public static function handler($data = null) { if (isset($_SESSION['done_autoauth'])) { return; } if (empty($_SERVER['SSL_CLIENT_RAW_CERT'])) { return self::done(); } if (Session::isLoggedIn()) { return self::done(); } $certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis')); $userId = $certs->check($_SERVER['SSL_CLIENT_RAW_CERT']); if ($userId == NULL) { return self::done(); } $users = new users(ConnectionFactory::get('mongo')); $user = $users->get($userId, false); if (empty($user)) { return; } if (!in_array('autoauth', $user['auths'])) { return self::done(); } if ($user['status'] == users::ACCT_LOCKED) { return self::done(); } Session::setBatchVars($user); return self::done(); }
private function checkCAP($username, $password) { $user = $this->get($username); // Check password authentication if (empty($user)) { return false; } if (!in_array('cert+pass', $user['auths'])) { return false; } if ($user['password'] != $this->hash($password, $username)) { return false; } // Check certificate authentication $certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis')); $userId = $certs->check($_SERVER['SSL_CLIENT_RAW_CERT']); if ($userId == null) { return false; } if ($userId != $user['_id']) { return false; } return $user; }