[authserver.git] / app / authsystem.inc.php

<?php
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
  Some resources for how to store passwords:
  - https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/
  - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
  oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook
*/

// error reporting (for testing)
ini_set('display_errors', 1); error_reporting(E_ALL);

// Read DB settings
$dbdata = json_decode(file_get_contents('/etc/kairo/auth_db.json'), true);
if (!is_array($dbdata)) { trigger_error('DB configuration not found', E_USER_ERROR); }
$settings = json_decode(file_get_contents('/etc/kairo/auth_settings.json'), true);
if (!is_array($settings)) { trigger_error('Auth settings not found', E_USER_ERROR); }

// Extended DOM document class
require_once(__DIR__.'/../php-utility-classes/classes/document.php-class');
// Class for sending emails
require_once(__DIR__.'/../php-utility-classes/classes/email.php-class');
// Composer-provided libraries (oauth2-server-php, doctrine DBAL)
require_once(__DIR__.'/../vendor/autoload.php');
// Connect to our MySQL DB
$db = new PDO($dbdata['dsn'], $dbdata['username'], $dbdata['password']);
// Authentication utilities
require_once(__DIR__.'/authutils.php-class');
// Instantiate server utils.
try {
  $utils = new AuthUtils($settings, $db);
}
catch (Exception $e) {
  $utils = null;
}

// This is an array of locale tags in browser style mapping to unix system locale codes to use with gettext.
$supported_locales = array(
    'en-US' => 'en_US',
    'de' => 'de_DE',
);

$textdomain = 'kairo_auth';
$textlocale = $utils->negotiateLocale(array_keys($supported_locales));
putenv('LC_ALL='.$supported_locales[$textlocale]);
$selectedlocale = setlocale(LC_ALL, $supported_locales[$textlocale]);
bindtextdomain($textdomain, '../locale');
bind_textdomain_codeset($textdomain, 'utf-8');
textdomain($textdomain);

// Sanitize settings.
$settings['piwik_enabled'] = (@$settings['piwik_enabled']) ? true : false;
$settings['piwik_site_id'] = intval(@$settings['piwik_site_id']);
$settings['piwik_url'] = strlen(@$settings['piwik_url']) ? $settings['piwik_url'] : '/piwik/';
$settings['piwik_tracker_path'] = strlen(@$settings['piwik_tracker_path']) ? $settings['piwik_tracker_path'] : '../vendor/piwik/piwik-php-tracker/';

/* Creating the DB tables:
CREATE TABLE `auth_sessions` (
 `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
 `sesskey` VARCHAR(150) NOT NULL DEFAULT '' ,
 `user` MEDIUMINT UNSIGNED NULL DEFAULT NULL ,
 `logged_in` BOOLEAN NOT NULL DEFAULT FALSE ,
 `time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
 `time_expire` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
 `saved_redirect` VARCHAR(255) NOT NULL DEFAULT '' ,
 PRIMARY KEY (`id`),
 INDEX (`sesskey`),
 INDEX (`time_expire`)
);
CREATE TABLE `auth_users` (
 `id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT ,
 `email` VARCHAR(255) NOT NULL ,
 `pwdhash` VARCHAR(255) NOT NULL ,
 `status` ENUM('unverified','ok') NOT NULL DEFAULT 'unverified' ,
 `verify_hash` VARCHAR(150) NULL DEFAULT NULL ,
 `group_id` MEDIUMINT UNSIGNED DEFAULT '0' ,
 PRIMARY KEY (`id`),
 UNIQUE (`email`)
);
CREATE TABLE `auth_log` (
 `id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
 `code` VARCHAR(100) NOT NULL ,
 `info` TEXT NULL DEFAULT NULL ,
 `ip_addr` VARCHAR(50) NULL DEFAULT NULL ,
 `time_logged` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
 PRIMARY KEY (`id`),
 INDEX (`time_logged`)
);
*/

