function auth($username, $password, $format = 'html', $createkey = true, $authorities = '') { if ($username != '' && $password != '') { #connect to the db $db = CreateObject('s3dbapi.db'); $db->Halt_On_Error = 'no'; $db->Host = $GLOBALS['s3db_info']['server']['db']['db_host']; $db->Type = $GLOBALS['s3db_info']['server']['db']['db_type']; $db->Database = $GLOBALS['s3db_info']['server']['db']['db_name']; $db->User = $GLOBALS['s3db_info']['server']['db']['db_user']; $db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass']; $db->connect(); list($valid, $user_info, $message) = auth_user_api($username, $user_id, $password, $db); if (!$valid) { #does this user have another account? try it remotelly #in case an authority has been endorsed: if authority is complex, build the username taking that into account if ($authorities) { $create_account = false; foreach ($GLOBALS['endorsed'] as $ord => $end) { if ($end == $authorities) { $email = $username . (substr($end, 0, 1) == '@' ? '' : '@') . $end; $userLabel = $end . ':' . $username; $protocol = $GLOBALS['s3db_info']['deployment']['endorsed_protocol'][$ord]; $auth = $GLOBALS['s3db_info']['deployment']['endorsed_server'][$ord]; $userComplexId = $protocol . ':' . $authorities . ':' . $username; #$email = $username.((substr($end,0,1)=='@')?'':'@').$end; #$protocol = $GLOBALS['s3db_info']['deployment']['endorsed_protocol'][$ord]; #$userLabel = $protocol.':'.$end.':'.$username; #$auth=$GLOBALS['s3db_info']['deployment']['endorsed_server'][$ord]; if ($protocol == 'ldap') { $userComplexName = $protocol . ':' . $auth . ':' . ereg_replace('cn=email', 'cn=' . $username, $GLOBALS['s3db_info']['deployment']['endorsed_ldap_rns'][$ord]); $create_account = $GLOBALS['s3db_info']['deployment']['endorsed_automated'][$ord]; } elseif ($protocol == 'http') { $userComplexName = $protocol . ':' . $auth . ':' . ereg_replace('email', $username, $GLOBALS['s3db_info']['deployment']['endorsed_ldap_rns'][$ord]); } } } } if ($userComplexName == '') { $userComplexName = $username; } # list($valid, $token, $expires) = univ_authenticate($userComplexName, $password, $serv_account); #if user was validated remotelly, user_info will correspond to the remote user. Also, a key has been generated; that is what will be used for the remainder of this session. if ($valid) { #even if user was authenticated remotelly, he still needs to have been created as user of this deployment if ($email == '') { $email = $username; } if ($userComplexId != '') { $username = $userComplexId; $account_id = s3id(); } #else {$account_id=$username;} $sql = "select * from s3db_account where (account_id='" . $account_id . "' or account_email='" . $email . "') and account_status='A'"; #$sql = "select * from s3db_account where (account_id='".$username."' or account_email='".$username."') and account_status='A'"; $db->query($sql); if (!$db->next_record()) { ##If these account have been endorsed as trustworthy, we can, at this point, create an account for the user if ($create_account) { #$adminUser=1; /*$s3ql=array('user_id'=>$adminUser,'db'=>$db); $s3ql['insert']='user'; $s3ql['where']['user_id']=$email; $s3ql['where']['email']=$email; $done = S3QLaction($s3ql); */ $sql = "insert into s3db_account (account_id, account_lid,account_pwd,account_uname,account_email,account_addr_id,created_on,created_by,account_status,account_type) values ('" . $account_id . "','" . $userLabel . "','" . random_string(15) . "','" . $email . "','" . $email . "','0','now()','1','A','u')"; $db->query($sql); $user_info = array('account_id' => $account_id, 'account_lid' => $userLabel, 'account_type' => 'r'); } elseif (is_file($GLOBALS['uploads'] . '/userManage.s3db')) { $user_proj = unserialize(file_get_contents($GLOBALS['uploads'] . '/userManage.s3db')); if (!$user_proj) { return array(false, "User project does not exist"); exit; } $sql = "select * from s3db_statement where rule_id = '" . $user_proj['email']['rule_id'] . "' and value = '" . $username . "'"; $db->query($sql); if ($db->next_record()) { $item_id = $db->f('resource_id'); if ($item_id) { $sql = "select * from s3db_statement where resource_id = '" . $item_id . "' and rule_id = '" . $user_proj['user_id']['rule_id'] . "'"; $db->query($sql); if ($db->next_record()) { $sql = "select * from s3db_account where account_status = 'A' and account_id = '" . ereg_replace('^U', '', $db->f('value')) . "'"; $db->query($sql); if ($db->next_record()) { $user_info = array('account_id' => ereg_replace('^U', '', $db->f('value')), 'account_type' => 'u'); } } else { return array(false, ''); } } else { return array(false, ''); } } else { return array(false, ''); } } else { return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'User ' . $username . ' does not have permission in this deployment. If you think you should have permission, please inform