Subversion Repositories oidplus

Rev

Rev 213 | Rev 277 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. <?php
  2.  
  3. /*
  4.  * OIDplus 2.0
  5.  * Copyright 2019 Daniel Marschall, ViaThinkSoft
  6.  *
  7.  * Licensed under the Apache License, Version 2.0 (the "License");
  8.  * you may not use this file except in compliance with the License.
  9.  * You may obtain a copy of the License at
  10.  *
  11.  *     http://www.apache.org/licenses/LICENSE-2.0
  12.  *
  13.  * Unless required by applicable law or agreed to in writing, software
  14.  * distributed under the License is distributed on an "AS IS" BASIS,
  15.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16.  * See the License for the specific language governing permissions and
  17.  * limitations under the License.
  18.  */
  19.  
  20. if (!defined('IN_OIDPLUS')) die();
  21.  
  22. class OIDplusAuthUtils {
  23.  
  24.         // RA authentication functions
  25.  
  26.         public static function raLogin($email) {
  27.                 if (strpos($email, '|') !== false) return;
  28.  
  29.                 $ses = OIDplus::sesHandler();
  30.                 $list = $ses->getValue('oidplus_logged_in');
  31.                 if (is_null($list)) $list = '';
  32.  
  33.                 $ary = ($list == '') ? array() : explode('|', $list);
  34.                 if (!in_array($email, $ary)) $ary[] = $email;
  35.                 $list = implode('|', $ary);
  36.  
  37.                 $ses->setValue('oidplus_logged_in', $list);
  38.         }
  39.  
  40.         public static function raLogout($email) {
  41.                 $ses = OIDplus::sesHandler();
  42.                 $list = $ses->getValue('oidplus_logged_in');
  43.                 if (is_null($list)) $list = '';
  44.  
  45.                 $ary = ($list == '') ? array() : explode('|', $list);
  46.                 $key = array_search($email, $ary);
  47.                 if ($key !== false) unset($ary[$key]);
  48.                 $list = implode('|', $ary);
  49.  
  50.                 $ses->setValue('oidplus_logged_in', $list);
  51.  
  52.                 if (($list == '') && (!self::isAdminLoggedIn())) {
  53.                         // Nobody logged in anymore. Destroy session cookie to make GDPR people happy
  54.                         $ses->destroySession();
  55.                 }
  56.         }
  57.  
  58.         public static function raNumLoggedIn() {
  59.                 $ses = OIDplus::sesHandler();
  60.  
  61.                 $list = $ses->getValue('oidplus_logged_in');
  62.                 if (is_null($list)) return 0;
  63.  
  64.                 $ary = ($list == '') ? array() : explode('|', $list);
  65.                 return count($ary);
  66.         }
  67.  
  68.         public static function raLogoutAll() {
  69.                 $ses = OIDplus::sesHandler();
  70.                 $ses->setValue('oidplus_logged_in', '');
  71.         }
  72.  
  73.         public static function loggedInRaList() {
  74.                 $ses = OIDplus::sesHandler();
  75.                 $list = $ses->getValue('oidplus_logged_in');
  76.                 if (is_null($list)) $list = '';
  77.  
  78.                 $res = array();
  79.                 foreach (explode('|', $list) as $ra_email) {
  80.                         if ($ra_email == '') continue;
  81.                         $res[] = new OIDplusRA($ra_email);
  82.                 }
  83.                 return $res;
  84.         }
  85.  
  86.         public static function isRaLoggedIn($email) {
  87.                 foreach (self::loggedInRaList() as $ra) {
  88.                         if ($email == $ra->raEmail()) return true;
  89.                 }
  90.                 return false;
  91.         }
  92.  
  93.         // Admin authentication functions
  94.  
  95.         public static function adminLogin() {
  96.                 $ses = OIDplus::sesHandler();
  97.                 $ses->setValue('oidplus_admin_logged_in', '1');
  98.         }
  99.  
  100.         public static function adminLogout() {
  101.                 $ses = OIDplus::sesHandler();
  102.  
  103.                 $ses->setValue('oidplus_admin_logged_in', '0');
  104.  
  105.                 if (self::raNumLoggedIn() == 0) {
  106.                         // Nobody logged in anymore. Destroy session cookie to make GDPR people happy
  107.                         $ses->destroySession();
  108.                 }
  109.         }
  110.  
  111.         public static function adminCheckPassword($password) {
  112.                 $hashed = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', '');
  113.                 if (empty($hashed)) {
  114.                         throw new OIDplusException("No admin password set in config.inc.php");
  115.                 }
  116.                 $calc_authkey = bin2hex(version_compare(PHP_VERSION, '7.1.0') >= 0 ? hash('sha3-512', $password, true) : bb\Sha3\Sha3::hash($password, 512, true));
  117.                 return $calc_authkey == bin2hex(base64_decode($hashed));
  118.         }
  119.  
  120.         public static function isAdminLoggedIn() {
  121.                 $ses = OIDplus::sesHandler();
  122.                 return $ses->getValue('oidplus_admin_logged_in') == '1';
  123.         }
  124.  
  125.         // Action.php auth arguments
  126.  
  127.         public static function makeAuthKey($data) {
  128.                 $data = OIDplus::baseConfig()->getValue('SERVER_SECRET') . $data;
  129.                 $calc_authkey = bin2hex(version_compare(PHP_VERSION, '7.1.0') >= 0 ? hash('sha3-512', $data, true) : bb\Sha3\Sha3::hash($data, 512, true));
  130.                 return $calc_authkey;
  131.         }
  132.  
  133.         public static function validateAuthKey($data, $auth_key) {
  134.                 return self::makeAuthKey($data) == $auth_key;
  135.         }
  136.  
  137. }
  138.