/** * @param $options * @param null $access * @param bool $bypassAuth */ function processingRequest($options, $access = null, $bypassAuth = false) { $this->logger->setDebugMessage("[processingRequest]", 2); $this->outputOfProcessing = array(); $currentDir = dirname(__FILE__) . DIRECTORY_SEPARATOR; // Message Class Detection $messageClass = null; if (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) { $clientLangArray = explode(',', $_SERVER["HTTP_ACCEPT_LANGUAGE"]); foreach ($clientLangArray as $oneLanguage) { $langCountry = explode(';', $oneLanguage); if (strlen($langCountry[0]) > 0) { $clientLang = explode('-', $langCountry[0]); $messageClass = "MessageStrings_{$clientLang['0']}"; if (file_exists("{$currentDir}{$messageClass}.php")) { $messageClass = new $messageClass(); break; } } $messageClass = null; } } if ($messageClass == null) { $messageClass = new MessageStrings(); } /* Aggregation Judgement */ $isSelect = $this->dbSettings->getAggregationSelect(); $isFrom = $this->dbSettings->getAggregationFrom(); $isGroupBy = $this->dbSettings->getAggregationGroupBy(); $isDBSupport = $this->dbClass->isSupportAggregation(); if (!$isDBSupport && ($isSelect || $isFrom || $isGroupBy)) { $this->logger->setErrorMessage($messageClass->getMessageAs(1042)); $access = "do nothing"; } else { if ($isDBSupport && ($isSelect && !$isFrom || !$isSelect && $isFrom)) { $this->logger->setErrorMessage($messageClass->getMessageAs(1043)); $access = "do nothing"; } else { if ($isDBSupport && $isSelect && $isFrom && in_array($access, array("update", "new", "create", "delete", "copy"))) { $this->logger->setErrorMessage($messageClass->getMessageAs(1044)); $access = "do nothing"; } } } // Authentication and Authorization $tableInfo = $this->dbSettings->getDataSourceTargetArray(); $access = is_null($access) ? $_POST['access'] : $access; $access = $access == "select" || $access == "load" ? "read" : $access; $clientId = isset($_POST['clientid']) ? $_POST['clientid'] : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "Non-browser-client"); $this->paramAuthUser = isset($_POST['authuser']) ? $_POST['authuser'] : ""; $paramResponse = isset($_POST['response']) ? $_POST['response'] : ""; $paramCryptResponse = isset($_POST['cresponse']) ? $_POST['cresponse'] : ""; $this->dbSettings->setRequireAuthentication(false); $this->dbSettings->setRequireAuthorization(false); $this->dbSettings->setDBNative(false); if (isset($options['authentication']) || $access == 'challenge' || $access == 'changepassword' || isset($tableInfo['authentication']) && (isset($tableInfo['authentication']['all']) || isset($tableInfo['authentication'][$access]))) { $this->dbSettings->setRequireAuthorization(true); $this->dbSettings->setDBNative(false); if (isset($options['authentication']['user']) && $options['authentication']['user'][0] == 'database_native') { $this->dbSettings->setDBNative(true); } } if (!$bypassAuth && $this->dbSettings->getRequireAuthorization()) { // Authentication required if (strlen($this->paramAuthUser) == 0 || strlen($paramResponse) == 0) { // No username or password $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } // User and Password are suppried but... if ($access != 'challenge') { // Not accessing getting a challenge. if ($this->dbSettings->isDBNative()) { list($password, $challenge) = $this->decrypting($paramCryptResponse); if ($password !== false) { if (!$this->checkChallenge($challenge, $clientId)) { $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } else { $this->dbSettings->setUserAndPasswordForAccess($this->paramAuthUser, $password); $this->logger->setDebugMessage("[checkChallenge] returns true.", 2); } } else { $this->logger->setDebugMessage("Can't decrypt."); $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } } else { $noAuthorization = true; $authorizedGroups = $this->dbClass->getAuthorizedGroups($access); $authorizedUsers = $this->dbClass->getAuthorizedUsers($access); $this->logger->setDebugMessage(str_replace("\n", "", "contextName={$access}/access={$this->dbSettings->getTargetName()}/" . "authorizedUsers=" . var_export($authorizedUsers, true) . "/authorizedGroups=" . var_export($authorizedGroups, true)), 2); if (count($authorizedUsers) == 0 && count($authorizedGroups) == 0) { $noAuthorization = false; } else { $signedUser = $this->dbClass->authSupportUnifyUsernameAndEmail($this->dbSettings->getCurrentUser()); if (in_array($signedUser, $authorizedUsers)) { $noAuthorization = false; } else { if (count($authorizedGroups) > 0) { $belongGroups = $this->dbClass->authSupportGetGroupsOfUser($signedUser); $this->logger->setDebugMessage($signedUser . "=belongGroups=" . var_export($belongGroups, true), 2); if (count(array_intersect($belongGroups, $authorizedGroups)) != 0) { $noAuthorization = false; } } } } if ($noAuthorization) { $this->logger->setDebugMessage("Authorization doesn't meet the settings."); $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } $signedUser = $this->dbClass->authSupportUnifyUsernameAndEmail($this->paramAuthUser); $authSucceed = false; if ($this->checkAuthorization($signedUser, $paramResponse, $clientId)) { $this->logger->setDebugMessage("IM-built-in Authentication succeed."); $authSucceed = true; } else { $ldap = new LDAPAuth(); $ldap->setLogger($this->logger); if ($ldap->isActive) { list($password, $challenge) = $this->decrypting($paramCryptResponse); if ($ldap->bindCheck($signedUser, $password)) { $this->logger->setDebugMessage("LDAP Authentication succeed."); $authSucceed = true; $this->addUser($signedUser, $password, true); } } } if (!$authSucceed) { $this->logger->setDebugMessage("Authentication doesn't meet valid.{$signedUser}/{$paramResponse}/{$clientId}"); // Not Authenticated! $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } } } } // Come here access=challenge or authenticated access switch ($access) { case 'describe': $result = $this->dbClass->getSchema($this->dbSettings->getTargetName()); $this->outputOfProcessing['dbresult'] = $result; $this->outputOfProcessing['resultCount'] = 0; $this->outputOfProcessing['totalCount'] = 0; break; case 'read': case 'select': $result = $this->getFromDB($this->dbSettings->getTargetName()); if (isset($tableInfo['protect-reading']) && is_array($tableInfo['protect-reading'])) { $recordCount = count($result); for ($index = 0; $index < $recordCount; $index++) { foreach ($result[$index] as $field => $value) { if (in_array($field, $tableInfo['protect-reading'])) { $result[$index][$field] = "[protected]"; } } } } $this->outputOfProcessing['dbresult'] = $result; $this->outputOfProcessing['resultCount'] = $this->countQueryResult($this->dbSettings->getTargetName()); $this->outputOfProcessing['totalCount'] = $this->getTotalCount($this->dbSettings->getTargetName()); break; case 'update': if (isset($tableInfo['protect-writing']) && is_array($tableInfo['protect-writing'])) { $fieldArray = array(); $valueArray = array(); $counter = 0; $fieldValues = $this->dbSettings->getValue(); foreach ($this->dbSettings->getFieldsRequired() as $field) { if (!in_array($field, $tableInfo['protect-writing'])) { $fieldArray[] = $field; $valueArray[] = $fieldValues[$counter]; } $counter++; } $this->dbSettings->setTargetFields($fieldArray); $this->dbSettings->setValue($valueArray); } $this->setToDB($this->dbSettings->getTargetName()); break; case 'new': case 'create': $result = $this->newToDB($this->dbSettings->getTargetName(), $bypassAuth); $this->outputOfProcessing['newRecordKeyValue'] = $result; $this->outputOfProcessing['dbresult'] = $this->dbClass->updatedRecord(); break; case 'delete': $this->deleteFromDB($this->dbSettings->getTargetName()); break; case 'copy': $result = $this->copyInDB($this->dbSettings->getTargetName()); $this->outputOfProcessing['newRecordKeyValue'] = $result; $this->outputOfProcessing['dbresult'] = $this->dbClass->updatedRecord(); break; case 'challenge': break; case 'changepassword': if (isset($_POST['newpass'])) { $changeResult = $this->changePassword($this->paramAuthUser, $_POST['newpass']); $this->outputOfProcessing['changePasswordResult'] = $changeResult ? true : false; } else { $this->outputOfProcessing['changePasswordResult'] = false; } break; case 'unregister': if (!is_null($this->dbSettings->notifyServer) && $this->clientPusherAvailable) { $tableKeys = null; if (isset($_POST['pks'])) { $tableKeys = json_decode($_POST['pks'], true); } $this->dbSettings->notifyServer->unregister($_POST['notifyid'], $tableKeys); } break; } if ($this->logger->getDebugLevel() !== false) { $fInfo = $this->getFieldInfo($this->dbSettings->getTargetName()); if ($fInfo != null) { foreach ($this->dbSettings->getFieldsRequired() as $fieldName) { if (!$this->dbClass->isContainingFieldName($fieldName, $fInfo)) { $this->logger->setErrorMessage($messageClass->getMessageAs(1033, array($fieldName))); } } } } }
