function SSO_EndpointOutput($result) { global $sso_encrypted, $sso_apikey_info, $sso_data, $sso_skipsleep; if (!$sso_skipsleep) { SSO_RandomSleep(); } $result = @json_encode($result); if ($sso_encrypted) { if ($sso_apikey_info["keyinfo"]["mode"] === "aes256") { $result = ExtendedAES::CreateDataPacket($result, $sso_apikey_info["keyinfo"]["key"], $sso_apikey_info["keyinfo"]["opts"]); } else { $result = Blowfish::CreateDataPacket($result, $sso_apikey_info["keyinfo"]["key"], $sso_apikey_info["keyinfo"]["opts"]); } $result = base64_encode($result); } echo $result; exit; }
public function LoginAddMap(&$mapinfo, $userrow, &$userinfo, $admin) { global $sso_rng; $info = $this->GetInfo(); if ($info["cookiekey"] != "" && $info["cookieiv"] != "" && $info["cookiekey2"] != "" && $info["cookieiv2"] != "" && isset($userinfo["sso_antiphish"])) { // Set the anti-phishing cookie here. $data = base64_encode(Blowfish::CreateDataPacket($userinfo["sso_antiphish"], pack("H*", $info["cookiekey"]), array("prefix" => $sso_rng->GenerateString(), "mode" => "CBC", "iv" => pack("H*", $info["cookieiv"]), "key2" => pack("H*", $info["cookiekey2"]), "iv2" => pack("H*", $info["cookieiv2"]), "lightweight" => true))); SetCookieFixDomain("sso_l_ap", $data, time() + 365 * 24 * 60 * 60, "", "", BB_IsSSLRequest(), true); } }
function SSO_ValidateUser() { global $sso_rng, $sso_db, $sso_db_user_sessions, $sso_db_temp_sessions, $sso_session_info, $sso_apirow, $sso_sessionrow, $sso_sessionrow2, $sso_ipaddr, $sso_settings; try { // Browser gets a token representing the new session in the temporary session. $sso_session_info["new_id2"] = $sso_rng->GenerateString(); $sso_db->Query("UPDATE", array($sso_db_temp_sessions, array("info" => serialize($sso_session_info)), "WHERE" => "id = ?"), $sso_sessionrow->id); // Validate the session. $sso_db->Query("UPDATE", array($sso_db_user_sessions, array("updated" => CSDB::ConvertToDBTime(time()), "info" => serialize(array("validated" => true, "ipaddr" => $sso_ipaddr["ipv6"]))), "WHERE" => "id = ?"), $sso_sessionrow2->id); // Build the redirect. $redirect = str_replace(array("\r", "\n"), "", base64_decode($sso_session_info["url"])); $redirect .= (strpos($redirect, "?") === false ? "?" : "&") . "from_sso_server=1&sso_id=" . urlencode($sso_session_info["new_id2"]) . "&sso_id2=" . urlencode($_REQUEST["sso_id"]); // Set the namespace cookie. if (isset($sso_settings[""]["namespacekey2"])) { $namespaces = SSO_LoadNamespaces(true); $namespaces[$sso_apirow->namespace] = $_COOKIE["sso_server_id2"]; $data = serialize($namespaces); $data = base64_encode(Blowfish::CreateDataPacket($data, pack("H*", $sso_settings[""]["namespacekey"]), array("prefix" => $sso_rng->GenerateString(), "mode" => "CBC", "iv" => pack("H*", $sso_settings[""]["namespaceiv"]), "key2" => pack("H*", $sso_settings[""]["namespacekey2"]), "iv2" => pack("H*", $sso_settings[""]["namespaceiv2"]), "lightweight" => true))); SetCookieFixDomain("sso_server_ns", $data, 0, "", "", SSO_IsSSLRequest(), true); } // Set the exposed namespace cookie if the option is enabled. if (isset($sso_settings[""]["expose_namespaces"]) && $sso_settings[""]["expose_namespaces"] && isset($sso_settings[""]["namespacekey4"])) { $namespaces = SSO_LoadNamespaces(false); $namespaces[$sso_apirow->namespace] = $sso_sessionrow2->id; $data = serialize($namespaces); $data = base64_encode(Blowfish::CreateDataPacket($data, pack("H*", $sso_settings[""]["namespacekey3"]), array("prefix" => $sso_rng->GenerateString(), "mode" => "CBC", "iv" => pack("H*", $sso_settings[""]["namespaceiv3"]), "key2" => pack("H*", $sso_settings[""]["namespacekey4"]), "iv2" => pack("H*", $sso_settings[""]["namespaceiv4"]), "lightweight" => true))); $host = str_replace(array("http://", "https://"), "", BB_GetRequestHost()); SetCookieFixDomain("sso_server_ns2", $data, 0, "/", $host, false, true); } // Redirect back to the client. SSO_ExternalRedirect($redirect, true); } catch (Exception $e) { // Don't do anything here. Just catch the database exception and let the code fall through. // It should be nearly impossible to get here in the first place. } return false; }
public function LoginAddMap(&$mapinfo, $userrow, &$userinfo, $admin) { global $sso_rng, $sso_session_info; $info = $this->GetInfo(); if (!$admin && $info["cookiekey"] != "" && $info["cookieiv"] != "" && $info["cookiekey2"] != "" && $info["cookieiv2"] != "" && isset($sso_session_info["sso_login_remember_me"])) { if (!isset($userinfo["sso_remember_me"])) { $userinfo["sso_remember_me"] = array(); } if ($sso_session_info["sso_login_remember_me"]["reset"]) { $userinfo["sso_remember_me"] = array(); } // Remove expired tokens. foreach ($userinfo["sso_remember_me"] as $token => $info2) { if (CSDB::ConvertFromDBTime($info2["expires"]) < time()) { unset($userinfo["sso_remember_me"][$token]); } } if ($sso_session_info["sso_login_remember_me"]["numdays"] > 0) { $token = $sso_rng->GenerateString(); $token2 = $sso_rng->GenerateString(); $salt = $sso_rng->GenerateString(); $data = $salt . ":" . $token2; $passwordinfo = sso_login::HashPasswordInfo($data); if ($passwordinfo["success"]) { // Add temporary session data to user information. $userinfo["sso_remember_me"][$token] = array("salt" => $salt, "rounds" => (int) $passwordinfo["rounds"], "hash" => bin2hex($passwordinfo["hash"]), "expires" => CSDB::ConvertToDBTime(time() + $sso_session_info["sso_login_remember_me"]["numdays"] * 24 * 60 * 60), "bypass" => $sso_session_info["sso_login_remember_me"]["bypass"]); // Append user ID and token to the cookie. $info2 = false; if (isset($_COOKIE["sso_l_rme"])) { // Decrypt existing data. $info2 = @base64_decode($_COOKIE["sso_l_rme"]); if ($info2 !== false) { $info2 = Blowfish::ExtractDataPacket($info2, pack("H*", $info["cookiekey"]), array("mode" => "CBC", "iv" => pack("H*", $info["cookieiv"]), "key2" => pack("H*", $info["cookiekey2"]), "iv2" => pack("H*", $info["cookieiv2"]), "lightweight" => true)); } if ($info2 !== false) { $info2 = @unserialize($info2); } } if ($info2 === false) { $info2 = array(); } $info2[$userrow->id] = array($token, $token2); // Set the Remember Me cookie. $data = base64_encode(Blowfish::CreateDataPacket(serialize($info2), pack("H*", $info["cookiekey"]), array("prefix" => $sso_rng->GenerateString(), "mode" => "CBC", "iv" => pack("H*", $info["cookieiv"]), "key2" => pack("H*", $info["cookiekey2"]), "iv2" => pack("H*", $info["cookieiv2"]), "lightweight" => true))); SetCookieFixDomain("sso_l_rme", $data, time() + $info["maxdays"] * 24 * 60 * 60, "", "", BB_IsSSLRequest(), true); } } } }