function authenticate_OLD($key, $url)
{
if ($key != '') {
$key_valid = check_key_validity($key, $db);
if ($key_valid) {
return 0;
} elseif (!$key_valid) {
#if key is not valid, check if there is a username (including remote url) and a key
#$url = $_REQUEST['url'];
if ($url == '') {
#sorry, no access :-(
return 1;
exit;
} else {
#URL contains info on user in the last part of the path. (for example: URL=https://ibl.mdanderson.org/s3db/U4)
$user_id_info = uid($url);
$db = CreateObject('s3dbapi.db');
$db->Halt_On_Error = 'no';
$db->Host = $GLOBALS['s3db_info']['server']['db']['db_host'];
$db->Type = $GLOBALS['s3db_info']['server']['db']['db_type'];
$db->Database = $GLOBALS['s3db_info']['server']['db']['db_name'];
$db->User = $GLOBALS['s3db_info']['server']['db']['db_user'];
$db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass'];
$db->connect();
#test url validity
$user = $user_id_info['uid'];
$url2call = remoteURLretrieval($user_id_info, $db);
#now remove the user from the uri, to get to the real URL
$rawUrl = $url2call . '/URI.php?key=' . $key;
#echo $rawUrl;exit;
if (!http_test_existance($rawUrl)) {
return 4;
}
#go to remote url URI.php to find a username and user_id
#check if the key that was provided is valid in the remote url
$h = fopen($rawUrl, 'r');
$urldata = fread($h, '10000');
$account_info = html2cell($urldata);
#if key is valid in the remote url, check if locally the user has been authorized to access data (there should be an entry on users table where the username is the url+user_id+uname(since this one can be changed, it might not be such a good idea to keep it here. Alternativelly, unam has to be remotelly verified once in a while...)
if (is_array($account_info)) {
#data has been found in remote url
if ($user == $user_id_info['Did'] . '/' . 'U' . $account_info[2]['account_id']) {
if (validate_remote_user($account_info[2], $url, $key)) {
#user was authenticated IN REMOTE!!! Now we have to authenticate it in local
#create a key for this user that is the same as the one he just provided
return 0;
} else {
#we can introduce it now...let's allow for this option to be configured with s3db config
if ($GLOBALS['s3db_info']['server']['allow_peer_authentication'] == '1') {
if (insert_remote_user($account_info[2], $url)) {
if (validate_remote_user($account_info[2], $url, $key)) {
#now we can validate it again
return 0;
} else {
return 2;
}
} else {
return 5;
}
} else {
return 2;
}
}
} else {
return 3;
}
} else {
return 4;
}
}
}
} elseif ($key == '') {
if ($_SESSION['db'] != '') {
$db = $_SESSION['db'];
$user_id = $_SESSION['user']['account_id'];
} elseif (in_array('key', array_keys($_REQUEST))) {
#the url seems prepared to take in a key, but it is empty
echo '<S3QL>';
echo '<error>0</error>';
echo '<connection>Successfully connected to <uri>' . $http . $def . S3DB_URI_BASE . '/</uri></connection><BR>';
echo '<message>Please provide a key to access S3DB</message><BR>';
echo '<message>For syntax specification and instructions refer to http://s3db.org/apibasic.html</message>';
echo '</S3QL>';
exit;
} else {
#no key and no session found
echo '<body onload="window.parent.location=\'' . S3DB_URI_BASE . '/login.php?error=2\'">';
exit;
}
}
}
function remoteURIOLD($uid, $key, $user_id, $db)
{
#function remoteURI performs a call on a remote Did for retrieving information on a specific s3id
#syntax: remoteURI($uid, $key, $db)
#uid should be a concatenation of Did and user_id. Did is either a URL or an alphanumeric string that can be called on mothership
#echo $uid;
#find this user's id
#$local_user = $GLOBALS['Did'].'/'.'U'.$user_id;
#$myip = captureIp();
#$myip = ($myip!='')?$myip:$_SERVER['SERVER_NAME'];
#$local_user = (($_SERVER['HTTPS']!='')?'https://':'http://'.$myip.'/'.strtok($_SERVER['PHP_SELF'], '/')).'/'.'U'.$user_id;
#test Did. Is it a url? or a way to find a url?
