1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
<?php
//__GOOGLEAPI_ENABLED===true
function mayorGoogleApiAuth() {
if (__GOOGLEAPI_ENABLED !== true ) return false;
if (version_compare(PHP_VERSION, '5.4.0', '<')) {
$_SESSION['alert'][] = 'info::googleapi:szerver konfigurációs hiba, legalább 5.4-es php verzió szükséges!';
return false;
} else {
/* google login start */
require_once ('include/share/googleapi/autoload.php');
$redirect_uri = _BASE_URL.'/index.php?action=googleapilogin';
$client = new Google_Client();
//$client->setAuthConfig($oauth_credentials);
$client->setClientId(__GOOGLEAPI_CLIENT_ID);
$client->setClientSecret(__GOOGLEAPI_CLIENT_SECRET);
$client->setRedirectUri($redirect_uri);
$client->setScopes('email');
try {
$payload = $client->verifyIdToken($_GET['id_token']);
} catch(Exception $e) {
$_SESSION['alert'][] = 'info::googleapi SDK hiba: ' . $e->getMessage();
}
if (isset($payload['sub'])) { // subject
$_SESSION['googleapi_object'] = $payload;
// mayor auth start
$accountInformation=array();
$toPolicy = 'public';
$data = getUserByGoogleSub($payload['sub']); // subject=google user id
if ($data === false || is_null($data)) {
// allow automatic authentication through these domains:
if (in_array($payload['hd'], array('kanizsay.sulinet.hu','kanizsay.edu.hu','vmg.sulinet.hu','vmg.edu.hu'))) {
$_REGISTER['googleSub'] = $payload['sub'];
$_REGISTER['googleUserCn'] = $payload['name'];
$_REGISTER['googleUserEmail'] = $payload['email'];
$registered = googleapiGrant_light($_REGISTER);
if ($registered===true) {
$data = getUserByGoogleSub($payload['sub']); // subject=google user id
if (is_array($data)) {
setGoogleToken($payload['sub'],$_GET['id_token']); // a verifyIdToken igazolja
return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'googleUserEmail'=>$data['googleUserEmail'],'studyId'=>$data['studyId'],'googleUserCn'=>$data['googleUserCn'],'accessToken'=>$accessToken);
}
}
}
$_SESSION['alert'][] = 'info:Nincs ilyen user (még) a MaYoR-ral összekötve, kérjük jelentkezz be jelszóval!';
} elseif (is_array($data)) {
// Ha van, akkor ki az? Mert ő bemehet.
setGoogleToken($payload['sub'],$_GET['id_token']); // a verifyIdToken igazolja
return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'googleUserEmail'=>$data['googleUserEmail'],'studyId'=>$data['studyId'],'googleUserCn'=>$data['googleUserCn'],'accessToken'=>$accessToken);
}
/* mayor auth stop */
} else {
$_SESSION['alert'][] = 'info::googleapi:nem érvényes accessToken';
}
/* googleapi login stop */
}
return false;
}
function getUserByGoogleSub($googleSub) {
if ($googleSub=='') return false;
$q = "SELECT * FROM googleConnect WHERE googleSub='%s' ORDER BY policy LIMIT 1";
$v = array($googleSub);
$record = db_query($q,array('fv'=>'getUserByGoogleSub','modul'=>'login','result'=>'record','values'=>$v));
return $record;
}
function setGoogleToken($googleSub, $id_token) {
if ($googleSub=='') return false;
if ($id_token=='') return false;
$_SESSION['googleapi_id_token'] = $id_token;
}
function googleapiGrant_light($ADAT) {
require_once('include/modules/session/search/searchAccount.php');
if ($ADAT['googleSub']=='') return false;
if ($ADAT['googleUserEmail']=='') return false;
$searchAttrList = array('userCn', 'userAccount', 'studyId');
$attr = 'mail';
$pattern = $ADAT['googleUserEmail'];
$searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private');
if ($searchResult['count']!==1) {
// több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be
return false;
}
$userAccount = $searchResult[0]['userAccount'][0];
$studyId = $searchResult[0]['studyId'][0];
$policy = 'private';
// version b, using naplo
/*
$q = "SELECT oId FROM tanar WHERE email='%s'";
$v = array($ADAT['googleUserEmail']);
$studyId = $oktId = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant_light','modul'=>'naplo_intezmeny','result'=>'value','values'=>$v));
if ($studyId=='') return false;
if ($AUTH[_POLICY]['backend'] == 'ad') $searchAttrList = array('userCn', 'userAccount', 'uidNumber', 'studyId');
else $searchAttrList = array('userCn', 'userAccount', 'studyId');
$attr = 'studyId';
$pattern = $studyId;
$searchResult = searchAccount($attr, $pattern, $searchAttrList, 'private');
if ($searchResult['count']!==1) {
// több ugyanolyan oktatási azonosítóval bíró user van, így nem autholjuk be
return false;
}
$userAccount = $searchResult[0]['userAccount'][0];
$policy = 'private';
*/
$q = "INSERT IGNORE INTO googleConnect (userAccount,policy,googleSub,googleUserCn,googleUserEmail,studyId) VALUES ('%s','%s','%s','%s','%s','%s')";
$v = array('userAccount'=>$userAccount,'policy'=>$policy,'googleSub'=>$ADAT['googleSub'],$ADAT['googleUserCn'],$ADAT['googleUserEmail'],$studyId);
$r = db_query($q,array('debug'=>false,'fv'=>'googleapiGrant','modul'=>'login','result'=>'insert','values'=>$v));
return ($r!==false) ? true : false;
}
?>
|
