From f70027ffbedce10f412868a7bf9b0b67b113f1b1 Mon Sep 17 00:00:00 2001
From: M.Gergo
Date: Sun, 20 Jan 2019 11:48:48 +0100
Subject: Rev: 4423

---
 mayor-orig/www/include/modules/auth/base/token.php | 116 +++++++++++++++++++++
 .../www/include/modules/portal/share/hirek.php     |   1 +
 .../www/include/modules/session/accountInfo.php    |  16 +++
 3 files changed, 133 insertions(+)
 create mode 100644 mayor-orig/www/include/modules/auth/base/token.php

(limited to 'mayor-orig/www/include/modules')

diff --git a/mayor-orig/www/include/modules/auth/base/token.php b/mayor-orig/www/include/modules/auth/base/token.php
new file mode 100644
index 00000000..72cbcffb
--- /dev/null
+++ b/mayor-orig/www/include/modules/auth/base/token.php
@@ -0,0 +1,116 @@
+<?php
+
+    function generateAuthToken($accountData) {
+
+	if (!defined('AUTHTOKENENABLED') || AUTHTOKENENABLED!==true) return false;
+
+	if (version_compare(PHP_VERSION,'5.3.0')>=0) {
+	    $selector = bin2hex(openssl_random_pseudo_bytes(8));
+	    $token = openssl_random_pseudo_bytes(32);
+	} elseif (version_compare(PHP_VERSION,'7.0.0')>=0) {
+	    $selector = bin2hex(random_bytes(8));
+	    $token = random_bytes(32);
+	} else {
+	    return false; // nem támogatjuk
+	}
+
+	if (isset($_COOKIE['t_selector'])===true && isset($_COOKIE['t_validator'])===true) return true; // már van selector/validator elmentve 
+
+	$lr = db_connect('login');
+	db_start_trans($lr);
+
+	$q = "DELETE FROM authToken WHERE expires <= NOW() - INTERVAL 10 DAY";
+	db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete'),$lr);
+
+	$q = "INSERT INTO authToken (policy, userAccount, 
+	    userCn, studyId,
+	    selector, token, expires, activity, ipAddress) VALUES ('%s', '%s', '%s', '%s', '%s','%s',NOW() + INTERVAL 30 DAY,NOW(),'%s')";
+	$v = array($accountData['policy'], $accountData['userAccount'], 
+		$accountData['userCn'], $accountData['studyId'],
+		$selector, 
+		hash('sha256', $token),
+		CLIENTIPADDRESS
+	);
+	$Id = db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'insert', 'values'=>$v),$lr);
+	db_commit($lr);
+	db_close($lr);
+
+	if ($Id !== false) {
+	    setcookie('t_selector',$selector,time()+604800*5,'/','',TRUE,TRUE);
+	    setcookie('t_validator',bin2hex($token),time()+604800*5,'/','',TRUE,TRUE);
+	    $_SESSION['mayorapiauth'] = true;
+	    return true;
+	} else {
+	    return false;
+	}
+    }
+
+    function unsetTokenCookies() { // + MS_*
+	$selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null));
+	if ($selector!='') {
+	    $q = "DELETE FROM authToken WHERE selector='%s'";
+	    $values = array($selector);
+	    db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete', 'values'=>$values),$lr);
+	}
+        setcookie('t_selector','',time() - 3600,'/','',TRUE,TRUE);
+        setcookie('t_validator','',time() - 3600,'/','',TRUE,TRUE);
+	if (is_array($_COOKIE)) {
+	    foreach($_COOKIE as $key => $value) {
+		if (substr($key,0,3) == 'MS_') {
+    		    setcookie($key,'',time() - 3600,'/','',TRUE,TRUE);
+		}
+	    }
+	}
+	$_SESSION['mayorapiauth'] = false;
+    }
+
+    function mayorApiAuth() {
+
+	// $MAYORAPIDATA tömb feltöltése
+            $selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null));
+            $validator = readVariable($_COOKIE['t_validator'], 'string', readVariable($_GET['t_validator'], 'hexa', null));
+            if ($selector!='' && $validator!='') {
+                $q = "SELECT * FROM authToken WHERE selector = '%s' AND expires >= NOW()";
+                $r = db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'record','values'=>array($selector)));
+            }
+            if (is_array($r)) {
+                $calc = hash('sha256', hex2bin($validator));
+                if (hash_equals($calc, $r['token'])) { // valid token
+                        global $sessionMode;
+                        $sessionMode = 2;
+                        // reauth AS:
+                        $toPolicy = $r['policy'];
+                        $userAccount = $r['userAccount'];
+                        $userCn = $r['userCn'];
+                        $studyId = $r['studyId'];
+                        $userPassword = ''; // ???
+                        $lang = _DEFAULT_LANG;
+			$data = $r;
+		    $_SESSION['mayorapiauth'] = true;
+            	    $q = "UPDATE authToken SET activity=NOW(), ipAddress='%s' WHERE selector = '%s'";
+		    $v = array(CLIENTIPADDRESS,$selector);
+            	    db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'update','values'=>$v));
+		    return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'studyId'=>$data['studyId'],'userCn'=>$data['userCn'],'valid'=>true);
+                } else {
+                    unsetTokenCookies();
+                }
+	    } else {
+                unsetTokenCookies();
+	    }
+	return false;
+    }
+
+    function getMyActivity() {
+	$q = "SELECT ipAddress,activity FROM authToken WHERE userAccount ='%s' AND policy='%s'";
+	$v = array(_USERACCOUNT,_POLICY);
+        return db_query($q, array('fv'=>'rights/getMyActivity','modul'=>'login','result'=>'indexed','values'=>$v));
+    }
+
+    function revokeTokens() {
+	unsetTokenCookies();
+	$q = "DELETE FROM authToken WHERE userAccount ='%s' AND policy='%s'";
+	$v = array(_USERACCOUNT,_POLICY);
+        return db_query($q, array('fv'=>'rights/revokeTokens','modul'=>'login','result'=>'delete','values'=>$v));
+    }
+
+?>
diff --git a/mayor-orig/www/include/modules/portal/share/hirek.php b/mayor-orig/www/include/modules/portal/share/hirek.php
index f9a64f62..5aa3bdc9 100644
--- a/mayor-orig/www/include/modules/portal/share/hirek.php
+++ b/mayor-orig/www/include/modules/portal/share/hirek.php
@@ -14,6 +14,7 @@
     }
 