/** * @param $options * @param null $access * @param bool $bypassAuth */ function processingRequest($options, $access = null, $bypassAuth = false) { $this->logger->setDebugMessage("[processingRequest]", 2); $this->outputOfPrcessing = ''; $generatedPrivateKey = ''; $passPhrase = ''; $currentDir = dirname(__FILE__) . DIRECTORY_SEPARATOR; $currentDirParam = $currentDir . 'params.php'; $parentDirParam = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'params.php'; if (file_exists($parentDirParam)) { include $parentDirParam; } else { if (file_exists($currentDirParam)) { include $currentDirParam; } } $messageClass = null; if (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) { $clientLangArray = explode(',', $_SERVER["HTTP_ACCEPT_LANGUAGE"]); foreach ($clientLangArray as $oneLanguage) { $langCountry = explode(';', $oneLanguage); if (strlen($langCountry[0]) > 0) { $clientLang = explode('-', $langCountry[0]); $messageClass = "MessageStrings_{$clientLang['0']}"; if (file_exists("{$currentDir}{$messageClass}.php")) { $messageClass = new $messageClass(); break; } } $messageClass = null; } } if ($messageClass == null) { $messageClass = new MessageStrings(); } $tableInfo = $this->dbSettings->getDataSourceTargetArray(); $access = is_null($access) ? $_POST['access'] : $access; $clientId = isset($_POST['clientid']) ? $_POST['clientid'] : (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "Non-browser-client"); $this->paramAuthUser = isset($_POST['authuser']) ? $_POST['authuser'] : ""; $paramResponse = isset($_POST['response']) ? $_POST['response'] : ""; $this->dbSettings->setRequireAuthentication(false); $this->dbSettings->setRequireAuthorization(false); $this->dbSettings->setDBNative(false); $keywordAuth = $access == "select" ? "load" : $access; if (isset($options['authentication']) || $access == 'challenge' || $access == 'changepassword' || isset($tableInfo['authentication']) && (isset($tableInfo['authentication']['all']) || isset($tableInfo['authentication'][$keywordAuth]))) { $this->dbSettings->setRequireAuthorization(true); $this->dbSettings->setDBNative(false); if (isset($options['authentication']['user']) && $options['authentication']['user'][0] == 'database_native') { $this->dbSettings->setDBNative(true); } } // $this->logger->setDebugMessage("dbNative={$this->dbSettings->isDBNative()}", 2); // $this->logger->setDebugMessage("", 2); if (!$bypassAuth && $this->dbSettings->getRequireAuthorization()) { // Authentication required if (strlen($this->paramAuthUser) == 0 || strlen($paramResponse) == 0) { // No username or password $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } // User and Password are suppried but... if ($access != 'challenge') { // Not accessing getting a challenge. if ($this->dbSettings->isDBNative()) { $rsa = new Crypt_RSA(); $rsa->setPassword($passPhrase); $rsa->loadKey($generatedPrivateKey); $rsa->setPassword(); $privatekey = $rsa->getPrivateKey(); $priv = $rsa->_parseKey($privatekey, CRYPT_RSA_PRIVATE_FORMAT_PKCS1); require_once 'bi2php/biRSA.php'; $keyDecrypt = new biRSAKeyPair('0', $priv['privateExponent']->toHex(), $priv['modulus']->toHex()); $decrypted = $keyDecrypt->biDecryptedString($paramResponse); // $this->logger->setDebugMessage("decrypted={$decrypted}", 2); if ($decrypted !== false) { $nlPos = strpos($decrypted, "\n"); $nlPos = $nlPos === false ? strlen($decrypted) : $nlPos; $password = $keyDecrypt->biDecryptedString(substr($decrypted, 0, $nlPos)); $password = strlen($password) == 0 ? "f32b309d4759446fc81de858322ed391a0c167a0" : $password; $challenge = substr($decrypted, $nlPos + 1); // $this->logger->setDebugMessage("password={$password}", 2); // $this->logger->setDebugMessage("paramAuthUser={$this->paramAuthUser}", 2); if (!