2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
7 Some resources for how to store passwords:
8 - https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/
9 - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
10 oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook
13 // error reporting (for testing)
14 ini_set('display_errors', 1); error_reporting(E_ALL);
17 $dbdata = json_decode(file_get_contents('/etc/kairo/auth_db.json'), true);
18 if (!is_array($dbdata)) { trigger_error('DB configuration not found', E_USER_ERROR); }
19 $settings = json_decode(file_get_contents('/etc/kairo/auth_settings.json'), true);
20 if (!is_array($settings)) { trigger_error('Auth settings not found', E_USER_ERROR); }
22 // Extended DOM document class
23 require_once('../kairo-utils/document.php-class');
24 // Class for sending emails
25 require_once('../kairo-utils/email.php-class');
26 // Class for sending emails
27 require_once(__DIR__.'/authutils.php-class');
29 // Connect to our MySQL DB
30 $db = new PDO($dbdata['dsn'], $dbdata['username'], $dbdata['password']);
31 // Instantiate auth utils.
32 $utils = new AuthUtils($settings, $db);
34 $textdomain = 'kairo_auth';
35 $textlocale = $utils->negotiateLocale(array('en', 'de'));
36 putenv('LC_ALL='.$textlocale);
37 bindtextdomain($textdomain, '../locale');
38 bind_textdomain_codeset($textdomain, 'utf-8');
39 textdomain($textdomain);
41 /* Creating the DB tables:
42 CREATE TABLE `auth_sessions` (
43 `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
44 `sesskey` VARCHAR(150) NOT NULL DEFAULT '' ,
45 `user` MEDIUMINT UNSIGNED NULL DEFAULT NULL ,
46 `logged_in` BOOLEAN NOT NULL DEFAULT FALSE ,
47 `time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
48 `time_expire` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
49 `saved_redirect` VARCHAR(255) NOT NULL DEFAULT '' ,
54 CREATE TABLE `auth_users` (
55 `id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT ,
56 `email` VARCHAR(255) NOT NULL ,
57 `pwdhash` VARCHAR(255) NOT NULL ,
58 `status` ENUM('unverified','ok') NOT NULL DEFAULT 'unverified' ,
59 `verify_hash` VARCHAR(150) NULL DEFAULT NULL ,
60 `group_id` MEDIUMINT UNSIGNED DEFAULT '0' ,
64 CREATE TABLE `auth_log` (
65 `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
66 `code` VARCHAR(100) NOT NULL ,
67 `info` TEXT NULL DEFAULT NULL ,
68 `ip_addr` VARCHAR(50) NULL DEFAULT NULL ,
69 `time_logged` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
75 // include our OAuth2 Server object
76 require_once(__DIR__.'/server.inc.php');