| | 1 | <?php |
| | 2 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| | 3 | * License, v. 2.0. If a copy of the MPL was not distributed with this file, |
| | 4 | * You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| | 5 | |
| | 6 | /* |
| | 7 | Some resources for how to store passwords: |
| | 8 | - https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/ |
| | 9 | - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines |
| | 10 | oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook |
| | 11 | */ |
| | 12 | |
| | 13 | // error reporting (for testing) |
| | 14 | ini_set('display_errors', 1); error_reporting(E_ALL); |
| | 15 | |
| | 16 | // Read DB settings |
| | 17 | $dbdata = json_decode(file_get_contents('/etc/kairo/auth_db.json'), true); |
| | 18 | if (!is_array($dbdata)) { trigger_error('DB configuration not found', E_USER_ERROR); } |
| | 19 | $settings = json_decode(file_get_contents('/etc/kairo/auth_settings.json'), true); |
| | 20 | if (!is_array($settings)) { trigger_error('Auth settings not found', E_USER_ERROR); } |
| | 21 | $settings['dbdata'] = $dbdata; |
| | 22 | |
| | 23 | // Extended DOM document class |
| | 24 | require_once(__DIR__.'/../php-utility-classes/classes/document.php-class'); |
| | 25 | // Class for sending emails |
| | 26 | require_once(__DIR__.'/../php-utility-classes/classes/email.php-class'); |
| | 27 | // Composer-provided libraries (oauth2-server-php, doctrine DBAL) |
| | 28 | require_once(__DIR__.'/../vendor/autoload.php'); |
| | 29 | // Authentication utilities |
| | 30 | require_once(__DIR__.'/authutils.php-class'); |
| | 31 | // Instantiate server utils. |
| | 32 | try { |
| | 33 | $utils = new AuthUtils($settings); |
| | 34 | $db = $utils->db; |
| | 35 | } |
| | 36 | catch (Exception $e) { |
| | 37 | $utils = null; |
| | 38 | } |
| | 39 | |
| | 40 | $utils->setUpL10n(); |
| | 41 | |
| | 42 | // Sanitize settings. |
| | 43 | $settings['piwik_enabled'] = (@$settings['piwik_enabled']) ? true : false; |
| | 44 | $settings['piwik_site_id'] = intval(@$settings['piwik_site_id']); |
| | 45 | $settings['piwik_url'] = strlen(@$settings['piwik_url']) ? $settings['piwik_url'] : '/piwik/'; |
| | 46 | $settings['piwik_tracker_path'] = strlen(@$settings['piwik_tracker_path']) ? $settings['piwik_tracker_path'] : '../vendor/piwik/piwik-php-tracker/'; |
| | 47 | |
| | 48 | /* Creating the DB tables: |
| | 49 | CREATE TABLE `auth_sessions` ( |
| | 50 | `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| | 51 | `sesskey` VARCHAR(150) NOT NULL DEFAULT '' , |
| | 52 | `user` MEDIUMINT UNSIGNED NULL DEFAULT NULL , |
| | 53 | `logged_in` BOOLEAN NOT NULL DEFAULT FALSE , |
| | 54 | `time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| | 55 | `time_expire` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| | 56 | `saved_redirect` VARCHAR(255) NOT NULL DEFAULT '' , |
| | 57 | PRIMARY KEY (`id`), |
| | 58 | INDEX (`sesskey`), |
| | 59 | INDEX (`time_expire`) |
| | 60 | ); |
| | 61 | CREATE TABLE `auth_users` ( |
| | 62 | `id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| | 63 | `email` VARCHAR(255) NOT NULL , |
| | 64 | `pwdhash` VARCHAR(255) NOT NULL , |
| | 65 | `status` ENUM('unverified','ok') NOT NULL DEFAULT 'unverified' , |
| | 66 | `verify_hash` VARCHAR(150) NULL DEFAULT NULL , |
| | 67 | `group_id` MEDIUMINT UNSIGNED DEFAULT '0' , |
| | 68 | PRIMARY KEY (`id`), |
| | 69 | UNIQUE (`email`) |
| | 70 | ); |
| | 71 | CREATE TABLE `auth_log` ( |
| | 72 | `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT , |
| | 73 | `code` VARCHAR(100) NOT NULL , |
| | 74 | `info` TEXT NULL DEFAULT NULL , |
| | 75 | `ip_addr` VARCHAR(50) NULL DEFAULT NULL , |
| | 76 | `time_logged` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , |
| | 77 | PRIMARY KEY (`id`), |
| | 78 | INDEX (`time_logged`) |
| | 79 | ); |
| | 80 | */ |
| | 81 | |
| | 82 | // Set up our OAuth2 Server object |
| | 83 | $server = $utils->getOAuthServer(); |
| | 84 | ?> |
projects / authserver.git / blame_incremental