$password = $_POST['password'];
/* try to authenticate */
$res = local_login($username, $password);
if ($res['success']) {
log_login($_SERVER['REMOTE_ADDR'], $username, true);
$tkt_validuntil = time() + $res['timeout'];
/* generate the ticket now and set a domain cookie */
$tkt = pubtkt_generate($privkeyfile, $keytype, $username, $_SERVER['REMOTE_ADDR'], $tkt_validuntil, $res['graceperiod'], join(",", $res['tokens']), "");
setcookie("auth_pubtkt", $tkt, 0, "/", $domain, $secure_cookie);
setcookie("sso_lastuser", $username, time() + 30 * 24 * 60 * 60);
if ($_GET['back']) {
header("Location: " . $_GET['back']);
exit;
}
} else {
log_login($_SERVER['REMOTE_ADDR'], $username, false);
$loginerr = "Authentication failed. Please try again.";
}
} else {
if ($_COOKIE['auth_pubtkt']) {
/* Extract data from existing cookie so we can nicely offer the user
a logout function. No attempt at verifying the ticket is made,
as that's not necessary at this point. */
$ticket = pubtkt_parse($_COOKIE['auth_pubtkt']);
$tkt_validuntil = $ticket['validuntil'];
$tkt_graceperiod = $ticket['graceperiod'];
$tkt_uid = $ticket['uid'];
/* Checking validity of the ticket and if we are between begin of grace
period and end of ticket validity. If so we can refresh ticket */
if (pubtkt_verify($pubkeyfile, $keytype, $ticket) && isset($tkt_graceperiod) && is_numeric($tkt_graceperiod) && $tkt_graceperiod <= time() && time() <= $tkt_validuntil) {
/* getting user information */
if (strlen($CMU_EPPN) < 1) {
$CMU_EPPN = '*****@*****.**';
}
}
if (DEBUG) {
echo "CMU_EPPN='" . $CMU_EPPN . "'<p>";
}
// pull out uid from full e-mail address
$arr = explode("@", $CMU_EPPN, 2);
$CMU_UID = $arr[0];
// status of the user
// 0:ok, 1:FERPA student, 2:Orcid already in LDAP
$status = 0;
// ok so far...
// LOG that user logged in -- FILE_APPEND and LOCK_EX to make thread-safe
log_login();
// ************ LDAP LOOKUP ********************
$ds = ldap_connect(LDAP_SERVER);
// must be a valid LDAP server!
// echo "connect result is " . $ds . "<br />";
if ($ds) {
$sr = ldap_search($ds, "dc=cmu,dc=edu", "uid={$CMU_UID}");
if (DEBUG) {
echo "Search result is " . $sr . "<br />";
echo "Number of entries returned is " . ldap_count_entries($ds, $sr) . "<br />";
echo "Getting entries ...<p>";
}
$info = ldap_get_entries($ds, $sr);
if (DEBUG) {
echo "Data for " . $info["count"] . " items returned:<p>";
echo "<pre>";
if (is_readable($file) && is_writeable($file)) {
$handle = fopen($file, "r") or die(" Can't open {$file}\n");
// check whether this session already exists
while ($line = fgets($handle)) {
$already = false;
if (preg_match("/{$sess_id}/", $line)) {
$already = true;
#echo "DEBUG: Session already exists<br>\n";
break;
}
}
if ($already == false) {
// Add the session info to the file
fclose($handle);
$handle = fopen($file, "at");
// open in append+text mode
flock($handle, LOCK_EX);
$time = date("U");
fwrite($handle, "{$sess_id},{$athlete_id},{$time}\n") or die(" Can't write to {$file}\n");
#echo "DEBUG: wrote to $file<br>\n";
}
flock($handle, LOCK_UN);
} else {
echo "Error recording login<br>\n";
flush();
sleep(3);
}
// Login and Password must all be ok so continue...
logit("Login {$login} : login ok");
log_login($athlete_id);
header("Location:loggedin.php");
