WebSVN – oidplus – Blame – /trunk/includes/classes/OIDplusAuthUtils.class.php

Rev	Author	Line No.	Line
2	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
		5	* Copyright 2019 Daniel Marschall, ViaThinkSoft
		6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
		20	class OIDplusAuthUtils {
		21
14	daniel-mar	22	// RA authentication functions
2	daniel-mar	23
		24	public static function raLogin($email) {
		25	if (strpos($email, '\|') !== false) return;
		26
42	daniel-mar	27	$ses = OIDplus::sesHandler();
2	daniel-mar	28	$list = $ses->getValue('oidplus_logged_in');
		29	if (is_null($list)) $list = '';
		30
		31	$ary = ($list == '') ? array() : explode('\|', $list);
		32	if (!in_array($email, $ary)) $ary[] = $email;
		33	$list = implode('\|', $ary);
		34
		35	$ses->setValue('oidplus_logged_in', $list);
		36	}
		37
		38	public static function raLogout($email) {
42	daniel-mar	39	$ses = OIDplus::sesHandler();
2	daniel-mar	40	$list = $ses->getValue('oidplus_logged_in');
		41	if (is_null($list)) $list = '';
		42
		43	$ary = ($list == '') ? array() : explode('\|', $list);
		44	$key = array_search($email, $ary);
		45	if ($key !== false) unset($ary[$key]);
		46	$list = implode('\|', $ary);
		47
		48	$ses->setValue('oidplus_logged_in', $list);
85	daniel-mar	49
179	daniel-mar	50	if (($list == '') && (!self::isAdminLoggedIn())) {
85	daniel-mar	51	// Nobody logged in anymore. Destroy session cookie to make GDPR people happy
		52	$ses->destroySession();
		53	}
2	daniel-mar	54	}
		55
85	daniel-mar	56	public static function raNumLoggedIn() {
282	daniel-mar	57	if (basename($_SERVER['SCRIPT_FILENAME']) == 'sitemap.php') {
		58	// The sitemap may not contain any confidential information, even if the user is logged in,
		59	// because they could accidentally copy-paste the sitemap to a search engine control panel
		60	return 0;
		61	}
85	daniel-mar	62	$ses = OIDplus::sesHandler();
179	daniel-mar	63
85	daniel-mar	64	$list = $ses->getValue('oidplus_logged_in');
		65	if (is_null($list)) return 0;
179	daniel-mar	66
		67	$ary = ($list == '') ? array() : explode('\|', $list);
		68	return count($ary);
85	daniel-mar	69	}
		70
2	daniel-mar	71	public static function raLogoutAll() {
42	daniel-mar	72	$ses = OIDplus::sesHandler();
2	daniel-mar	73	$ses->setValue('oidplus_logged_in', '');
		74	}
		75
		76	public static function loggedInRaList() {
282	daniel-mar	77	if (basename($_SERVER['SCRIPT_FILENAME']) == 'sitemap.php') {
		78	// The sitemap may not contain any confidential information, even if the user is logged in,
		79	// because they could accidentally copy-paste the sitemap to a search engine control panel
		80	return array();
		81	}
42	daniel-mar	82	$ses = OIDplus::sesHandler();
2	daniel-mar	83	$list = $ses->getValue('oidplus_logged_in');
		84	if (is_null($list)) $list = '';
115	daniel-mar	85
		86	$res = array();
		87	foreach (explode('\|', $list) as $ra_email) {
		88	if ($ra_email == '') continue;
		89	$res[] = new OIDplusRA($ra_email);
		90	}
		91	return $res;
2	daniel-mar	92	}
		93
		94	public static function isRaLoggedIn($email) {
115	daniel-mar	95	foreach (self::loggedInRaList() as $ra) {
		96	if ($email == $ra->raEmail()) return true;
		97	}
		98	return false;
2	daniel-mar	99	}
		100
14	daniel-mar	101	// Admin authentication functions
2	daniel-mar	102
		103	public static function adminLogin() {
42	daniel-mar	104	$ses = OIDplus::sesHandler();
2	daniel-mar	105	$ses->setValue('oidplus_admin_logged_in', '1');
		106	}
		107
		108	public static function adminLogout() {
42	daniel-mar	109	$ses = OIDplus::sesHandler();
85	daniel-mar	110
		111	$ses->setValue('oidplus_admin_logged_in', '0');
		112
		113	if (self::raNumLoggedIn() == 0) {
		114	// Nobody logged in anymore. Destroy session cookie to make GDPR people happy
		115	$ses->destroySession();
		116	}
2	daniel-mar	117	}
		118
		119	public static function adminCheckPassword($password) {
261	daniel-mar	120	$hashed = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', '');
		121	if (empty($hashed)) {
		122	throw new OIDplusException("No admin password set in config.inc.php");
		123	}
2	daniel-mar	124	$calc_authkey = bin2hex(version_compare(PHP_VERSION, '7.1.0') >= 0 ? hash('sha3-512', $password, true) : bb\Sha3\Sha3::hash($password, 512, true));
261	daniel-mar	125	return $calc_authkey == bin2hex(base64_decode($hashed));
2	daniel-mar	126	}
		127
		128	public static function isAdminLoggedIn() {
282	daniel-mar	129	if (basename($_SERVER['SCRIPT_FILENAME']) == 'sitemap.php') {
		130	// The sitemap may not contain any confidential information, even if the user is logged in,
		131	// because they could accidentally copy-paste the sitemap to a search engine control panel
		132	return false;
		133	}
42	daniel-mar	134	$ses = OIDplus::sesHandler();
2	daniel-mar	135	return $ses->getValue('oidplus_admin_logged_in') == '1';
		136	}
		137
282	daniel-mar	138	// Authentification keys for validating arguments (e.g. sent by mail)
2	daniel-mar	139
		140	public static function makeAuthKey($data) {
261	daniel-mar	141	$data = OIDplus::baseConfig()->getValue('SERVER_SECRET') . $data;
2	daniel-mar	142	$calc_authkey = bin2hex(version_compare(PHP_VERSION, '7.1.0') >= 0 ? hash('sha3-512', $data, true) : bb\Sha3\Sha3::hash($data, 512, true));
		143	return $calc_authkey;
		144	}
		145
		146	public static function validateAuthKey($data, $auth_key) {
		147	return self::makeAuthKey($data) == $auth_key;
		148	}
		149
		150	}

Subversion Repositories oidplus

oidplus/trunk/includes/classes/OIDplusAuthUtils.class.php – Rev 282