$this->checkChallenge($challenge, $clientId)) { $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } else { $this->dbSettings->setUserAndPasswordForAccess($this->paramAuthUser, $password); $this->logger->setDebugMessage("[checkChallenge] returns true.", 2); } } else { $this->logger->setDebugMessage("Can't decrypt."); $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } } else { $noAuthorization = true; $authorizedGroups = $this->dbClass->getAuthorizedGroups($access); $authorizedUsers = $this->dbClass->getAuthorizedUsers($access); $this->logger->setDebugMessage("authorizedUsers=" . var_export($authorizedUsers, true) . "/authorizedGroups=" . var_export($authorizedGroups, true), 2); if (count($authorizedUsers) == 0 && count($authorizedGroups) == 0) { $noAuthorization = false; } else { $signedUser = $this->dbClass->authSupportUnifyUsernameAndEmail($this->dbSettings->getCurrentUser()); if (in_array($signedUser, $authorizedUsers)) { $noAuthorization = false; } else { if (count($authorizedGroups) > 0) { $belongGroups = $this->dbClass->authSupportGetGroupsOfUser($signedUser); $this->logger->setDebugMessage($signedUser . "=belongGroups=" . var_export($belongGroups, true), 2); if (count(array_intersect($belongGroups, $authorizedGroups)) != 0) { $noAuthorization = false; } } } } if ($noAuthorization) { $this->logger->setDebugMessage("Authorization doesn't meet the settings."); $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } $signedUser = $this->dbClass->authSupportUnifyUsernameAndEmail($this->paramAuthUser); if (!$this->checkAuthorization($signedUser, $paramResponse, $clientId)) { $this->logger->setDebugMessage("Authentication doesn't meet valid.{$signedUser}/{$paramResponse}/{$clientId}"); // Not Authenticated! $access = "do nothing"; $this->dbSettings->setRequireAuthentication(true); } } } } // $this->logger->setDebugMessage("requireAuthentication={$this->dbSettings->getRequireAuthentication()}", 2); // $this->logger->setDebugMessage("requireAuthorization={$this->dbSettings->getRequireAuthorization()}", 2); // $this->logger->setDebugMessage("access={$access}, target={$this->dbSettings->getTargetName()}", 2); // Come here access=challenge or authenticated access switch ($access) { case 'describe': $result = $this->dbClass->getSchema($this->dbSettings->getTargetName()); $this->outputOfPrcessing = 'dbresult=' . arrayToJS($result, '') . ';' . "resultCount=0;"; break; case 'select': $result = $this->getFromDB($this->dbSettings->getTargetName()); if (isset($tableInfo['protect-reading']) && is_array($tableInfo['protect-reading'])) { $recordCount = count($result); for ($index = 0; $index < $recordCount; $index++) { foreach ($result[$index] as $field => $value) { if (in_array($field, $tableInfo['protect-reading'])) { $result[$index][$field] = "[protected]"; } } } } $this->outputOfPrcessing = 'dbresult=' . arrayToJS($result, '') . ';' . "resultCount='{$this->countQueryResult($this->dbSettings->getTargetName())}';"; break; case 'update': if (isset($tableInfo['protect-writing']) && is_array($tableInfo['protect-writing'])) { $fieldArray = array(); $valueArray = array(); $counter = 0; $fieldValues = $this->dbSettings->getValue(); foreach ($this->dbSettings->getFieldsRequired() as $field) { if (!in_array($field, $tableInfo['protect-writing'])) { $fieldArray[] = $field; $valueArray[] = $fieldValues[$counter]; } $counter++; } $this->dbSettings->setTargetFields($fieldArray); $this->dbSettings->setValue($valueArray); } $this->setToDB($this->dbSettings->getTargetName()); break; case 'new': $result = $this->newToDB($this->dbSettings->getTargetName(), $bypassAuth); $this->outputOfPrcessing = "newRecordKeyValue='{$result}';"; break; case 'delete': $this->deleteFromDB($this->dbSettings->getTargetName()); break; case 'challenge': break; case 'changepassword': if (isset($_POST['newpass'])) { $changeResult = $this->changePassword($this->paramAuthUser, $_POST['newpass']); $this->outputOfPrcessing = "changePasswordResult=" . ($changeResult ? "true;" : "false;"); } else { $this->outputOfPrcessing = "changePasswordResult=false;"; } break; } // $this->logger->setDebugMessage("requireAuthentication={$this->dbSettings->getRequireAuthentication()}", 2); // $this->logger->setDebugMessage("requireAuthorization={$this->dbSettings->getRequireAuthorization()}", 2); if ($this->logger->getDebugLevel() !== false) { $fInfo = $this->getFieldInfo($this->dbSettings->getTargetName()); if ($fInfo != null) { foreach ($this->dbSettings->getFieldsRequired() as $fieldName) { if (!in_array($fieldName, $fInfo)) { $this->logger->setErrorMessage($messageClass->getMessageAs(1033, array($fieldName))); } } } } }