| 1 | <?php |
| 2 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| 3 | * License, v. 2.0. If a copy of the MPL was not distributed with this file, |
| 4 | * You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 5 | |
| 6 | /* |
| 7 | Some resources for how to store passwords: |
| 8 | - https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/ |
| 9 | - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines |
| 10 | oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook |
| 11 | */ |
| 12 | |
| 13 | // error reporting (for testing) |
| 14 | ini_set('display_errors', 1); error_reporting(E_ALL); |
| 15 | |
| 16 | // Read DB settings |
| 17 | $dbdata = json_decode(file_get_contents('/etc/kairo/auth_db.json'), true); |
| 18 | if (!is_array($dbdata)) { trigger_error('DB configuration not found', E_USER_ERROR); } |
| 19 | $settings = json_decode(file_get_contents('/etc/kairo/auth_settings.json'), true); |
| 20 | if (!is_array($settings)) { trigger_error('Auth settings not found', E_USER_ERROR); } |
| 21 | |
| 22 | // Extended DOM document class |
| 23 | require_once('../php-utility-classes/classes/document.php-class'); |
| 24 | // Class for sending emails |
| 25 | require_once('../php-utility-classes/classes/email.php-class'); |
| 26 | // Class for sending emails |
| 27 | require_once(__DIR__.'/authutils.php-class'); |
| 28 | |
| 29 | // Connect to our MySQL DB |
| 30 | $db = new PDO($dbdata['dsn'], $dbdata['username'], $dbdata['password']); |
| 31 | // Instantiate auth utils. |
| 32 | $utils = new AuthUtils($settings, $db); |
| 33 | |
| 34 | // This is an array of locale tags in browser style mapping to unix system locale codes to use with gettext. |
| 35 | $supported_locales = array( |
| 36 | 'en-US' => 'en_US', |
| 37 | 'de' => 'de_DE', |
| 38 | ); |
| 39 | |
| 40 | $textdomain = 'kairo_auth'; |
| 41 | $textlocale = $utils->negotiateLocale(array_keys($supported_locales)); |
| 42 | putenv('LC_ALL='.$supported_locales[$textlocale]); |
| 43 | $selectedlocale = setlocale(LC_ALL, $supported_locales[$textlocale]); |
| 44 | bindtextdomain($textdomain, '../locale'); |
| 45 | bind_textdomain_codeset($textdomain, 'utf-8'); |
| 46 | textdomain($textdomain); |
| 47 | |
| 48 | // Sanitize settings. |
| 49 | $settings['piwik_enabled'] = (@$settings['piwik_enabled']) ? true : false; |
| 50 | $settings['piwik_site_id'] = intval(@$settings['piwik_site_id']); |
| 51 | $settings['piwik_url'] = strlen(@$settings['piwik_url']) ? $settings['piwik_url'] : '/piwik/'; |
| 52 | $settings['piwik_tracker_path'] = strlen(@$settings['piwik_tracker_path']) ? $settings['piwik_tracker_path'] : '../vendor/piwik/piwik-php-tracker/'; |
| 53 | |
| 54 | /* Creating the DB tables: |
| 55 | CREATE TABLE `auth_sessions` ( |
| 56 | `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| 57 | `sesskey` VARCHAR(150) NOT NULL DEFAULT '' , |
| 58 | `user` MEDIUMINT UNSIGNED NULL DEFAULT NULL , |
| 59 | `logged_in` BOOLEAN NOT NULL DEFAULT FALSE , |
| 60 | `time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| 61 | `time_expire` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| 62 | `saved_redirect` VARCHAR(255) NOT NULL DEFAULT '' , |
| 63 | PRIMARY KEY (`id`), |
| 64 | INDEX (`sesskey`), |
| 65 | INDEX (`time_expire`) |
| 66 | ); |
| 67 | CREATE TABLE `auth_users` ( |
| 68 | `id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| 69 | `email` VARCHAR(255) NOT NULL , |
| 70 | `pwdhash` VARCHAR(255) NOT NULL , |
| 71 | `status` ENUM('unverified','ok') NOT NULL DEFAULT 'unverified' , |
| 72 | `verify_hash` VARCHAR(150) NULL DEFAULT NULL , |
| 73 | `group_id` MEDIUMINT UNSIGNED DEFAULT '0' , |
| 74 | PRIMARY KEY (`id`), |
| 75 | UNIQUE (`email`) |
| 76 | ); |
| 77 | CREATE TABLE `auth_log` ( |
| 78 | `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| 79 | `code` VARCHAR(100) NOT NULL , |
| 80 | `info` TEXT NULL DEFAULT NULL , |
| 81 | `ip_addr` VARCHAR(50) NULL DEFAULT NULL , |
| 82 | `time_logged` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| 83 | PRIMARY KEY (`id`), |
| 84 | INDEX (`time_logged`) |
| 85 | ); |
| 86 | */ |
| 87 | |
| 88 | // include our OAuth2 Server object |
| 89 | require_once(__DIR__.'/server.inc.php'); |
| 90 | ?> |