summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/sys_auth.php79
1 files changed, 58 insertions, 21 deletions
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 009be2d8..15c5591a 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -3,7 +3,7 @@
// Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
function load_auth() {
- global $user;
+ global $user, $privileges;
if (!isset ($_SESSION['IP']))
$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
@@ -19,30 +19,12 @@ function load_auth() {
if (count($user) > 0) {
// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
list ($user) = $user;
- sql_query("UPDATE `User` SET "
- . "`lastLogIn` = '" . time() . "'"
- . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"
- );
+ sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
} else
unset ($_SESSION['uid']);
}
- load_privileges();
-}
-
-function load_privileges() {
- global $privileges, $user;
-
- $privileges = array ();
- if (isset ($user)) {
- $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user['UID']) . ";");
- foreach ($user_privs as $user_priv)
- $privileges[] = $user_priv['name'];
- } else {
- $guest_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=-1;");
- foreach ($guest_privs as $guest_priv)
- $privileges[] = $guest_priv['name'];
- }
+ $privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
}
function PassCrypt($passwort) {
@@ -55,4 +37,59 @@ function PassCrypt($passwort) {
return md5($passwort);
}
}
+
+// JSON Authorisierungs-Schnittstelle
+function json_auth_service() {
+ global $CurrentExternAuthPass;
+
+ header("Content-Type: application/json");
+
+ $User = $_REQUEST['user'];
+ $Pass = $_REQUEST['pw'];
+ $SourceOuth = $_REQUEST['so'];
+
+ if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
+ $sql = "SELECT * FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
+ $Erg = sql_query($sql);
+
+ if (mysql_num_rows($Erg) == 1) {
+ if (mysql_result($Erg, 0, "Passwort") == PassCrypt($Pass)) {
+ $UID = mysql_result($Erg, 0, "UID");
+
+ $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
+ foreach ($user_privs as $user_priv)
+ $privileges[] = $user_priv['name'];
+
+ $msg = array (
+ 'status' => 'success',
+ 'rights' => $privileges
+ );
+ echo json_encode($msg);
+ die();
+ }
+ }
+ }
+
+ echo json_encode(array (
+ 'status' => 'failed',
+ 'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too"
+ ));
+ die();
+}
+
+function privileges_for_user($user_id) {
+ $privileges = array ();
+ $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";");
+ foreach ($user_privs as $user_priv)
+ $privileges[] = $user_priv['name'];
+ return $privileges;
+}
+
+function privileges_for_group($group_id) {
+ $privileges = array ();
+ $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id));
+ foreach ($groups_privs as $guest_priv)
+ $privileges[] = $guest_priv['name'];
+ return $privileges;
+}
?>