2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
7 Some resources for how to store passwords:
8 - https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/
9 - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
10 oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook
13 // error reporting (for testing)
14 ini_set('display_errors', 1); error_reporting(E_ALL);
17 $dbdata = json_decode(file_get_contents('/etc/kairo/auth_db.json'), true);
18 if (!is_array($dbdata)) { trigger_error('DB configuration not found', E_USER_ERROR); }
19 $settings = json_decode(file_get_contents('/etc/kairo/auth_settings.json'), true);
20 if (!is_array($settings)) { trigger_error('Auth settings not found', E_USER_ERROR); }
21 $settings['dbdata'] = $dbdata;
23 // Extended DOM document class
24 require_once(__DIR__.'/../php-utility-classes/classes/document.php-class');
25 // Class for sending emails
26 require_once(__DIR__.'/../php-utility-classes/classes/email.php-class');
27 // Composer-provided libraries (oauth2-server-php, doctrine DBAL)
28 require_once(__DIR__.'/../vendor/autoload.php');
29 // Authentication utilities
30 require_once(__DIR__.'/authutils.php-class');
31 // Instantiate server utils.
33 $utils = new AuthUtils($settings);
36 catch (Exception $e) {
43 $settings['piwik_enabled'] = (@$settings['piwik_enabled']) ? true : false;
44 $settings['piwik_site_id'] = intval(@$settings['piwik_site_id']);
45 $settings['piwik_url'] = strlen(@$settings['piwik_url']) ? $settings['piwik_url'] : '/piwik/';
46 $settings['piwik_tracker_path'] = strlen(@$settings['piwik_tracker_path']) ? $settings['piwik_tracker_path'] : '../vendor/piwik/piwik-php-tracker/';
48 /* Creating the DB tables:
49 CREATE TABLE `auth_sessions` (
50 `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
51 `sesskey` VARCHAR(150) NOT NULL DEFAULT '' ,
52 `user` MEDIUMINT UNSIGNED NULL DEFAULT NULL ,
53 `logged_in` BOOLEAN NOT NULL DEFAULT FALSE ,
54 `time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
55 `time_expire` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
56 `saved_redirect` VARCHAR(255) NOT NULL DEFAULT '' ,
61 CREATE TABLE `auth_users` (
62 `id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT ,
63 `email` VARCHAR(255) NOT NULL ,
64 `pwdhash` VARCHAR(255) NOT NULL ,
65 `status` ENUM('unverified','ok') NOT NULL DEFAULT 'unverified' ,
66 `verify_hash` VARCHAR(150) NULL DEFAULT NULL ,
67 `group_id` MEDIUMINT UNSIGNED DEFAULT '0' ,
71 CREATE TABLE `auth_log` (
72 `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
73 `code` VARCHAR(100) NOT NULL ,
74 `info` TEXT NULL DEFAULT NULL ,
75 `ip_addr` VARCHAR(50) NULL DEFAULT NULL ,
76 `time_logged` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
82 // Set up our OAuth2 Server object
83 $server = $utils->getOAuthServer();