| 1 | <?php |
| 2 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| 3 | * License, v. 2.0. If a copy of the MPL was not distributed with this file, |
| 4 | * You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 5 | |
| 6 | /* |
| 7 | Some resources for how to store passwords: |
| 8 | - https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/ |
| 9 | - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines |
| 10 | oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook |
| 11 | */ |
| 12 | |
| 13 | // error reporting (for testing) |
| 14 | ini_set('display_errors', 1); error_reporting(E_ALL); |
| 15 | |
| 16 | // Read DB settings |
| 17 | $dbdata = json_decode(file_get_contents('/etc/kairo/auth_db.json'), true); |
| 18 | if (!is_array($dbdata)) { trigger_error('DB configuration not found', E_USER_ERROR); } |
| 19 | $settings = json_decode(file_get_contents('/etc/kairo/auth_settings.json'), true); |
| 20 | if (!is_array($settings)) { trigger_error('Auth settings not found', E_USER_ERROR); } |
| 21 | $settings['dbdata'] = $dbdata; |
| 22 | |
| 23 | // Extended DOM document class |
| 24 | require_once(__DIR__.'/../php-utility-classes/classes/document.php-class'); |
| 25 | // Class for sending emails |
| 26 | require_once(__DIR__.'/../php-utility-classes/classes/email.php-class'); |
| 27 | // Composer-provided libraries (oauth2-server-php, doctrine DBAL) |
| 28 | require_once(__DIR__.'/../vendor/autoload.php'); |
| 29 | // Authentication utilities |
| 30 | require_once(__DIR__.'/authutils.php-class'); |
| 31 | // Instantiate server utils. |
| 32 | try { |
| 33 | $utils = new AuthUtils($settings); |
| 34 | $db = $utils->db; |
| 35 | } |
| 36 | catch (Exception $e) { |
| 37 | $utils = null; |
| 38 | } |
| 39 | |
| 40 | $utils->setUpL10n(); |
| 41 | |
| 42 | // Sanitize settings. |
| 43 | $settings['piwik_enabled'] = (@$settings['piwik_enabled']) ? true : false; |
| 44 | $settings['piwik_site_id'] = intval(@$settings['piwik_site_id']); |
| 45 | $settings['piwik_url'] = strlen(@$settings['piwik_url']) ? $settings['piwik_url'] : '/piwik/'; |
| 46 | $settings['piwik_tracker_path'] = strlen(@$settings['piwik_tracker_path']) ? $settings['piwik_tracker_path'] : '../vendor/piwik/piwik-php-tracker/'; |
| 47 | |
| 48 | /* Creating the DB tables: |
| 49 | CREATE TABLE `auth_sessions` ( |
| 50 | `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| 51 | `sesskey` VARCHAR(150) NOT NULL DEFAULT '' , |
| 52 | `user` MEDIUMINT UNSIGNED NULL DEFAULT NULL , |
| 53 | `logged_in` BOOLEAN NOT NULL DEFAULT FALSE , |
| 54 | `time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| 55 | `time_expire` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| 56 | `saved_redirect` VARCHAR(255) NOT NULL DEFAULT '' , |
| 57 | PRIMARY KEY (`id`), |
| 58 | INDEX (`sesskey`), |
| 59 | INDEX (`time_expire`) |
| 60 | ); |
| 61 | CREATE TABLE `auth_users` ( |
| 62 | `id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| 63 | `email` VARCHAR(255) NOT NULL , |
| 64 | `pwdhash` VARCHAR(255) NOT NULL , |
| 65 | `status` ENUM('unverified','ok') NOT NULL DEFAULT 'unverified' , |
| 66 | `verify_hash` VARCHAR(150) NULL DEFAULT NULL , |
| 67 | `group_id` MEDIUMINT UNSIGNED DEFAULT '0' , |
| 68 | PRIMARY KEY (`id`), |
| 69 | UNIQUE (`email`) |
| 70 | ); |
| 71 | CREATE TABLE `auth_log` ( |
| 72 | `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| 73 | `code` VARCHAR(100) NOT NULL , |
| 74 | `info` TEXT NULL DEFAULT NULL , |
| 75 | `ip_addr` VARCHAR(50) NULL DEFAULT NULL , |
| 76 | `time_logged` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| 77 | PRIMARY KEY (`id`), |
| 78 | INDEX (`time_logged`) |
| 79 | ); |
| 80 | */ |
| 81 | |
| 82 | // Set up our OAuth2 Server object |
| 83 | $server = $utils->getOAuthServer(); |
| 84 | ?> |