WebSVN – oidplus – Blame – /trunk/includes/classes/OIDplusAuthUtils.class.php

Rev	Author	Line No.	Line
2	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
		5	* Copyright 2019 Daniel Marschall, ViaThinkSoft
		6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
		20	class OIDplusAuthUtils {
		21
14	daniel-mar	22	// RA authentication functions
2	daniel-mar	23
		24	public static function raLogin($email) {
		25	if (strpos($email, '\|') !== false) return;
		26
42	daniel-mar	27	$ses = OIDplus::sesHandler();
2	daniel-mar	28	$list = $ses->getValue('oidplus_logged_in');
		29	if (is_null($list)) $list = '';
		30
		31	$ary = ($list == '') ? array() : explode('\|', $list);
		32	if (!in_array($email, $ary)) $ary[] = $email;
		33	$list = implode('\|', $ary);
		34
		35	$ses->setValue('oidplus_logged_in', $list);
		36	}
		37
		38	public static function raLogout($email) {
42	daniel-mar	39	$ses = OIDplus::sesHandler();
2	daniel-mar	40	$list = $ses->getValue('oidplus_logged_in');
		41	if (is_null($list)) $list = '';
		42
		43	$ary = ($list == '') ? array() : explode('\|', $list);
		44	$key = array_search($email, $ary);
		45	if ($key !== false) unset($ary[$key]);
		46	$list = implode('\|', $ary);
		47
		48	$ses->setValue('oidplus_logged_in', $list);
85	daniel-mar	49
179	daniel-mar	50	if (($list == '') && (!self::isAdminLoggedIn())) {
85	daniel-mar	51	// Nobody logged in anymore. Destroy session cookie to make GDPR people happy
		52	$ses->destroySession();
		53	}
2	daniel-mar	54	}
		55
329	daniel-mar	56	public static function raCheckPassword($ra_email, $password) {
		57	$ra = new OIDplusRA($ra_email);
		58	return $ra->checkPassword($password);
		59	}
		60
85	daniel-mar	61	public static function raNumLoggedIn() {
329	daniel-mar	62	return count(self::loggedInRaList());
85	daniel-mar	63	}
		64
2	daniel-mar	65	public static function raLogoutAll() {
42	daniel-mar	66	$ses = OIDplus::sesHandler();
2	daniel-mar	67	$ses->setValue('oidplus_logged_in', '');
		68	}
		69
		70	public static function loggedInRaList() {
329	daniel-mar	71	if (self::forceAllLoggedOut()) {
282	daniel-mar	72	return array();
		73	}
329	daniel-mar	74
42	daniel-mar	75	$ses = OIDplus::sesHandler();
2	daniel-mar	76	$list = $ses->getValue('oidplus_logged_in');
		77	if (is_null($list)) $list = '';
115	daniel-mar	78
		79	$res = array();
329	daniel-mar	80	foreach (array_unique(explode('\|',$list)) as $ra_email) {
115	daniel-mar	81	if ($ra_email == '') continue;
		82	$res[] = new OIDplusRA($ra_email);
		83	}
		84	return $res;
2	daniel-mar	85	}
		86
		87	public static function isRaLoggedIn($email) {
115	daniel-mar	88	foreach (self::loggedInRaList() as $ra) {
		89	if ($email == $ra->raEmail()) return true;
		90	}
		91	return false;
2	daniel-mar	92	}
		93
14	daniel-mar	94	// Admin authentication functions
2	daniel-mar	95
		96	public static function adminLogin() {
42	daniel-mar	97	$ses = OIDplus::sesHandler();
2	daniel-mar	98	$ses->setValue('oidplus_admin_logged_in', '1');
		99	}
		100
		101	public static function adminLogout() {
42	daniel-mar	102	$ses = OIDplus::sesHandler();
85	daniel-mar	103	$ses->setValue('oidplus_admin_logged_in', '0');
		104
		105	if (self::raNumLoggedIn() == 0) {
		106	// Nobody logged in anymore. Destroy session cookie to make GDPR people happy
		107	$ses->destroySession();
		108	}
2	daniel-mar	109	}
		110
		111	public static function adminCheckPassword($password) {
261	daniel-mar	112	$hashed = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', '');
		113	if (empty($hashed)) {
294	daniel-mar	114	throw new OIDplusException("No admin password set in userdata/baseconfig/config.inc.php");
261	daniel-mar	115	}
2	daniel-mar	116	$calc_authkey = bin2hex(version_compare(PHP_VERSION, '7.1.0') >= 0 ? hash('sha3-512', $password, true) : bb\Sha3\Sha3::hash($password, 512, true));
261	daniel-mar	117	return $calc_authkey == bin2hex(base64_decode($hashed));
2	daniel-mar	118	}
		119
		120	public static function isAdminLoggedIn() {
329	daniel-mar	121	if (self::forceAllLoggedOut()) {
282	daniel-mar	122	return false;
		123	}
42	daniel-mar	124	$ses = OIDplus::sesHandler();
2	daniel-mar	125	return $ses->getValue('oidplus_admin_logged_in') == '1';
		126	}
		127
310	daniel-mar	128	// Authentication keys for validating arguments (e.g. sent by mail)
2	daniel-mar	129
		130	public static function makeAuthKey($data) {
261	daniel-mar	131	$data = OIDplus::baseConfig()->getValue('SERVER_SECRET') . $data;
2	daniel-mar	132	$calc_authkey = bin2hex(version_compare(PHP_VERSION, '7.1.0') >= 0 ? hash('sha3-512', $data, true) : bb\Sha3\Sha3::hash($data, 512, true));
		133	return $calc_authkey;
		134	}
		135
		136	public static function validateAuthKey($data, $auth_key) {
		137	return self::makeAuthKey($data) == $auth_key;
		138	}
		139
329	daniel-mar	140	// "Veto" functions to force logout state
		141
		142	public static function forceAllLoggedOut() {
		143	if (isset($_SERVER['SCRIPT_FILENAME']) && (basename($_SERVER['SCRIPT_FILENAME']) == 'sitemap.php')) {
		144	// The sitemap may not contain any confidential information,
		145	// even if the user is logged in, because the admin could
		146	// accidentally copy-paste the sitemap to a
		147	// search engine control panel while they are logged in
		148	return true;
		149	} else {
		150	return false;
		151	}
		152	}
		153
2	daniel-mar	154	}

Subversion Repositories oidplus

oidplus/trunk/includes/classes/OIDplusAuthUtils.class.php @ 1301 – Rev 329