$password = $_POST['password']; /* try to authenticate */ $res = local_login($username, $password); if ($res['success']) { log_login($_SERVER['REMOTE_ADDR'], $username, true); $tkt_validuntil = time() + $res['timeout']; /* generate the ticket now and set a domain cookie */ $tkt = pubtkt_generate($privkeyfile, $keytype, $username, $_SERVER['REMOTE_ADDR'], $tkt_validuntil, $res['graceperiod'], join(",", $res['tokens']), ""); setcookie("auth_pubtkt", $tkt, 0, "/", $domain, $secure_cookie); setcookie("sso_lastuser", $username, time() + 30 * 24 * 60 * 60); if ($_GET['back']) { header("Location: " . $_GET['back']); exit; } } else { log_login($_SERVER['REMOTE_ADDR'], $username, false); $loginerr = "Authentication failed. Please try again."; } } else { if ($_COOKIE['auth_pubtkt']) { /* Extract data from existing cookie so we can nicely offer the user a logout function. No attempt at verifying the ticket is made, as that's not necessary at this point. */ $ticket = pubtkt_parse($_COOKIE['auth_pubtkt']); $tkt_validuntil = $ticket['validuntil']; $tkt_graceperiod = $ticket['graceperiod']; $tkt_uid = $ticket['uid']; /* Checking validity of the ticket and if we are between begin of grace period and end of ticket validity. If so we can refresh ticket */ if (pubtkt_verify($pubkeyfile, $keytype, $ticket) && isset($tkt_graceperiod) && is_numeric($tkt_graceperiod) && $tkt_graceperiod <= time() && time() <= $tkt_validuntil) { /* getting user information */
if (strlen($CMU_EPPN) < 1) { $CMU_EPPN = '*****@*****.**'; } } if (DEBUG) { echo "CMU_EPPN='" . $CMU_EPPN . "'<p>"; } // pull out uid from full e-mail address $arr = explode("@", $CMU_EPPN, 2); $CMU_UID = $arr[0]; // status of the user // 0:ok, 1:FERPA student, 2:Orcid already in LDAP $status = 0; // ok so far... // LOG that user logged in -- FILE_APPEND and LOCK_EX to make thread-safe log_login(); // ************ LDAP LOOKUP ******************** $ds = ldap_connect(LDAP_SERVER); // must be a valid LDAP server! // echo "connect result is " . $ds . "<br />"; if ($ds) { $sr = ldap_search($ds, "dc=cmu,dc=edu", "uid={$CMU_UID}"); if (DEBUG) { echo "Search result is " . $sr . "<br />"; echo "Number of entries returned is " . ldap_count_entries($ds, $sr) . "<br />"; echo "Getting entries ...<p>"; } $info = ldap_get_entries($ds, $sr); if (DEBUG) { echo "Data for " . $info["count"] . " items returned:<p>"; echo "<pre>";
if (is_readable($file) && is_writeable($file)) { $handle = fopen($file, "r") or die(" Can't open {$file}\n"); // check whether this session already exists while ($line = fgets($handle)) { $already = false; if (preg_match("/{$sess_id}/", $line)) { $already = true; #echo "DEBUG: Session already exists<br>\n"; break; } } if ($already == false) { // Add the session info to the file fclose($handle); $handle = fopen($file, "at"); // open in append+text mode flock($handle, LOCK_EX); $time = date("U"); fwrite($handle, "{$sess_id},{$athlete_id},{$time}\n") or die(" Can't write to {$file}\n"); #echo "DEBUG: wrote to $file<br>\n"; } flock($handle, LOCK_UN); } else { echo "Error recording login<br>\n"; flush(); sleep(3); } // Login and Password must all be ok so continue... logit("Login {$login} : login ok"); log_login($athlete_id); header("Location:loggedin.php");