X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=authorize.php;fp=authorize.php;h=0000000000000000000000000000000000000000;hp=f06d8353dcdecc7617868581efb95933a3e6247e;hb=04116cc5dabb951023fb511fda0dc36956d6a84a;hpb=c4e0aceb5d9e9076effd75de03f4588b65329740 diff --git a/authorize.php b/authorize.php deleted file mode 100644 index f06d835..0000000 --- a/authorize.php +++ /dev/null @@ -1,165 +0,0 @@ -formatOutput = true; // we want a nice output -$style = $head->appendElement('link'); -$style->setAttribute('rel', 'stylesheet'); -$style->setAttribute('href', 'authsystem.css'); -$head->appendJSFile('authsystem.js'); -$title->appendText('Authorization Request | KaiRo.at'); -$h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server'); - -$errors = $utils->checkForSecureConnection(); -$utils->sendSecurityHeaders(); - -$para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.')); -$para->setAttribute('id', 'jswarning'); -$para->setAttribute('class', 'warn'); - -if (!count($errors)) { - $session = $utils->initSession(); // Read session or create new session and set cookie. - if ($session['logged_in'] && (@$_GET['logout'] == 1)) { - $result = $db->prepare('UPDATE `auth_sessions` SET `logged_in` = FALSE WHERE `id` = :sessid;'); - if (!$result->execute(array(':sessid' => $session['id']))) { - $utils->log('logout_failure', 'session: '.$session['id']); - $errors[] = _('Unexpected error while logging out.'); - } - $session['logged_in'] = 0; - } - if (intval($session['user'])) { - $result = $db->prepare('SELECT `id`,`email`,`verify_hash`,`group_id` FROM `auth_users` WHERE `id` = :userid;'); - $result->execute(array(':userid' => $session['user'])); - $user = $result->fetch(PDO::FETCH_ASSOC); - if (!$user['id']) { - $utils->log('user_read_failure', 'user: '.$session['user']); - } - } - else { - $user = array('id' => 0, 'email' => ''); - } - if (is_null($session)) { - $errors[] = _('The session system is not working. Please contact KaiRo.at and tell the team about this.'); - } - elseif ($session['logged_in']) { - // We are logged in, process authorization request. - $request = OAuth2\Request::createFromGlobals(); - $response = new OAuth2\Response(); - - // Validate the authorize request. - if (!$server->validateAuthorizeRequest($request, $response)) { - $response->send(); - exit(); - } - - if (empty($_POST) && (@$request->query['scope'] != 'email')) { - // Display an authorization form (unless the scope is email, which we handle as a login request below). - $para = $body->appendElement('p', sprintf(_('Hi %s!'), $user['email'])); - $para->setAttribute('class', 'userwelcome'); - - $form = $body->appendForm('', 'POST', 'authform'); - $form->setAttribute('id', 'authform'); - $domain_name = parse_url($request->query['redirect_uri'], PHP_URL_HOST); - if (!strlen($domain_name)) { $domain_name = $request->query['client_id']; } - $form->appendElement('p', sprintf(_('Do you authorize %s to access %s?'), $domain_name, $request->query['scope'])); - $submit = $form->appendInputSubmit(_('yes')); - $submit->setAttribute('name', 'authorized'); - $form->appendText(' '); - $submit = $form->appendInputSubmit(_('no')); - $submit->setAttribute('name', 'authorized'); - } - elseif (empty($_POST) && (@$request->query['scope'] == 'email')) { - // Display an interstitial page for a login when we have email scope (verified email for logging in). - $domain_name = parse_url($request->query['redirect_uri'], PHP_URL_HOST); - if (!strlen($domain_name)) { $domain_name = $request->query['client_id']; } - $para = $body->appendElement('p', sprintf(_('Sign in to %s using…'), $domain_name)); - $para->setAttribute('class', 'signinwelcome'); - $form = $body->appendForm('', 'POST', 'loginauthform'); - $form->setAttribute('id', 'loginauthform'); - $form->setAttribute('class', 'loginarea'); - $ulist = $form->appendElement('ul'); - $ulist->setAttribute('class', 'flat emaillist'); - $emails = $utils->getGroupedEmails($user['group_id']); - if (!count($emails)) { $emails = array($user['email']); } - foreach ($emails as $email) { - $litem = $ulist->appendElement('li'); - $litem->appendInputRadio('user_email', 'uemail_'.md5($email), $email, $email == $user['email']); - $litem->appendLabel('uemail_'.md5($email), $email); - } - $para = $form->appendElement('p'); - $para->setAttribute('class', 'small otheremaillinks'); - $link = $para->appendLink('#', _('Add another email address')); - $link->setAttribute('id', 'addanotheremail'); // Makes the JS put the right functionality onto the link. - $para->appendText(' '); - $link = $para->appendLink('#', _('This is not me')); - $link->setAttribute('id', 'isnotme'); // Makes the JS put the right functionality onto the link. - $authinput = $form->appendInputHidden('authorized', 'yes'); - $authinput->setAttribute('id', 'isauthorized'); - $submit = $form->appendInputSubmit(_('Sign in')); - $para = $form->appendElement('p'); - $para->setAttribute('class', 'small'); - $link = $para->appendLink('#', _('Cancel')); - $link->setAttribute('id', 'cancelauth'); // Makes the JS put the right functionality onto the link. - $utils->setRedirect($session, $_SERVER['REQUEST_URI']); - } - else { - // Switch to different user if we selected a different email within the group. - if (strlen(@$_POST['user_email']) && ($_POST['user_email'] != $user['email'])) { - $result = $db->prepare('SELECT `id`, `pwdhash`, `email`, `status`, `verify_hash`,`group_id` FROM `auth_users` WHERE `group_id` = :groupid AND `email` = :email;'); - $result->execute(array(':groupid' => $user['group_id'], ':email' => $_POST['user_email'])); - $newuser = $result->fetch(PDO::FETCH_ASSOC); - if ($newuser) { - $user = $newuser; - $session = $utils->getLoginSession($user['id'], $session); - } - } - // Handle authorize request, forwarding code in GET parameters if the user has authorized your client. - $is_authorized = (@$_POST['authorized'] === 'yes'); - $server->handleAuthorizeRequest($request, $response, $is_authorized, $user['id']); - /* For testing only - if ($is_authorized) { - // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client - $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40); - exit("SUCCESS! Authorization Code: $code"); - } - */ - $utils->resetRedirect($session); - $response->send(); - exit(); - } - } - else { - // Display login/register form. - $para = $body->appendElement('p', _('You need to log in or register to continue.')); - $para->setAttribute('class', 'logininfo'); - $utils->appendLoginForm($body, $session, $user); - $utils->setRedirect($session, str_replace('&logout=1', '', $_SERVER['REQUEST_URI'])); // Make sure to strip a logout to not get into a loop. - } -} - -if (count($errors)) { - $body->appendElement('p', ((count($errors) <= 1) - ?_('The following error was detected') - :_('The following errors were detected')).':'); - $list = $body->appendElement('ul'); - $list->setAttribute('class', 'flat warn'); - foreach ($errors as $msg) { - $item = $list->appendElement('li', $msg); - } - $body->appendButton(_('Back'), 'history.back();'); -} - -// Send HTML to client. -print($document->saveHTML()); -?>