Subversion Repositories oidplus

Rev

Rev 282 | Rev 310 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. <?php
  2.  
  3. /*
  4.  * OIDplus 2.0
  5.  * Copyright 2019 Daniel Marschall, ViaThinkSoft
  6.  *
  7.  * Licensed under the Apache License, Version 2.0 (the "License");
  8.  * you may not use this file except in compliance with the License.
  9.  * You may obtain a copy of the License at
  10.  *
  11.  *     http://www.apache.org/licenses/LICENSE-2.0
  12.  *
  13.  * Unless required by applicable law or agreed to in writing, software
  14.  * distributed under the License is distributed on an "AS IS" BASIS,
  15.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16.  * See the License for the specific language governing permissions and
  17.  * limitations under the License.
  18.  */
  19.  
  20. class OIDplusAuthUtils {
  21.  
  22.         // RA authentication functions
  23.  
  24.         public static function raLogin($email) {
  25.                 if (strpos($email, '|') !== false) return;
  26.  
  27.                 $ses = OIDplus::sesHandler();
  28.                 $list = $ses->getValue('oidplus_logged_in');
  29.                 if (is_null($list)) $list = '';
  30.  
  31.                 $ary = ($list == '') ? array() : explode('|', $list);
  32.                 if (!in_array($email, $ary)) $ary[] = $email;
  33.                 $list = implode('|', $ary);
  34.  
  35.                 $ses->setValue('oidplus_logged_in', $list);
  36.         }
  37.  
  38.         public static function raLogout($email) {
  39.                 $ses = OIDplus::sesHandler();
  40.                 $list = $ses->getValue('oidplus_logged_in');
  41.                 if (is_null($list)) $list = '';
  42.  
  43.                 $ary = ($list == '') ? array() : explode('|', $list);
  44.                 $key = array_search($email, $ary);
  45.                 if ($key !== false) unset($ary[$key]);
  46.                 $list = implode('|', $ary);
  47.  
  48.                 $ses->setValue('oidplus_logged_in', $list);
  49.  
  50.                 if (($list == '') && (!self::isAdminLoggedIn())) {
  51.                         // Nobody logged in anymore. Destroy session cookie to make GDPR people happy
  52.                         $ses->destroySession();
  53.                 }
  54.         }
  55.  
  56.         public static function raNumLoggedIn() {
  57.                 if (basename($_SERVER['SCRIPT_FILENAME']) == 'sitemap.php') {
  58.                         // The sitemap may not contain any confidential information, even if the user is logged in,
  59.                         // because they could accidentally copy-paste the sitemap to a search engine control panel
  60.                         return 0;
  61.                 }
  62.                 $ses = OIDplus::sesHandler();
  63.  
  64.                 $list = $ses->getValue('oidplus_logged_in');
  65.                 if (is_null($list)) return 0;
  66.  
  67.                 $ary = ($list == '') ? array() : explode('|', $list);
  68.                 return count($ary);
  69.         }
  70.  
  71.         public static function raLogoutAll() {
  72.                 $ses = OIDplus::sesHandler();
  73.                 $ses->setValue('oidplus_logged_in', '');
  74.         }
  75.  
  76.         public static function loggedInRaList() {
  77.                 if (basename($_SERVER['SCRIPT_FILENAME']) == 'sitemap.php') {
  78.                         // The sitemap may not contain any confidential information, even if the user is logged in,
  79.                         // because they could accidentally copy-paste the sitemap to a search engine control panel
  80.                         return array();
  81.                 }
  82.                 $ses = OIDplus::sesHandler();
  83.                 $list = $ses->getValue('oidplus_logged_in');
  84.                 if (is_null($list)) $list = '';
  85.  
  86.                 $res = array();
  87.                 foreach (explode('|', $list) as $ra_email) {
  88.                         if ($ra_email == '') continue;
  89.                         $res[] = new OIDplusRA($ra_email);
  90.                 }
  91.                 return $res;
  92.         }
  93.  
  94.         public static function isRaLoggedIn($email) {
  95.                 foreach (self::loggedInRaList() as $ra) {
  96.                         if ($email == $ra->raEmail()) return true;
  97.                 }
  98.                 return false;
  99.         }
  100.  
  101.         // Admin authentication functions
  102.  
  103.         public static function adminLogin() {
  104.                 $ses = OIDplus::sesHandler();
  105.                 $ses->setValue('oidplus_admin_logged_in', '1');
  106.         }
  107.  
  108.         public static function adminLogout() {
  109.                 $ses = OIDplus::sesHandler();
  110.  
  111.                 $ses->setValue('oidplus_admin_logged_in', '0');
  112.  
  113.                 if (self::raNumLoggedIn() == 0) {
  114.                         // Nobody logged in anymore. Destroy session cookie to make GDPR people happy
  115.                         $ses->destroySession();
  116.                 }
  117.         }
  118.  
  119.         public static function adminCheckPassword($password) {
  120.                 $hashed = OIDplus::baseConfig()->getValue('ADMIN_PASSWORD', '');
  121.                 if (empty($hashed)) {
  122.                         throw new OIDplusException("No admin password set in userdata/baseconfig/config.inc.php");
  123.                 }
  124.                 $calc_authkey = bin2hex(version_compare(PHP_VERSION, '7.1.0') >= 0 ? hash('sha3-512', $password, true) : bb\Sha3\Sha3::hash($password, 512, true));
  125.                 return $calc_authkey == bin2hex(base64_decode($hashed));
  126.         }
  127.  
  128.         public static function isAdminLoggedIn() {
  129.                 if (basename($_SERVER['SCRIPT_FILENAME']) == 'sitemap.php') {
  130.                         // The sitemap may not contain any confidential information, even if the user is logged in,
  131.                         // because they could accidentally copy-paste the sitemap to a search engine control panel
  132.                         return false;
  133.                 }
  134.                 $ses = OIDplus::sesHandler();
  135.                 return $ses->getValue('oidplus_admin_logged_in') == '1';
  136.         }
  137.  
  138.         // Authentification keys for validating arguments (e.g. sent by mail)
  139.  
  140.         public static function makeAuthKey($data) {
  141.                 $data = OIDplus::baseConfig()->getValue('SERVER_SECRET') . $data;
  142.                 $calc_authkey = bin2hex(version_compare(PHP_VERSION, '7.1.0') >= 0 ? hash('sha3-512', $data, true) : bb\Sha3\Sha3::hash($data, 512, true));
  143.                 return $calc_authkey;
  144.         }
  145.  
  146.         public static function validateAuthKey($data, $auth_key) {
  147.                 return self::makeAuthKey($data) == $auth_key;
  148.         }
  149.  
  150. }
  151.