#ereg('(.*)(/|_)(D|U|G|P|C|R|I|S)([0-9]+$)', $uid, $out);
#ereg('(D(.*)|http://(.*)|https://(.*))(_|/)(U|G|P|C|R|I|S)([0-9]+$|D|http://|https://)', $uid, $out);
$local_user = S3DB_URI_BASE . '/' . 'U' . $user_id;
#echo $local_user;exit;
$uid_info = uid($uid);
#echo $uid;
#echo '<pre>';print_r($uid_info);exit;
$letter = substr($uid_info['uid'], 0, 1);
#echo $uid;
if (ereg('^(U|G|P|C|R|I|S)', $uid)) {
$uid = substr($uid, 1, strlen($uid));
#if uid brings a letter, leave just a the id
$Did = substr($uid_info['Did'], 1, strlen($uid_info['Did']));
} else {
$Did = $uid_info['Did'];
}
$remoteId = $uid_info['uid'];
#echo $Did;exit;
#echo http_test_existance($Did);exit;
#test Did. if is not url, must find url first
#First let's try calling the remote resource without authientication; it might be a public resource
ereg('^(D|http.*)/(D|P|C|R|I|S|G|U)([0-9]+)', $uid, $uid_in_remote);
$did_call = $Did . '/URI.php?uid=' . $uid_in_remote[2] . $uid_in_remote[3] . '&format=php';
$did_data = stream_get_contents(@fopen($did_call, 'r'));
$msg = unserialize($did_data);
$msg = $msg[0];
#$msg=html2cell($did_data);$msg = $msg[2];
if ($msg['uri'] != '') {
#Good, it's a public resource
return $msg;
}
$did_call = $Did . '/URI.php?key=' . $key . '&user_id=' . $local_user . '&uid=' . $uid_in_remote[2] . $uid_in_remote[3];
$did_data = stream_get_contents(@fopen($did_call, 'r'));
if ($did_data == '') {
$did_url = findDidUrl($Did, $db);
#internal - does it exist on inside table?
$dateDiff_min = (strtotime(date('Y-m-d H:i:s')) - strtotime($did_url['checked_valid'])) / 60;
#did_url empty? Mothership working?#checked no longer than an hour?
if (empty($did_url['url']) || $dateDiff_min > 60) {
$mothership = $uid_info['MS'] != '' ? $uid_info['MS'] : $GLOBALS['s3db_info']['deployment']['mothership'];
#because s3db.org is under sourceforge, find the real url of that mother ship first.
if (ereg('http://s3db.org|http://www.s3db.org', $mothership)) {
if (http_test_existance('http://s3db.org/ms.txt')) {
$handle = fopen('http://s3db.org/ms.txt', 'rb');
$real_ms = stream_get_contents($handle);
fclose($handle);
} else {
$real_ms = 'http://s3db.virtual.vps-host.net/central/';
}
if (ereg('frameset', $real_ms)) {
ereg('src="(http.*" )', $real_ms, $out);
if (http_test_existance(trim($out[1], "\" "))) {
$mothership = fread(fopen(trim($out[1], "\" "), 'r'), '100');
}
}
}
if (http_test_existance($mothership)) {
#call mothership, find true url
$true_url = fread(fopen($mothership . '/s3rl.php?Did=' . $Did, 'r'), '100000');
#echo '<pre>';print_r($true_url);exit;
if (!empty($true_url)) {
$data = html2cell($true_url);
}
#echo '<pre>data';print_r($data);exit;
$data[2]['deployment_id'] = substr($Did, 1, strlen($Did));
if (http_test_existance(trim($data[2]['url']))) {
$data[2]['checked_valid'] = date('Y-m-d H:i:s');
} else {
$data[2]['checked_valid'] = '';
}
#now update true url in local
if (empty($did_url)) {
insertDidUrl($data[2], $db);
} else {
updateDidUrl($data[2], $db);
}
#and define the variable
$url = trim($data[2]['url']);
} else {
#motherhsips seems to be down... try asking the url that gave the this uid for a URL.
