|
@@ -1,176 +1,48 @@
|
|
|
<?php
|
|
|
|
|
|
-function auth_actions($posts,$gets){
|
|
|
- // logout
|
|
|
- if($posts["auth_action"]=="logout"){
|
|
|
- unsetauth();
|
|
|
- }
|
|
|
- // login locale
|
|
|
- elseif($posts["auth_action"]=="local_login" AND isset($posts["username"])){
|
|
|
- local_login($posts["username"],$posts["password"]);
|
|
|
- }
|
|
|
- // richiesta auth openid (fase 1)
|
|
|
- elseif($posts["auth_action"] == "openid_login"){
|
|
|
- $authresult = req_openid_auth($posts['openid_identifier']);
|
|
|
- }
|
|
|
-
|
|
|
- // fai auth openid (fase 2)
|
|
|
- elseif(isset($gets['openid_mode'])) {
|
|
|
- do_openid_auth($gets['openid_mode']);
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-// stocca sessione
|
|
|
-function storeauth($iddata){
|
|
|
- global $aravNamespace;
|
|
|
- $aravNamespace = new Zend_Session_Namespace('arav');
|
|
|
- $aravNamespace->iddata = $iddata;
|
|
|
- $aravNamespace->stabledata = array_intersect_key($_SERVER, array_flip($GLOBALS["conf"]["stablestoredfields"]));
|
|
|
- $aravNamespace->volatiledata = array_intersect_key($_SERVER, array_flip($GLOBALS["conf"]["volatilestoredfields"]));
|
|
|
-}
|
|
|
-
|
|
|
-function unsetauth(){
|
|
|
- global $aravNamespace;
|
|
|
- // $aravNamespace->stabledata = NULL;
|
|
|
- Zend_Session::destroy(true);
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-// determina se e' autenticato
|
|
|
-function isauth(){
|
|
|
- global $aravNamespace;
|
|
|
- $aravNamespace = new Zend_Session_Namespace('arav');
|
|
|
-
|
|
|
- if($aravNamespace->stabledata == array_intersect_key($_SERVER, array_flip($GLOBALS["conf"]["stablestoredfields"]))){
|
|
|
- $retaggio = array("esito" => TRUE);
|
|
|
- foreach ($aravNamespace as $index => $value) {
|
|
|
- $retaggio[$index] = $value;
|
|
|
- }
|
|
|
- }
|
|
|
- else{
|
|
|
- $retaggio = array("esito" => FALSE);
|
|
|
- }
|
|
|
- return $retaggio;
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-// #### OPENID #######
|
|
|
-
|
|
|
-// auth openid, fase 1
|
|
|
-function req_openid_auth($openid_identifier){
|
|
|
- Zend_Loader::loadClass('Zend_OpenId_Consumer');
|
|
|
- Zend_Loader::loadClass('Zend_OpenId_Extension_Sreg');
|
|
|
-
|
|
|
- $status = "";
|
|
|
- $sreg = new Zend_OpenId_Extension_Sreg(array('nickname'=>true,
|
|
|
- 'email'=>false,
|
|
|
- 'fullname'=>false), null, 1.1);
|
|
|
- $consumer = new Zend_OpenId_Consumer();
|
|
|
- if (!$consumer->login($openid_identifier, NULL, NULL, $sreg)) {
|
|
|
- $status = array("esito" => "USER_NE", "userid" => htmlspecialchars($id));
|
|
|
- }
|
|
|
- return $status;
|
|
|
-}
|
|
|
-
|
|
|
-// fai auth openid (fase 2)
|
|
|
-function do_openid_auth($openid_mode){
|
|
|
- if ($openid_mode == "id_res") {
|
|
|
- Zend_Loader::loadClass('Zend_OpenId_Consumer');
|
|
|
- Zend_Loader::loadClass('Zend_OpenId_Extension_Sreg');
|
|
|
-
|
|
|
- $sreg = new Zend_OpenId_Extension_Sreg(array(
|
|
|
- 'nickname'=>true,
|
|
|
- 'email'=>false,
|
|
|
- 'fullname'=>false), null, 1.1);
|
|
|
-
|
|
|
- $consumer = new Zend_OpenId_Consumer();
|
|
|
- if ($consumer->verify($_GET, $id,$sreg)) {
|
|
|
- $status = array("esito" => "AUTH_OK", "userid" => htmlspecialchars($id));
|
|
|
- } else {
|
|
|
- $status = array("esito" => "USER_NE", "userid" => htmlspecialchars($id));
|
|
|
- }
|
|
|
- } else if ($openid_mode == "cancel") {
|
|
|
- $status = array("esito" => "USER_NE", "userid" => htmlspecialchars($id));
|
|
|
- }
|
|
|
-
|
|
|
- $data = $sreg->getProperties();
|
|
|
-
|
|
|
- if ($status["esito"] == "AUTH_OK"){
|
|
|
- $usergroup = get_openid_usergroup($id);
|
|
|
- $authdata["ACL"] = get_acl($usergroup);
|
|
|
- $authdata["IDENTITY"] = $id;
|
|
|
- $authdata["NICK"] = htmlspecialchars($data["nickname"]);
|
|
|
- storeauth($authdata);
|
|
|
- }
|
|
|
- else{
|
|
|
- unsetauth();
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-// ##### mappatura gruppi #####
|
|
|
-
|
|
|
-// user -> usergroup su tabella openid
|
|
|
-function get_openid_usergroup($openid){
|
|
|
- Zend_Loader::loadClass('Zend_Db_Adapter_Pdo_Sqlite');
|
|
|
- $dbAdapter = new Zend_Db_Adapter_Pdo_Sqlite(array('dbname' => $GLOBALS["conf"]["user_db"],'sqlite3' => true ));
|
|
|
