summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--includes/sys_auth.php79
-rw-r--r--www-ssl/index.php10
-rw-r--r--www-ssl/nonpublic/auth.php45
3 files changed, 70 insertions, 64 deletions
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 009be2d8..15c5591a 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -3,7 +3,7 @@
// Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
function load_auth() {
- global $user;
+ global $user, $privileges;
if (!isset ($_SESSION['IP']))
$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
@@ -19,30 +19,12 @@ function load_auth() {
if (count($user) > 0) {
// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
list ($user) = $user;
- sql_query("UPDATE `User` SET "
- . "`lastLogIn` = '" . time() . "'"
- . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"
- );
+ sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
} else
unset ($_SESSION['uid']);
}
- load_privileges();
-}
-
-function load_privileges() {
- global $privileges, $user;
-
- $privileges = array ();
- if (isset ($user)) {
- $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user['UID']) . ";");
- foreach ($user_privs as $user_priv)
- $privileges[] = $user_priv['name'];
- } else {
- $guest_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=-1;");
- foreach ($guest_privs as $guest_priv)
- $privileges[] = $guest_priv['name'];
- }
+ $privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
}
function PassCrypt($passwort) {
@@ -55,4 +37,59 @@ function PassCrypt($passwort) {
return md5($passwort);
}
}
+
+// JSON Authorisierungs-Schnittstelle
+function json_auth_service() {
+ global $CurrentExternAuthPass;
+
+ header("Content-Type: application/json");
+
+ $User = $_REQUEST['user'];
+ $Pass = $_REQUEST['pw'];
+ $SourceOuth = $_REQUEST['so'];
+
+ if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
+ $sql = "SELECT * FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
+ $Erg = sql_query($sql);
+
+ if (mysql_num_rows($Erg) == 1) {
+ if (mysql_result($Erg, 0, "Passwort") == PassCrypt($Pass)) {
+ $UID = mysql_result($Erg, 0, "UID");
+
+ $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
+ foreach ($user_privs as $user_priv)
+ $privileges[] = $user_priv['name'];
+
+ $msg = array (
+ 'status' => 'success',
+ 'rights' => $privileges
+ );
+ echo json_encode($msg);
+ die();
+ }
+ }
+ }
+
+ echo json_encode(array (
+ 'status' => 'failed',
+ 'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too"
+ ));
+ die();
+}
+
+function privileges_for_user($user_id) {
+ $privileges = array ();
+ $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";");
+ foreach ($user_privs as $user_priv)
+ $privileges[] = $user_priv['name'];
+ return $privileges;
+}
+
+function privileges_for_group($group_id) {
+ $privileges = array ();
+ $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id));
+ foreach ($groups_privs as $guest_priv)
+ $privileges[] = $guest_priv['name'];
+ return $privileges;
+}
?>
diff --git a/www-ssl/index.php b/www-ssl/index.php
index 7c65abb2..214ec54a 100644
--- a/www-ssl/index.php
+++ b/www-ssl/index.php
@@ -22,6 +22,10 @@ sql_connect($config['host'], $config['user'], $config['pw'], $config['db']);
load_auth();
+// JSON Authorisierung gewünscht?
+if (isset ($_REQUEST['auth']))
+ json_auth_service();
+
// Gewünschte Seite/Funktion
$p = isset ($user) ? "news" : "start";
if (isset ($_REQUEST['p']))
@@ -89,15 +93,15 @@ if (in_array($p, $privileges)) {
elseif ($p == "admin_groups") {
require_once ('includes/pages/admin_groups.php');
$content = admin_groups();
- }
+ }
elseif ($p == "admin_faq") {
require_once ('includes/pages/admin_faq.php');
$content = admin_faq();
- }
+ }
elseif ($p == "admin_language") {
require_once ('includes/pages/admin_language.php');
$content = admin_language();
- }
+ }
elseif ($p == "admin_log") {
require_once ('includes/pages/admin_log.php');
$content = admin_log();
diff --git a/www-ssl/nonpublic/auth.php b/www-ssl/nonpublic/auth.php
index 7d58988c..143ea8c8 100644
--- a/www-ssl/nonpublic/auth.php
+++ b/www-ssl/nonpublic/auth.php
@@ -1,43 +1,8 @@
<?php
-require_once ('../bootstrap.php');
-header("Content-Type: application/json");
-
-include "includes/config.php";
-include "includes/config_db.php";
-
-$User = $_POST['user'];
-$Pass = $_POST['pw'];
-$SourceOuth = $_POST['so'];
-
-if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
- $sql = "SELECT * FROM `User` WHERE `Nick`='" . $User . "'";
- $Erg = mysql_query($sql, $con);
-
- if (mysql_num_rows($Erg) == 1) {
- if (mysql_result($Erg, 0, "Passwort") == $Pass) {
- $UID = mysql_result($Erg, 0, "UID");
-
- // get CVS import Data
- $SQL = "SELECT * FROM `UserCVS` WHERE `UID`='" . $UID . "'";
- $Erg_CVS = mysql_query($SQL, $con);
- $CVS = mysql_fetch_array($Erg_CVS);
-
- $msg = array (
- 'status' => 'success',
- 'rights' => $CVS
- );
- echo json_encode($msg);
- } else
- echo json_encode(array (
- 'status' => 'failed'
- ));
- } else
- echo json_encode(array (
- 'status' => 'failed'
- ));
-} else
- echo json_encode(array (
- 'status' => 'failed'
- ));
+// Bleibt erstmal, damit Benutzer, die die Schnittstelle nutzen mitkriegen, dass diese Umgezogen ist
+echo json_encode(array (
+ 'status' => 'failed',
+ 'error' => "JSON Service moved to https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>"
+));
?>