// include our OAuth2 Server object
require_once(__DIR__.'/server.inc.php');
?>
Commit	Line	Data
	1	<?php
	2	/* This Source Code Form is subject to the terms of the Mozilla Public
	3	* License, v. 2.0. If a copy of the MPL was not distributed with this file,
	4	* You can obtain one at http://mozilla.org/MPL/2.0/. */
	5
	6	/*
	7	Some resources for how to store passwords:
	8	- https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/
	9	- https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
	10	oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook
	11	*/
	12
	13	// error reporting (for testing)
	14	ini_set('display_errors', 1); error_reporting(E_ALL);
	15
	16	// Read DB settings
	17	$dbdata = json_decode(file_get_contents('/etc/kairo/auth_db.json'), true);
	18	if (!is_array($dbdata)) { trigger_error('DB configuration not found', E_USER_ERROR); }
	19	$settings = json_decode(file_get_contents('/etc/kairo/auth_settings.json'), true);
	20	if (!is_array($settings)) { trigger_error('Auth settings not found', E_USER_ERROR); }
	21
	22	// Extended DOM document class
	23	require_once(__DIR__.'/../php-utility-classes/classes/document.php-class');
	24	// Class for sending emails
	25	require_once(__DIR__.'/../php-utility-classes/classes/email.php-class');
	26	// Composer-provided libraries (oauth2-server-php, doctrine DBAL)
	27	require_once(__DIR__.'/../vendor/autoload.php');
	28	// Connect to our MySQL DB
	29	$db = new PDO($dbdata['dsn'], $dbdata['username'], $dbdata['password']);
	30	// Authentication utilities
	31	require_once(__DIR__.'/authutils.php-class');
	32	// Instantiate server utils.
	33	try {
	34	$utils = new AuthUtils($settings, $db);
	35	}
	36	catch (Exception $e) {
	37	$utils = null;
	38	}
	39
	40	// This is an array of locale tags in browser style mapping to unix system locale codes to use with gettext.
	41	$supported_locales = array(
	42	'en-US' => 'en_US',
	43	'de' => 'de_DE',
	44	);
	45
	46	$textdomain = 'kairo_auth';
	47	$textlocale = $utils->negotiateLocale(array_keys($supported_locales));
	48	putenv('LC_ALL='.$supported_locales[$textlocale]);
	49	$selectedlocale = setlocale(LC_ALL, $supported_locales[$textlocale]);
	50	bindtextdomain($textdomain, '../locale');
	51	bind_textdomain_codeset($textdomain, 'utf-8');
	52	textdomain($textdomain);
	53
	54	// Sanitize settings.
	55	$settings['piwik_enabled'] = (@$settings['piwik_enabled']) ? true : false;
	56	$settings['piwik_site_id'] = intval(@$settings['piwik_site_id']);
	57	$settings['piwik_url'] = strlen(@$settings['piwik_url']) ? $settings['piwik_url'] : '/piwik/';
	58	$settings['piwik_tracker_path'] = strlen(@$settings['piwik_tracker_path']) ? $settings['piwik_tracker_path'] : '../vendor/piwik/piwik-php-tracker/';
	59
	60	/* Creating the DB tables:
	61	CREATE TABLE `auth_sessions` (
	62	`id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
	63	`sesskey` VARCHAR(150) NOT NULL DEFAULT '' ,
	64	`user` MEDIUMINT UNSIGNED NULL DEFAULT NULL ,
	65	`logged_in` BOOLEAN NOT NULL DEFAULT FALSE ,
	66	`time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
	67	`time_expire` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
	68	`saved_redirect` VARCHAR(255) NOT NULL DEFAULT '' ,
	69	PRIMARY KEY (`id`),
	70	INDEX (`sesskey`),
	71	INDEX (`time_expire`)
	72	);
	73	CREATE TABLE `auth_users` (
	74	`id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT ,
	75	`email` VARCHAR(255) NOT NULL ,
	76	`pwdhash` VARCHAR(255) NOT NULL ,
	77	`status` ENUM('unverified','ok') NOT NULL DEFAULT 'unverified' ,
	78	`verify_hash` VARCHAR(150) NULL DEFAULT NULL ,
	79	`group_id` MEDIUMINT UNSIGNED DEFAULT '0' ,
	80	PRIMARY KEY (`id`),
	81	UNIQUE (`email`)
	82	);
	83	CREATE TABLE `auth_log` (
	84	`id` BIGINT UNSIGNED NOT NULL AUTO_INCREMENT ,
	85	`code` VARCHAR(100) NOT NULL ,
	86	`info` TEXT NULL DEFAULT NULL ,
	87	`ip_addr` VARCHAR(50) NULL DEFAULT NULL ,
	88	`time_logged` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
	89	PRIMARY KEY (`id`),
	90	INDEX (`time_logged`)
	91	);
	92	*/
	93
	94	// include our OAuth2 Server object
	95	require_once(__DIR__.'/server.inc.php');
	96	?>