function auth($username, $password, $format = 'html', $createkey = true, $authorities = '')
{
    if ($username != '' && $password != '') {
        #connect to the db
        $db = CreateObject('s3dbapi.db');
        $db->Halt_On_Error = 'no';
        $db->Host = $GLOBALS['s3db_info']['server']['db']['db_host'];
        $db->Type = $GLOBALS['s3db_info']['server']['db']['db_type'];
        $db->Database = $GLOBALS['s3db_info']['server']['db']['db_name'];
        $db->User = $GLOBALS['s3db_info']['server']['db']['db_user'];
        $db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass'];
        $db->connect();
        list($valid, $user_info, $message) = auth_user_api($username, $user_id, $password, $db);
        if (!$valid) {
            #does this user have another account? try it remotelly
            #in case an authority has been endorsed: if authority is complex, build the username taking that into account
            if ($authorities) {
                $create_account = false;
                foreach ($GLOBALS['endorsed'] as $ord => $end) {
                    if ($end == $authorities) {
                        $email = $username . (substr($end, 0, 1) == '@' ? '' : '@') . $end;
                        $userLabel = $end . ':' . $username;
                        $protocol = $GLOBALS['s3db_info']['deployment']['endorsed_protocol'][$ord];
                        $auth = $GLOBALS['s3db_info']['deployment']['endorsed_server'][$ord];
                        $userComplexId = $protocol . ':' . $authorities . ':' . $username;
                        #$email = $username.((substr($end,0,1)=='@')?'':'@').$end;
                        #$protocol = $GLOBALS['s3db_info']['deployment']['endorsed_protocol'][$ord];
                        #$userLabel = $protocol.':'.$end.':'.$username;
                        #$auth=$GLOBALS['s3db_info']['deployment']['endorsed_server'][$ord];
                        if ($protocol == 'ldap') {
                            $userComplexName = $protocol . ':' . $auth . ':' . ereg_replace('cn=email', 'cn=' . $username, $GLOBALS['s3db_info']['deployment']['endorsed_ldap_rns'][$ord]);
                            $create_account = $GLOBALS['s3db_info']['deployment']['endorsed_automated'][$ord];
                        } elseif ($protocol == 'http') {
                            $userComplexName = $protocol . ':' . $auth . ':' . ereg_replace('email', $username, $GLOBALS['s3db_info']['deployment']['endorsed_ldap_rns'][$ord]);
                        }
                    }
                }
            }
            if ($userComplexName == '') {
                $userComplexName = $username;
            }
            #
            list($valid, $token, $expires) = univ_authenticate($userComplexName, $password, $serv_account);
            #if user was validated remotelly, user_info will correspond to the remote user. Also, a key has been generated; that is what will be used for the remainder of this session.
            if ($valid) {
                #even if user was authenticated remotelly, he still needs to have been created as user of this deployment
                if ($email == '') {
                    $email = $username;
                }
                if ($userComplexId != '') {
                    $username = $userComplexId;
                    $account_id = s3id();
                }
                #else {$account_id=$username;}
                $sql = "select * from s3db_account where (account_id='" . $account_id . "' or account_email='" . $email . "') and account_status='A'";
                #$sql = "select * from s3db_account where (account_id='".$username."' or account_email='".$username."') and account_status='A'";
                $db->query($sql);
                if (!$db->next_record()) {
                    ##If these account have been endorsed as trustworthy, we can, at this point, create an account for the user
                    if ($create_account) {
                        #$adminUser=1;
                        /*$s3ql=array('user_id'=>$adminUser,'db'=>$db);
                        		$s3ql['insert']='user';
                        		$s3ql['where']['user_id']=$email;
                        		$s3ql['where']['email']=$email;
                        		$done = S3QLaction($s3ql);
                        		*/
                        $sql = "insert into s3db_account (account_id, account_lid,account_pwd,account_uname,account_email,account_addr_id,created_on,created_by,account_status,account_type) values ('" . $account_id . "','" . $userLabel . "','" . random_string(15) . "','" . $email . "','" . $email . "','0','now()','1','A','u')";
                        $db->query($sql);
                        $user_info = array('account_id' => $account_id, 'account_lid' => $userLabel, 'account_type' => 'r');
                    } elseif (is_file($GLOBALS['uploads'] . '/userManage.s3db')) {
                        $user_proj = unserialize(file_get_contents($GLOBALS['uploads'] . '/userManage.s3db'));
                        if (!$user_proj) {
                            return array(false, "User project does not exist");
                            exit;
                        }
                        $sql = "select * from s3db_statement where rule_id = '" . $user_proj['email']['rule_id'] . "' and value = '" . $username . "'";
                        $db->query($sql);
                        if ($db->next_record()) {
                            $item_id = $db->f('resource_id');
                            if ($item_id) {
                                $sql = "select * from s3db_statement where resource_id = '" . $item_id . "' and rule_id = '" . $user_proj['user_id']['rule_id'] . "'";
                                $db->query($sql);
                                if ($db->next_record()) {
                                    $sql = "select * from s3db_account where account_status = 'A' and account_id = '" . ereg_replace('^U', '', $db->f('value')) . "'";
                                    $db->query($sql);
                                    if ($db->next_record()) {
                                        $user_info = array('account_id' => ereg_replace('^U', '', $db->f('value')), 'account_type' => 'u');
                                    }
                                } else {
                                    return array(false, '');
                                }
                            } else {
                                return array(false, '');
                            }
                        } else {
