| 1 | <?php |
| 2 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| 3 | * License, v. 2.0. If a copy of the MPL was not distributed with this file, |
| 4 | * You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 5 | |
| 6 | /* |
| 7 | Some resources for how to store passwords: |
| 8 | - https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/ |
| 9 | - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines |
| 10 | oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook |
| 11 | */ |
| 12 | |
| 13 | // error reporting (for testing) |
| 14 | ini_set('display_errors', 1); error_reporting(E_ALL); |
| 15 | |
| 16 | // Read DB settings |
| 17 | $dbdata = json_decode(file_get_contents('/etc/kairo/auth_db.json'), true); |
| 18 | if (!is_array($dbdata)) { trigger_error('DB configuration not found', E_USER_ERROR); } |
| 19 | $settings = json_decode(file_get_contents('/etc/kairo/auth_settings.json'), true); |
| 20 | if (!is_array($settings)) { trigger_error('Auth settings not found', E_USER_ERROR); } |
| 21 | |
| 22 | // Extended DOM document class |
| 23 | require_once('../kairo/include/cbsm/util/document.php-class'); |
| 24 | // Class for sending emails |
| 25 | require_once('../kairo/include/classes/email.php-class'); |
| 26 | // Class for sending emails |
| 27 | require_once(__DIR__.'/authutils.php-class'); |
| 28 | |
| 29 | bindtextdomain('kairo_auth', 'en'); // XXX: Should negotiate locale. |
| 30 | bind_textdomain_codeset('kairo_auth', 'utf-8'); |
| 31 | |
| 32 | // Connect to our MySQL DB |
| 33 | $db = new PDO($dbdata['dsn'], $dbdata['username'], $dbdata['password']); |
| 34 | // Instantiate auth utils. |
| 35 | $utils = new AuthUtils($settings, $db); |
| 36 | |
| 37 | /* Creating the DB tables: |
| 38 | CREATE TABLE `auth_sessions` ( |
| 39 | `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| 40 | `sesskey` VARCHAR(150) NOT NULL DEFAULT '' , |
| 41 | `user` MEDIUMINT UNSIGNED NULL DEFAULT NULL , |
| 42 | `logged_in` BOOLEAN NOT NULL DEFAULT FALSE , |
| 43 | `time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| 44 | `time_expire` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| 45 | `saved_redirect` VARCHAR(255) NOT NULL DEFAULT '' , |
| 46 | PRIMARY KEY (`id`), |
| 47 | INDEX (`sesskey`), |
| 48 | INDEX (`time_expire`) |
| 49 | ); |
| 50 | CREATE TABLE `auth_users` ( |
| 51 | `id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| 52 | `email` VARCHAR(255) NOT NULL , |
| 53 | `pwdhash` VARCHAR(255) NOT NULL , |
| 54 | `status` ENUM('unverified','ok') NOT NULL DEFAULT 'unverified' , |
| 55 | `verify_hash` VARCHAR(150) NULL DEFAULT NULL , |
| 56 | `group_id` MEDIUMINT UNSIGNED DEFAULT '0' , |
| 57 | PRIMARY KEY (`id`), |
| 58 | UNIQUE (`email`) |
| 59 | ); |
| 60 | CREATE TABLE `auth_log` ( |
| 61 | `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| 62 | `code` VARCHAR(100) NOT NULL , |
| 63 | `info` TEXT NULL DEFAULT NULL , |
| 64 | `ip_addr` VARCHAR(50) NULL DEFAULT NULL , |
| 65 | `time_logged` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| 66 | PRIMARY KEY (`id`), |
| 67 | INDEX (`time_logged`) |
| 68 | ); |
| 69 | */ |
| 70 | |
| 71 | // include our OAuth2 Server object |
| 72 | require_once(__DIR__.'/server.inc.php'); |
| 73 | ?> |