- $query = "SELECT usergroup FROM openid WHERE openid = '$openid'";
|
|
|
- $result = $dbAdapter->fetchCol($query);
|
|
|
- return $result[0];
|
|
|
-}
|
|
|
-
|
|
|
-// #### LOGIN LOCALE ########
|
|
|
-
|
|
|
-// effettua il login locale
|
|
|
-function local_login($username, $password){
|
|
|
- $username = preg_replace("/[^a-zA-Z0-9\-\_]/", "", $username);
|
|
|
- $authresult = do_local_auth($username,hash("sha256",$password));
|
|
|
-
|
|
|
- if ($authresult["esito"] == "AUTH_OK"){
|
|
|
- $usergroup = get_local_usergroup($authresult["userid"]);
|
|
|
- $authdata["ACL"] = get_acl($usergroup);
|
|
|
-
|
|
|
- $authdata["IDENTITY"] = $authresult["userid"];
|
|
|
- $authdata["NICK"] = htmlspecialchars($authresult["userid"]);
|
|
|
-
|
|
|
- storeauth($authdata);
|
|
|
- }
|
|
|
- else{
|
|
|
- unsetauth();
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
// autentica sul db locale
|
|
|
function do_local_auth($username, $password){
|
|
|
try {
|
|
|
- // Create (connect to) SQLite database in file
|
|
|
- $file_db = new PDO("sqlite:".$GLOBALS["conf"]["user_db"]);
|
|
|
- report(1,"connected to auth db");
|
|
|
- // Set errormode to exceptions
|
|
|
- $file_db->setAttribute(PDO::ATTR_ERRMODE,
|
|
|
- PDO::ERRMODE_EXCEPTION);
|
|
|
- $query_userexist = "SELECT username FROM users WHERE username = '$username'";
|
|
|
- report(1,"query $query_userexist");
|
|
|
- $ueresult = $file_db->query($query_userexist);
|
|
|
- $uerow = $ueresult->fetch(PDO::FETCH_ASSOC);
|
|
|
-
|
|
|
- if($uerow["username"] == $username){
|
|
|
- report(1,"username exists");
|
|
|
- // controlla passwd e piglia su dati
|
|
|
- $query_checkpwd = "SELECT users.username,groups.dir FROM users,groups WHERE users.username = '$username' AND users.password = '$password' AND users.usergroup = groups.usergroup";
|
|
|
- report(1,"query: $query_checkpwd");
|
|
|
- $cpresult = $file_db->query($query_checkpwd);
|
|
|
- $cprow = $cpresult->fetch(PDO::FETCH_ASSOC);
|
|
|
- if($cprow["username"] == $username){
|
|
|
- $esito = "AUTH_OK";
|
|
|
- }
|
|
|
- else {
|
|
|
- $esito = "PASS_IV";
|
|
|
- }
|
|
|
- } else {
|
|
|
- $esito = "USER_NE";
|
|
|
- }
|
|
|
- report(1,"esito $esito");
|
|
|
+ // Create (connect to) SQLite database in file
|
|
|
+ $file_db = new PDO("sqlite:".$GLOBALS["conf"]["user_db"]);
|
|
|
+ report(1,"connected to auth db");
|
|
|
+ // Set errormode to exceptions
|
|
|
+ $file_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
+
|
|
|
+ $query_userexist = "SELECT username FROM users WHERE username = :username";
|
|
|
+ $uestmt = $file_db->prepare($query_userexist);
|
|
|
+ $uestmt->bindParam(':username', $username);
|
|
|
+ $uestmt->execute();
|
|
|
+ $uerow = $uestmt->fetch(PDO::FETCH_ASSOC);
|
|
|
+
|
|
|
+ if($uerow["username"] == $username){
|
|
|
+ report(1,"username exists");
|
|
|
+ // controlla passwd e piglia su dati
|
|
|
+
|
|
|
+ /*
|
|
|
+ $query_checkpwd = "SELECT users.username,groups.dir FROM users,groups WHERE users.username = :username AND users.password = :password AND users.usergroup = groups.usergroup";
|
|
|
+ $cpstmt = $file_db->prepare($query_checkpwd);
|
|
|
+ $cpstmt->bindParam(':username', $username);
|
|
|
+ $cpstmt->bindParam(':password', $password);
|
|
|
+ $cpstmt->execute();
|
|
|
+ $cprow = $cpstmt->fetch(PDO::FETCH_ASSOC);
|
|
|
+ */
|
|
|
+
|
|
|
+ $query_checkpwd = "SELECT users.username,groups.dir FROM users,groups WHERE users.username = '$username' AND users.password = '$password' AND users.usergroup = groups.usergroup";
|
|
|
+ report(1,"query: $query_checkpwd");
|
|
|
+ $cpresult = $file_db->query($query_checkpwd);
|
|
|
+ $cprow = $cpresult->fetch(PDO::FETCH_ASSOC);
|
|
|
+
|
|
|
+ if($cprow["username"] == $username){
|
|
|
+ $esito = "AUTH_OK";
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ $esito = "PASS_IV"; // pwd sbajata!
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ $esito = "USER_NE"; // non esiste
|
|
|
+ }
|
|
|
+ report(1,"esito $esito");
|
|
|
}
|
|
|
catch(PDOException $e){
|
|
|
report(3,$e->getMessage());
|
|
@@ -189,4 +61,5 @@ function is_inside_dir($object,$dir){
|
|
|
if( strpos(realpath($object), realpath($dir)) === 0) return true;
|
|
|
return false;
|
|
|
}
|
|
|
+
|
|
|
?>
|