function login_do_http_auth()
{
global $LOGIN_PASSWORD, $LOGIN_USERNAME;
global $_SERVER;
if ($_SERVER['REMOTE_USER']) {
is_logged_in(true);
return;
}
if (!$_SERVER['PHP_AUTH_USER']) {
is_logged_in(false);
return;
}
$status = authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if (!succeeds($status)) {
is_logged_in(false);
if (!fatal($status)) {
if ($_SERVER['PHP_AUTH_USER']) {
http_401();
}
} else {
print "Error logging in: " . auth_error();
}
} else {
$LOGIN_USERNAME = $_SERVER['PHP_AUTH_USER'];
$LOGIN_PASSWORD = $_SERVER['PHP_AUTH_PW'];
is_logged_in(true);
}
}
function dsn($dsn, $username, $password)
{
try {
parent::__construct($dsn, $username, $password);
} catch (Exception $ex) {
auth_error($ex->getMessage());
}
$this->setAttribute(13, array('Min_PDOStatement'));
// 13 - PDO::ATTR_STATEMENT_CLASS
$this->server_info = $this->getAttribute(4);
// 4 - PDO::ATTR_SERVER_VERSION
}
foreach ($_FILES as $key => $val) {
echo '<input type="hidden" name="files[' . htmlspecialchars($key) . ']" value="' . ($val["error"] ? $val["error"] : base64_encode(file_get_contents($val["tmp_name"]))) . '" />';
}
?>
<input type="submit" value="<?php
echo lang('Login');
?>
" />
</p>
</form>
<?php
page_footer("auth");
}
$username = $_SESSION["usernames"][$_GET["server"]];
if (!isset($username) || !$mysql->connect($_GET["server"], $username, $_SESSION["passwords"][$_GET["server"]])) {
auth_error();
exit;
}
$mysql->query("SET SQL_QUOTE_SHOW_CREATE=1");
if (!(strlen($_GET["db"]) ? $mysql->select_db($_GET["db"]) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]) || isset($_GET["privileges"]) || isset($_GET["user"]))) {
if (strlen($_GET["db"])) {
unset($_SESSION["databases"][$_GET["server"]]);
}
if (strlen($_GET["db"])) {
page_header(lang('Database') . ": " . htmlspecialchars($_GET["db"]), lang('Invalid database.'), false);
} else {
page_header(lang('Select database'), "", null);
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Create new database') . "</a></p>\n";
echo '<p><a href="' . htmlspecialchars($SELF) . 'privileges=">' . lang('Privileges') . "</a></p>\n";
echo '<p><a href="' . htmlspecialchars($SELF) . 'processlist=">' . lang('Process list') . "</a></p>\n";
echo "<p>" . lang('MySQL version: %s through PHP extension %s', "<b>{$mysql->server_info}</b>", "<b>{$mysql->extension}</b>") . "</p>\n";
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($ch);
curl_close($ch);
if ($result === false) {
auth_error('No such character on the API');
}
$xml = simplexml_load_string($result);
if (isset($xml->result->rowset->row->attributes()["characterID"])) {
$corporationID = (string) $xml->result->rowset->row->attributes()["corporationID"];
$corporationName = (string) $xml->result->rowset->row->attributes()["corporationName"];
$allianceID = (string) $xml->result->rowset->row->attributes()["allianceID"];
$allianceName = (string) $xml->result->rowset->row->attributes()["allianceName"];
} else {
auth_error("No character details returned from API");
}
//Alliance
if ($allianceID != 0) {
$alliancesql = 'select allianceid,allianceticker from alliance where allianceid=:allianceid';
$stmt = $dbh->prepare($alliancesql);
$stmt->execute(array(':allianceid' => $allianceID));
while ($row = $stmt->fetchObject()) {
$allianceticker = $row->allianceticker;
}
if (!isset($allianceticker)) {
error_log('Getting alliance details');
$alliance_url = 'http://public-crest.eveonline.com/alliances/' . $allianceID . '/';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $alliance_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
page_footer("auth");
exit;
}
if (isset($_GET["username"])) {
if (!class_exists("Min_DB")) {
unset($_SESSION["pwds"][DRIVER]);
unset_permanent();
page_header(lang('No extension'), lang('None of the supported PHP extensions (%s) are available.', implode(", ", $possible_drivers)), false);
page_footer("auth");
exit;
}
$connection = connect();
}
$driver = new Min_Driver($connection);
if (!is_object($connection) || !$adminer->login($_GET["username"], get_password())) {
auth_error(is_string($connection) ? $connection : lang('Invalid credentials.'));
}
if ($auth && $_POST["token"]) {
$_POST["token"] = $token;
// reset token after explicit login
}
$error = '';
///< @var string
if ($_POST) {
if (!verify_token()) {
$ini = "max_input_vars";
$max_vars = ini_get($ini);
if (extension_loaded("suhosin")) {
foreach (array("suhosin.request.max_vars", "suhosin.post.max_vars") as $key) {
$val = ini_get($key);
if ($val && (!$max_vars || $val < $max_vars)) {
public static function callback()
{
global $mdb, $app, $redis, $ccpClientID, $ccpSecret;
$charID = @$_SESSION['characterID'];
$hash = @$_SESSION['characterHash'];
if ($charID != null && $hash != null) {
$value = $redis->get("login:{$charID}:{$hash}");
if ($value == true) {
$app->redirect('/', 302);
exit;
}
}
$url = 'https://login.eveonline.com/oauth/token';
$verify_url = 'https://login.eveonline.com/oauth/verify';
$header = 'Authorization: Basic ' . base64_encode($ccpClientID . ':' . $ccpSecret);
$fields_string = '';
$fields = array('grant_type' => 'authorization_code', 'code' => $_GET['code']);
foreach ($fields as $key => $value) {
$fields_string .= $key . '=' . $value . '&';
}
rtrim($fields_string, '&');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, CrestSSO::$userAgent);
curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($ch);
if ($result === false) {
auth_error(curl_error($ch));
}
curl_close($ch);
$response = json_decode($result);
$access_token = $response->access_token;
$refresh_token = $response->refresh_token;
$ch = curl_init();
// Get the Character details from SSO
$header = 'Authorization: Bearer ' . $access_token;
curl_setopt($ch, CURLOPT_URL, $verify_url);
curl_setopt($ch, CURLOPT_USERAGENT, CrestSSO::$userAgent);
curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($ch);
if ($result === false) {
auth_error(curl_error($ch));
}
curl_close($ch);
$response = json_decode($result);
if (!isset($response->CharacterID)) {
auth_error('No character ID returned');
}
// Lookup the character details in the DB.
$userdetails = $mdb->findDoc('information', ['type' => 'characterID', 'id' => (int) $response->CharacterID, 'cacheTime' => 0]);
if (!isset($userdetails['name'])) {
if ($userdetails == null) {
$mdb->save('information', ['type' => 'characterID', 'id' => (int) $response->CharacterID, 'name' => $response->CharacterName]);
}
}
$key = "login:"******":" . session_id();
$redis->setex("{$key}:refreshToken", 86400 * 14, $refresh_token);
$redis->setex("{$key}:accessToken", 1000, $access_token);
$_SESSION['characterID'] = $response->CharacterID;
$_SESSION['characterName'] = $response->CharacterName;
session_write_close();
$redirect = @$_GET['state'];
if ($redirect == '') {
$redirect = '/';
} else {
if (substr($redirect, 0, 9) == 'redirect:') {
$redirect = '/';
}
}
header('Location: ' . $redirect, 302);
exit;
}