X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=authutils.php-class;h=4d5680a5264b4402bd80ffce5e9bcd37aa6b352a;hp=555721e4a91f74ef9f07d8606b7c8c7efcb66c28;hb=409b55f4dbb4267e83e8ae2fda56f243ab8be250;hpb=77f0f9ff1f1c54aef1e7370144df302d83118f70

diff --git a/authutils.php-class b/authutils.php-class
index 555721e..4d5680a 100755
--- a/authutils.php-class
+++ b/authutils.php-class
@@ -31,6 +31,12 @@ class AuthUtils {
   // function checkForSecureConnection()
   //   Check is the connection is secure and return an array of error messages (empty if it's secure).
   //
+  // function initSession()
+  //   Initialize a session. Returns an associative array of all the DB fields of the session.
+  //
+  // function getDomainBaseURL()
+  //   Get the base URL of the current domain, e.g. 'https://example.com'.
+  //
   // function checkPasswordConstraints($new_password, $user_email)
   //   Check password constraints and return an array of error messages (empty if all constraints are met).
   //
@@ -57,10 +63,14 @@ class AuthUtils {
   //
   // function pwdNeedsRehash($user)
   //   Return true if the pwdhash field of the user uses an outdated standard and needs to be rehashed.
+  //
+  // function appendLoginForm($dom_element, $session, $user)
+  //   append a login form for the given session to the given DOM element, possibly prefilling the email from the given user info array.
 
   function __construct($settings, $db) {
     // *** constructor ***
     $this->db = $db;
+    $this->db->exec("SET time_zone='+00:00';"); // Execute directly on PDO object, set session to UTC to make our gmdate() values match correctly.
     $this->running_on_localhost = preg_match('/^((.+\.)?localhost|127\.0\.0\.\d+)$/', $_SERVER['SERVER_NAME']);
     if (array_key_exists('pwd_cost', $settings)) {
       $this->pwd_cost = $settings['pwd_cost'];
@@ -90,6 +100,41 @@ class AuthUtils {
     return $errors;
   }
 
+  function initSession() {
+    $session = null;
+    if (strlen(@$_COOKIE['sessionkey'])) {
+      // Fetch the session - or at least try to.
+      $result = $this->db->prepare('SELECT * FROM `auth_sessions` WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
+      $result->execute(array(':sesskey' => $_COOKIE['sessionkey'], ':expire' => gmdate('Y-m-d H:i:s')));
+      $row = $result->fetch(PDO::FETCH_ASSOC);
+      if ($row) {
+        $session = $row;
+      }
+    }
+    if (is_null($session)) {
+      // Create new session and set cookie.
+      $sesskey = $this->createSessionKey();
+      setcookie('sessionkey', $sesskey, 0, "", "", !$this->running_on_localhost, true); // Last two params are secure and httponly, secure is not set on localhost.
+      $result = $this->db->prepare('INSERT INTO `auth_sessions` (`sesskey`, `time_expire`) VALUES (:sesskey, :expire);');
+      $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s', strtotime('+5 minutes'))));
+      // After insert, actually fetch the session row from the DB so we have all values.
+      $result = $this->db->prepare('SELECT * FROM auth_sessions WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
+      $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s')));
+      $row = $result->fetch(PDO::FETCH_ASSOC);
+      if ($row) {
+        $session = $row;
+      }
+      else {
+        $this->log('session_create_failure', 'key: '.$sesskey);
+      }
+    }
+    return $session;
+  }
+
+  function getDomainBaseURL() {
+    return ($this->running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'];
+  }
+
   function checkPasswordConstraints($new_password, $user_email) {
     $errors = array();
     if ($new_password != trim($new_password)) {
@@ -175,5 +220,36 @@ class AuthUtils {
       return true;
     }
   }
+
+  function appendLoginForm($dom_element, $session, $user) {
+    $form = $dom_element->appendForm('./', 'POST', 'loginform');
+    $form->setAttribute('id', 'loginform');
+    $form->setAttribute('class', 'loginarea hidden');
+    $ulist = $form->appendElement('ul');
+    $ulist->setAttribute('class', 'flat login');
+    $litem = $ulist->appendElement('li');
+    $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval(@$user['id'])?$user['email']:''));
+    $inptxt->setAttribute('autocomplete', 'email');
+    $inptxt->setAttribute('required', '');
+    $inptxt->setAttribute('placeholder', _('Email'));
+    $inptxt->setAttribute('class', 'login');
+    $litem = $ulist->appendElement('li');
+    $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
+    $inptxt->setAttribute('required', '');
+    $inptxt->setAttribute('placeholder', _('Password'));
+    $inptxt->setAttribute('class', 'login');
+    $litem = $ulist->appendElement('li');
+    $litem->appendLink('./?reset', _('Forgot password?'));
+    $litem = $ulist->appendElement('li');
+    $cbox = $litem->appendInputCheckbox('remember', 'login_remember', 'true', false);
+    $cbox->setAttribute('class', 'logincheck');
+    $label = $litem->appendLabel('login_remember', _('Remember me'));
+    $label->setAttribute('id', 'rememprompt');
+    $label->setAttribute('class', 'loginprompt');
+    $litem = $ulist->appendElement('li');
+    $litem->appendInputHidden('tcode', $this->createTimeCode($session));
+    $submit = $litem->appendInputSubmit(_('Log in / Register'));
+    $submit->setAttribute('class', 'loginbutton');
+  }
 }
 ?>