#need the url from the deployment where this ID is being shared from.
}
} else {
$url = trim($did_url['url']);
}
#echo '<pre>';print_r($did_url);exit;
} else {
$url = $Did;
}
#secho $url;
#build the call url
$url = substr($url, -1) == '/' ? $url : $url . '/';
$key = $key != '' ? $key : get_user_key($user_id, $db);
$url2call = $url . 'URI.php?uid=' . $remoteId . '&key=' . $key . '&user_id=' . $local_user;
#echo $url2call;exit;
if (!http_test_existance($url2call)) {
return $GLOBALS['messages']['something_does_not_exist'] . '<message>' . $remoteId . ' does not appear to be a valid remote resource</message>';
}
$data = array('uid' => $remoteId, 'key' => $key, 'user_id' => $local_user);
#now try to access it. I am assuming user already has access in the remote resource
$h = fopen($url2call, 'r');
$urldata = fread($h, '10000');
if ($urldata == '') {
return "could not find user on the url provided";
} else {
#now, which part of the data am I waiting? what element is this?
#$relevant_fields = $GLOBALS['dbstruct'][$GLOBALS['s3codes'][substr($remoteId, 0,1)]];
$element = $GLOBALS['s3codes'][substr($remoteId, 0, 1)];
$id_name = $GLOBALS['s3ids'][$element];
#some remote header require translation
$remote_resource_names = array('created_by' => 'user_id', 'project_owner' => 'user_id', 'resource_id' => ereg('I|S', substr($remoteId, 0, 1)) ? 'instance_id' : 'class_id', 'subject_id' => 'class_id', 'object_id' => 'class_id', 'verb_id' => 'instance_id');
$data = html2cell($urldata);
#echo 'before or after?<pre>';print_r($data);
if (is_array($data)) {
$relevant_fields = $data[1];
$data = $data[2];
$relevant_data = array_intersect_key($data, array_flip($relevant_fields));
#whatever points to resources must come with the remote ID
foreach ($relevant_data as $fieldName => $fieldData) {
if (in_array($fieldName, array_keys($remote_resource_names)) || ereg('_id$', $fieldName) && !ereg('http://|https://|_', $fieldData)) {
$uidLetter = $remote_resource_names[$fieldName] != '' ? strtoupper(substr($remote_resource_names[$fieldName], 0, 1)) : strtoupper(substr($fieldName, 0, 1));
#echo $fieldName;
if ($fieldData != '') {
$DidData[$fieldName] = $Did . '/' . $uidLetter . $fieldData;
}
} else {
$DidData[$fieldName] = $fieldData;
}
}
#translate old acl into new permission_levels
if ($DidData['acl'] != '' && strlen($DidData['acl']) == '1') {
$DidData['acl'] = $DidData['acl'] == '3' ? '222' : ($DidData['acl'] == '2' && ereg('I|S', $letter) ? '222' : ($DidData['acl'] == '2' && ereg('P|C|R', $letter) ? '202' : ($DidData['acl'] == '1' && ereg('P|C|R', $letter) ? '201' : ($DidData['acl'] == '1' && ereg('I|S', $letter) ? '211' : ($DidData['acl'] == '0' ? '000' : '000')))));
}
#return the original uid to the apporpriate id_name
$DidData[$id_name] = $uid;
#figure out if user also has local permission on this resource
$info = $DidData;
$id = $letter . $uid;
$P = permissionOnResource(compact('info', 'key', 'user_id', 'db', 'id'));
#given permission on 2 deploykents, (local+rmote), find which one user has the most permission
if ($P != '' && $DidData['acl'] != '') {
$view = max(array(substr($DidData['acl'], 0, 1), substr($P, 0, 1)));
$change = max(array(substr($DidData['acl'], 1, 1), substr($P, 1, 1)));
$add_data = max(array(substr($DidData['acl'], 2, 1), substr($P, 2, 1)));
$DidData['acl'] = $view . $change . $add_data;
} else {
$DidData['acl'] = $P != '' ? $P : $DidData['acl'];
}
$element_info = $DidData;
#echo '<pre>';print_r($element_info);
#Define if ser can view or not view data. View is the first number in the 3 d code. It ranges from 0 to 2
if (ereg('^2', $element_info['acl']) || ereg('^1', $element_info['acl']) && $element_info['created_by'] == $user_id) {
#2 means user can view anything associated with this resource (downstream). 1 means he can see, as long as resource was created by himself
$element_info['view'] = '1';
#yes, access is granted.
