$data['userCn'],'valid'=>true); + } else { + unsetTokenCookies(); + } + } else { + unsetTokenCookies(); + } + return false; + } + + function getMyActivity() { + $q = "SELECT ipAddress,activity FROM authToken WHERE userAccount ='%s' AND policy='%s'"; + $v = array(_USERACCOUNT,_POLICY); + return db_query($q, array('fv'=>'rights/getMyActivity','modul'=>'login','result'=>'indexed','values'=>$v)); + } + + function revokeTokens() { + unsetTokenCookies(); + $q = "DELETE FROM authToken WHERE userAccount ='%s' AND policy='%s'"; + $v = array(_USERACCOUNT,_POLICY); + return db_query($q, array('fv'=>'rights/revokeTokens','modul'=>'login','result'=>'delete','values'=>$v)); + } + +?> diff --git a/mayor-orig/www/include/modules/portal/share/hirek.php b/mayor-orig/www/include/modules/portal/share/hirek.php index f9a64f62..5aa3bdc9 100644 --- a/mayor-orig/www/include/modules/portal/share/hirek.php +++ b/mayor-orig/www/include/modules/portal/share/hirek.php @@ -14,6 +14,7 @@ } function getHirek($SET = array('all'=>true,'tolDt'=>'', 'igDt'=>'', 'id' => '', 'flag'=>array(), 'class'=>array(), 'cid'=>array(), 'limit'=>'', 'lang'=>'hu_HU') ) { + $tolDt = $SET['tolDt']; $igDt = $SET['igDt']; if ($tolDt!='') $W[] = "kdt<='$tolDt'"; if ($igDt!='') $W[] = "vdt>='$igDt'"; diff --git a/mayor-orig/www/include/modules/session/accountInfo.php b/mayor-orig/www/include/modules/session/accountInfo.php index b670312f..b14a8edb 100644 --- a/mayor-orig/www/include/modules/session/accountInfo.php +++ b/mayor-orig/www/include/modules/session/accountInfo.php @@ -56,6 +56,22 @@ } + function createEduroamSettings($ADAT) { + + $q = "INSERT INTO eduroam (userAccount,policy,eduroamUID,eduroamPASSWORD,eduroamAFFILIATION,eduroamDOMAIN) + VALUES ('%s','%s','%s','%s','%s','%s')"; + $values = array( + $ADAT['userAccount'], + $ADAT['policy'], + $ADAT['eduroamUID'], + $ADAT['eduroamPASSWORD'], + $ADAT['eduroamAFFILIATION'], + $ADAT['eduroamDOMAIN'], + ); + $res = db_query($q, array('modul'=>'login','values'=>$values)); + return $res; + } + function getEduroamSettings($userAccount,$toPolicy,$ADAT) { $res = false; |