                            return array(false, '');
                        }
                    } else {
                        return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'User ' . $username . ' does not have permission in this deployment. If you think you should have permission, please inform the administrator of this deployment.', $format, ''));
                        $valid = 0;
                        exit;
                    }
                } else {
                    $key = $token;
                    $user_info = array('account_id' => $account_id, 'account_lid' => $username, 'account_type' => 'r');
                    # $user_info = array('account_id'=>$username, 'account_type'=>'r');
                    if (strtotime($expires) > strtotime(date('Y-m-d', time() + 1 * 24 * 60 * 60))) {
                        return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'S3DB received a key which expires after 24h. For security reasons, a key must be valid for 24h or less', $format, ''), $user_info);
                        exit;
                    }
                }
            } else {
                return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], $token, $format, ''));
            }
        } else {
            #local user was validated
            $key = random_string(15);
            $expires = date('Y-m-d', time() + 1 * 24 * 60 * 60);
        }
        if ($valid) {
            $user_id = $user_info['account_id'];
            create_log($user_id, $db);
            if ($createkey) {
                if (!$key) {
                    $key = random_string(15);
                }
                if (!$expires) {
                    $expires = date('Y-m-d', time() + 1 * 24 * 60 * 60);
                }
                $inputs = array('key_id' => $key, 'expires' => $expires, 'notes' => 'Key generated automatically via API', 'account_id' => $user_id);
                $added = add_entry('access_keys', $inputs, $db);
                $data[0] = $inputs;
                $letter = 'E';
                $pack = compact('data', 'user_id', 'db', 'letter', 't', 'format');
                if ($added) {
                    return array(true, completeDisplay($pack), $user_info);
                    exit;
                } else {
                    return array(false, formatReturn('2', 'Your authentication was valid but a key could not be created.', $format, ''));
                    exit;
                }
            } else {
                $db = CreateObject('s3dbapi.db');
                $db->Halt_On_Error = 'no';
                $db->Host = $GLOBALS['s3db_info']['server']['db']['db_host'];
                $db->Type = $GLOBALS['s3db_info']['server']['db']['db_type'];
                $db->Database = $GLOBALS['s3db_info']['server']['db']['db_name'];
                $db->User = $GLOBALS['s3db_info']['server']['db']['db_user'];
                $db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass'];
                $db->connect();
                $_SESSION['db'] = $db;
                $_SESSION['user'] = $user_info;
                return array(true, formatReturn('0', 'User validated.', $format, ''), $user_info);
                exit;
            }
        } else {
            return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please provide a valid username and password', $format, ''));
            exit;
        }
    } elseif ($username != '') {
        return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please provide a valid password', $format, ''));
        exit;
    } elseif ($password != '') {
        return array(false, formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please provide a valid username', $format, ''));
        exit;
    } else {
        return array(false, formatReturn($GLOBALS['error_codes']['something_missing'], 'Please provide a valid username and password', $format, ''));
        exit;
    }
}
Exemple #2
0
#echo '<pre>';print_r($s3qlOut);
$data = $s3qlOut;
$letter = letter($s3ql['from']);
$t = $GLOBALS['s3codes'][$letter];
$t = $GLOBALS['plurals'][$t];
#if($s3ql['select']!='*'){
#$toreplace = array_keys($GLOBALS['s3map'][$t]);
#$replacements = array_values($GLOBALS['s3map'][$t]);
#$s3ql['select'] = str_replace($toreplace, $replacements, $s3ql['select']);
#$s3ql_out=ereg_replace(' ', '', $s3ql['select']);#take out all the spaces
#$returnFields = explode(',', $s3ql_out);
#}
$letter = letter($s3ql['from']);
$pack = compact('s3qlOut', 'data', 's3ql', 'letter', 'returnFields', 't', 'format', 'db');
#echo '<pre>';print_r($pack);
echo completeDisplay($pack);
exit;
#finish key valid
function readInputMessage($query)
{
    #echo '<pre>';print_r($$_SERVER[]);
    #echo $query;exit;
    $xml = $query;
    ##When value brings tags, they will be parsed along with the rest of the xml. Avoid that by encoding it first.
    #echo $xml;exit;
    ereg('<value>(.*)</value>', $xml, $val);
    #echo '<pre>';print_r($val);
    if ($val[1] != '') {
        $xml = ereg_replace($val[1], base64_encode($val[1]), $xml);
    }
    ereg('<notes>(.*)</notes>', $xml, $notes);
Exemple #3
0
function formatReturn($error_code, $message, $format, $id, $root = false)
{
    if ($_REQUEST['out'] == 'header' || $format == 'json' && $_SERVER['HTTPS']) {
        header("Pragma: public");
        header("Expires: 0");
        // set expiration time
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Content-Type: application/force-download");
        header("Content-Type: application/octet-stream");
        header("Content-Type: application/download");
        #header("Content-Type: ".$ext."");
        // use the Content-Disposition header to supply a recommended filename and
        // force the browser to display the save dialog.
        header("Content-Disposition: attachment; filename=" . $format . "");
        header("Content-Transfer-Encoding: binary");
    }
    if ($id == '') {
        $data[0] = array('error_code' => $error_code, 'message' => $message);
    } else {
        if (count($id) == 1) {
            $id_name = array_keys($id);
            $id_name = $id_name[0];
            $data[0] = array('error_code' => $error_code, 'message' => $message, $id_name => $id[$id_name]);
        } else {
            $data[0] = array('error_code' => $error_code, 'message' => $message);
            foreach ($id as $k => $v) {
                $data[0][$k] = $v;
            }
        }
        #echo '<pre>';print_r($data);
    }
    $letter = 'E';
    $pack = compact('data', 'format', 'letter', 'root');
    return completeDisplay($pack);
}