} else {
$element_info['view'] = '0';
#no, sorry :-(
}
#Decide if user can change (update) or not change data on resource
$change_digit = substr($element_info['acl'], 1, strlen($element_info['acl']));
#it is the second digit who specifies this
if (ereg('^2', $change_digit) || ereg('^1', $change_digit) && $element_info['created_by'] == $user_id) {
$element_info['change'] = '1';
} else {
$element_info['change'] = '0';
#nope.
}
#can user insert data in this resource? Information is in the very last digit. In case it only has 2 digits, reading th last digit will work too because it propagates
if (ereg('2$', $element_info['acl']) || ereg('1$', $element_info['acl']) && $element_info['created_by'] == $user_id) {
$element_info['add_data'] = '1';
} else {
$element_info['add_data'] = '0';
}
#create the element "delete", in case it is eventually created...For now it is the same as change
$element_info['delete'] = $element_info['change'];
$element_info['delete_data'] = $element_info['add_data'];
return $element_info;
} else {
#return ($GLOBALS['messages']['something_went_wrong'].'<message> Deployment '.$Did.' responded: '.$urldata.'</message>');
return formatReturn($GLOBALS['error_codes']['no_results'], 'Deployment ' . $Did . ' responded: ' . $urldata, $format, '');
}
}
#echo $resp;
}
function remoteURLretrieval($uid_info, $db)
{
if (is_array($uid_info)) {
extract($uid_info);
} else {
$uid_info = uid($uid_info);
extract($uid_info);
}
if (!http_test_existance($Did)) {
$did_url = findDidUrl($Did, $db);
$dateDiff_min = (strtotime(date('Y-m-d H:i:s')) - strtotime($did_url['checked_valid'])) / 60;
#did_url empty? Mothership working?#checked no longer than an hour?
if (empty($did_url) || $dateDiff_min > 60) {
#$mothership = $GLOBALS['s3db_info']['deployment']['mothership'];
$mothership = $uid_info['MS'];
if (http_test_existance($mothership)) {
#call mothership, find true url
$true_url = fread(fopen($mothership . '/s3rl.php?Did=' . $Did, 'r'), '100000');
if (!empty($true_url)) {
$data = html2cell($true_url);
}
$data[2]['deployment_id'] = substr($Did, 1, strlen($Did));
if (http_test_existance(trim($data[2]['url']))) {
$data[2]['checked_valid'] = date('Y-m-d H:i:s');
} else {
$data[2]['checked_valid'] = '';
}
#now update true url in local
if (empty($did_url)) {
insertDidUrl($data[2], $db);
} else {
updateDidUrl($data[2], $db);
}
#and define the variable
$url = $data['url'];
}
} else {
$url = trim($did_url['url']);
}
#echo '<pre>';print_r($did_url);exit;
} else {
$url = $Did;
}
return $url;
}