     function getHirek($SET = array('all'=>true,'tolDt'=>'', 'igDt'=>'', 'id' => '', 'flag'=>array(), 'class'=>array(), 'cid'=>array(), 'limit'=>'', 'lang'=>'hu_HU') ) {
+
 	$tolDt = $SET['tolDt']; $igDt = $SET['igDt'];
 	if ($tolDt!='') $W[] = "kdt<='$tolDt'";
 	if ($igDt!='')  $W[] = "vdt>='$igDt'";
diff --git a/mayor-orig/www/include/modules/session/accountInfo.php b/mayor-orig/www/include/modules/session/accountInfo.php
index b670312f..b14a8edb 100644
--- a/mayor-orig/www/include/modules/session/accountInfo.php
+++ b/mayor-orig/www/include/modules/session/accountInfo.php
@@ -56,6 +56,22 @@
 
     }
 
+    function createEduroamSettings($ADAT) {
+
+	    $q = "INSERT INTO eduroam (userAccount,policy,eduroamUID,eduroamPASSWORD,eduroamAFFILIATION,eduroamDOMAIN)
+	    VALUES ('%s','%s','%s','%s','%s','%s')";
+	    $values = array(
+		$ADAT['userAccount'],
+		$ADAT['policy'],
+		$ADAT['eduroamUID'],
+		$ADAT['eduroamPASSWORD'],
+		$ADAT['eduroamAFFILIATION'],
+		$ADAT['eduroamDOMAIN'],
+	    );
+	    $res = db_query($q, array('modul'=>'login','values'=>$values));
+	    return $res;
+    }
+
     function getEduroamSettings($userAccount,$toPolicy,$ADAT) {
 
 	$res = false;
-- 
cgit v1.2.3