192 lines
5.7 KiB
PHP
192 lines
5.7 KiB
PHP
<?php
|
|
|
|
function auth_actions($posts,$gets){
|
|
// logout
|
|
if($posts["auth_action"]=="logout"){
|
|
unsetauth();
|
|
}
|
|
// login locale
|
|
elseif($posts["auth_action"]=="local_login" AND isset($posts["username"])){
|
|
local_login($posts["username"],$posts["password"]);
|
|
}
|
|
// richiesta auth openid (fase 1)
|
|
elseif($posts["auth_action"] == "openid_login"){
|
|
$authresult = req_openid_auth($posts['openid_identifier']);
|
|
}
|
|
|
|
// fai auth openid (fase 2)
|
|
elseif(isset($gets['openid_mode'])) {
|
|
do_openid_auth($gets['openid_mode']);
|
|
}
|
|
}
|
|
|
|
|
|
// stocca sessione
|
|
function storeauth($iddata){
|
|
global $aravNamespace;
|
|
$aravNamespace = new Zend_Session_Namespace('arav');
|
|
$aravNamespace->iddata = $iddata;
|
|
$aravNamespace->stabledata = array_intersect_key($_SERVER, array_flip($GLOBALS["conf"]["stablestoredfields"]));
|
|
$aravNamespace->volatiledata = array_intersect_key($_SERVER, array_flip($GLOBALS["conf"]["volatilestoredfields"]));
|
|
}
|
|
|
|
function unsetauth(){
|
|
global $aravNamespace;
|
|
// $aravNamespace->stabledata = NULL;
|
|
Zend_Session::destroy(true);
|
|
}
|
|
|
|
|
|
// determina se e' autenticato
|
|
function isauth(){
|
|
global $aravNamespace;
|
|
$aravNamespace = new Zend_Session_Namespace('arav');
|
|
|
|
if($aravNamespace->stabledata == array_intersect_key($_SERVER, array_flip($GLOBALS["conf"]["stablestoredfields"]))){
|
|
$retaggio = array("esito" => TRUE);
|
|
foreach ($aravNamespace as $index => $value) {
|
|
$retaggio[$index] = $value;
|
|
}
|
|
}
|
|
else{
|
|
$retaggio = array("esito" => FALSE);
|
|
}
|
|
return $retaggio;
|
|
}
|
|
|
|
|
|
// #### OPENID #######
|
|
|
|
// auth openid, fase 1
|
|
function req_openid_auth($openid_identifier){
|
|
Zend_Loader::loadClass('Zend_OpenId_Consumer');
|
|
Zend_Loader::loadClass('Zend_OpenId_Extension_Sreg');
|
|
|
|
$status = "";
|
|
$sreg = new Zend_OpenId_Extension_Sreg(array('nickname'=>true,
|
|
'email'=>false,
|
|
'fullname'=>false), null, 1.1);
|
|
$consumer = new Zend_OpenId_Consumer();
|
|
if (!$consumer->login($openid_identifier, NULL, NULL, $sreg)) {
|
|
$status = array("esito" => "USER_NE", "userid" => htmlspecialchars($id));
|
|
}
|
|
return $status;
|
|
}
|
|
|
|
// fai auth openid (fase 2)
|
|
function do_openid_auth($openid_mode){
|
|
if ($openid_mode == "id_res") {
|
|
Zend_Loader::loadClass('Zend_OpenId_Consumer');
|
|
Zend_Loader::loadClass('Zend_OpenId_Extension_Sreg');
|
|
|
|
$sreg = new Zend_OpenId_Extension_Sreg(array(
|
|
'nickname'=>true,
|
|
'email'=>false,
|
|
'fullname'=>false), null, 1.1);
|
|
|
|
$consumer = new Zend_OpenId_Consumer();
|
|
if ($consumer->verify($_GET, $id,$sreg)) {
|
|
$status = array("esito" => "AUTH_OK", "userid" => htmlspecialchars($id));
|
|
} else {
|
|
$status = array("esito" => "USER_NE", "userid" => htmlspecialchars($id));
|
|
}
|
|
} else if ($openid_mode == "cancel") {
|
|
$status = array("esito" => "USER_NE", "userid" => htmlspecialchars($id));
|
|
}
|
|
|
|
$data = $sreg->getProperties();
