68 lines
2.6 KiB
PHP
68 lines
2.6 KiB
PHP
<?php
|
|
/*
|
|
* Copyright 2016 Lukas Metzger <developer@lukas-metzger.com>.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
require_once '../config/config-default.php';
|
|
require_once '../lib/database.php';
|
|
$input = json_decode(file_get_contents('php://input'));
|
|
if ($config['auth_type'] == 'db') {
|
|
$stmt = $db->prepare('SELECT id,password,type FROM users WHERE name=:name LIMIT 1');
|
|
$stmt->bindValue(':name', $input->user, PDO::PARAM_STR);
|
|
$stmt->execute();
|
|
$stmt->bindColumn('id', $id);
|
|
$stmt->bindColumn('password', $password);
|
|
$stmt->bindColumn('type', $type);
|
|
$stmt->fetch(PDO::FETCH_BOUND);
|
|
if (password_verify($input->password, $password)) {
|
|
$retval['status'] = 'success';
|
|
session_start();
|
|
$_SESSION['id'] = $id;
|
|
$_SESSION['type'] = $type;
|
|
$randomSecret = base64_encode(openssl_random_pseudo_bytes(32));
|
|
$_SESSION['secret'] = $randomSecret;
|
|
setcookie('authSecret', $randomSecret, 0, '/', '', false, true);
|
|
$csrfToken = base64_encode(openssl_random_pseudo_bytes(32));
|
|
$_SESSION['csrfToken'] = $csrfToken;
|
|
} else {
|
|
$retval['status'] = 'fail';
|
|
}
|
|
} elseif ($config['auth_type'] == 'ldap') {
|
|
$ldap = @ldap_connect($config['ldap_uri']);
|
|
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $config['ldap_version']);
|
|
if ($config['ldap_starttls']) {
|
|
@ldap_start_tls($ldap);
|
|
}
|
|
@ldap_bind($ldap, $config['ldap_bind_dn'], $config['ldap_bind_pw']);
|
|
$filter = str_replace('%user%', @ldap_escape($input->user, null, LDAP_ESCAPE_FILTER), $config['ldap_search']);
|
|
$result = @ldap_search($ldap, $config['ldap_base_dn'], $filter, array('dn'));
|
|
$dn = @ldap_get_dn($ldap, ldap_first_entry($ldap, $result));
|
|
if (@ldap_bind($ldap, $dn, $input->password)) {
|
|
$retval['status'] = 'success';
|
|
session_start();
|
|
$_SESSION['id'] = 0;
|
|
$_SESSION['type'] = 'admin';
|
|
$randomSecret = base64_encode(openssl_random_pseudo_bytes(32));
|
|
$_SESSION['secret'] = $randomSecret;
|
|
setcookie('authSecret', $randomSecret, 0, '/', '', false, true);
|
|
$csrfToken = base64_encode(openssl_random_pseudo_bytes(32));
|
|
$_SESSION['csrfToken'] = $csrfToken;
|
|
} else {
|
|
$retval['status'] = 'fail';
|
|
}
|
|
} else {
|
|
$retval['status'] = 'fail';
|
|
}
|
|
echo json_encode($retval);
|