the administrator of this deployment.', $format, '')); $valid = 0; exit; } } else { $key = $token; $user_info = array('account_id' => $account_id, 'account_lid' => $username, 'account_type' => 'r'); # $user_info = array('account_id'=>$username, 'account_type'=>'r'); if (strtotime($expires) > strtotime(date('Y-m-d', time() + 1 * 24 * 60 * 60))) { return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'S3DB received a key which expires after 24h. For security reasons, a key must be valid for 24h or less', $format, ''), $user_info); exit; } } } else { return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], $token, $format, '')); } } else { #local user was validated $key = random_string(15); $expires = date('Y-m-d', time() + 1 * 24 * 60 * 60); } if ($valid) { $user_id = $user_info['account_id']; create_log($user_id, $db); if ($createkey) { if (!$key) { $key = random_string(15); } if (!$expires) { $expires = date('Y-m-d', time() + 1 * 24 * 60 * 60); } $inputs = array('key_id' => $key, 'expires' => $expires, 'notes' => 'Key generated automatically via API', 'account_id' => $user_id); $added = add_entry('access_keys', $inputs, $db); $data[0] = $inputs; $letter = 'E'; $pack = compact('data', 'user_id', 'db', 'letter', 't', 'format'); if ($added) { return array(true, completeDisplay($pack), $user_info); exit; } else { return array(false, formatReturn('2', 'Your authentication was valid but a key could not be created.', $format, '')); exit; } } else { $db = CreateObject('s3dbapi.db'); $db->Halt_On_Error = 'no'; $db->Host = $GLOBALS['s3db_info']['server']['db']['db_host']; $db->Type = $GLOBALS['s3db_info']['server']['db']['db_type']; $db->Database = $GLOBALS['s3db_info']['server']['db']['db_name']; $db->User = $GLOBALS['s3db_info']['server']['db']['db_user']; $db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass']; $db->connect(); $_SESSION['db'] = $db; $_SESSION['user'] = $user_info; return array(true, formatReturn('0', 'User validated.', $format, ''), $user_info); exit; } } else { return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please provide a valid username and password', $format, '')); exit; } } elseif ($username != '') { return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please provide a valid password', $format, '')); exit; } elseif ($password != '') { return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please provide a valid username', $format, '')); exit; } else { return array(false, formatReturn($GLOBALS['error_codes']['something_missing'], 'Please provide a valid username and password', $format, '')); exit; } }
#echo '<pre>';print_r($s3qlOut); $data = $s3qlOut; $letter = letter($s3ql['from']); $t = $GLOBALS['s3codes'][$letter]; $t = $GLOBALS['plurals'][$t]; #if($s3ql['select']!='*'){ #$toreplace = array_keys($GLOBALS['s3map'][$t]); #$replacements = array_values($GLOBALS['s3map'][$t]); #$s3ql['select'] = str_replace($toreplace, $replacements, $s3ql['select']); #$s3ql_out=ereg_replace(' ', '', $s3ql['select']);#take out all the spaces #$returnFields = explode(',', $s3ql_out); #} $letter = letter($s3ql['from']); $pack = compact('s3qlOut', 'data', 's3ql', 'letter', 'returnFields', 't', 'format', 'db'); #echo '<pre>';print_r($pack); echo completeDisplay($pack); exit; #finish key valid function readInputMessage($query) { #echo '<pre>';print_r($$_SERVER[]); #echo $query;exit; $xml = $query; ##When value brings tags, they will be parsed along with the rest of the xml. Avoid that by encoding it first. #echo $xml;exit; ereg('<value>(.*)</value>', $xml, $val); #echo '<pre>';print_r($val); if ($val[1] != '') { $xml = ereg_replace($val[1], base64_encode($val[1]), $xml); } ereg('<notes>(.*)</notes>', $xml, $notes);
function formatReturn($error_code, $message, $format, $id, $root = false) { if ($_REQUEST['out'] == 'header' || $format == 'json' && $_SERVER['HTTPS']) { header("Pragma: public"); header("Expires: 0"); // set expiration time header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Type: application/download"); #header("Content-Type: ".$ext.""); // use the Content-Disposition header to supply a recommended filename and // force the browser to display the save dialog. header("Content-Disposition: attachment; filename=" . $format . ""); header("Content-Transfer-Encoding: binary"); } if ($id == '') { $data[0] = array('error_code' => $error_code, 'message' => $message); } else { if (count($id) == 1) { $id_name = array_keys($id); $id_name = $id_name[0]; $data[0] = array('error_code' => $error_code, 'message' => $message, $id_name => $id[$id_name]); } else { $data[0] = array('error_code' => $error_code, 'message' => $message); foreach ($id as $k => $v) { $data[0][$k] = $v; } } #echo '<pre>';print_r($data); } $letter = 'E'; $pack = compact('data', 'format', 'letter', 'root'); return completeDisplay($pack); }