|
|
|
|
if ($status["esito"] == "AUTH_OK"){
|
|
$usergroup = get_openid_usergroup($id);
|
|
$authdata["ACL"] = get_acl($usergroup);
|
|
$authdata["IDENTITY"] = $id;
|
|
$authdata["NICK"] = htmlspecialchars($data["nickname"]);
|
|
storeauth($authdata);
|
|
}
|
|
else{
|
|
unsetauth();
|
|
}
|
|
}
|
|
|
|
// ##### mappatura gruppi #####
|
|
|
|
// user -> usergroup su tabella openid
|
|
function get_openid_usergroup($openid){
|
|
Zend_Loader::loadClass('Zend_Db_Adapter_Pdo_Sqlite');
|
|
$dbAdapter = new Zend_Db_Adapter_Pdo_Sqlite(array('dbname' => $GLOBALS["conf"]["user_db"],'sqlite3' => true ));
|
|
$query = "SELECT usergroup FROM openid WHERE openid = '$openid'";
|
|
$result = $dbAdapter->fetchCol($query);
|
|
return $result[0];
|
|
}
|
|
|
|
// #### LOGIN LOCALE ########
|
|
|
|
// effettua il login locale
|
|
function local_login($username, $password){
|
|
$username = preg_replace("/[^a-zA-Z0-9\-\_]/", "", $username);
|
|
$authresult = do_local_auth($username,hash("sha256",$password));
|
|
|
|
if ($authresult["esito"] == "AUTH_OK"){
|
|
$usergroup = get_local_usergroup($authresult["userid"]);
|
|
$authdata["ACL"] = get_acl($usergroup);
|
|
|
|
$authdata["IDENTITY"] = $authresult["userid"];
|
|
$authdata["NICK"] = htmlspecialchars($authresult["userid"]);
|
|
|
|
storeauth($authdata);
|
|
}
|
|
else{
|
|
unsetauth();
|
|
}
|
|
}
|
|
|
|
// autentica sul db locale
|
|
function do_local_auth($username, $password){
|
|
try {
|
|
// Create (connect to) SQLite database in file
|
|
$file_db = new PDO("sqlite:".$GLOBALS["conf"]["user_db"]);
|
|
report(1,"connected to auth db");
|
|
// Set errormode to exceptions
|
|
$file_db->setAttribute(PDO::ATTR_ERRMODE,
|
|
PDO::ERRMODE_EXCEPTION);
|
|
$query_userexist = "SELECT username FROM users WHERE username = '$username'";
|
|
report(1,"query $query_userexist");
|
|
$ueresult = $file_db->query($query_userexist);
|
|
$uerow = $ueresult->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if($uerow["username"] == $username){
|
|
report(1,"username exists");
|
|
// controlla passwd e piglia su dati
|
|
$query_checkpwd = "SELECT users.username,groups.dir FROM users,groups WHERE users.username = '$username' AND users.password = '$password' AND users.usergroup = groups.usergroup";
|
|
report(1,"query: $query_checkpwd");
|
|
$cpresult = $file_db->query($query_checkpwd);
|
|
$cprow = $cpresult->fetch(PDO::FETCH_ASSOC);
|
|
if($cprow["username"] == $username){
|
|
$esito = "AUTH_OK";
|
|
}
|
|
else {
|
|
$esito = "PASS_IV";
|
|
}
|
|
} else {
|
|
$esito = "USER_NE";
|
|
}
|
|
report(1,"esito $esito");
|
|
}
|
|
catch(PDOException $e){
|
|
report(3,$e->getMessage());
|
|
}
|
|
|
|
return array("esito" => $esito, "userid" => $cprow["username"], "dir" => $cprow["dir"]);
|
|
}
|
|
|
|
|
|
function prompt_auth(){
|
|
header('WWW-Authenticate: Basic realm="Arkiwi"');
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
}
|
|
|
|
function is_inside_dir($object,$dir){
|
|
if( strpos(realpath($object), realpath($dir)) === 0) return true;
|
|
return false;
|
|
}
|
|
?>
|