From 225398d87d56257e63f03504fb1a0452a8d9ae02 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Fri, 3 Jun 2011 15:30:17 +0200
Subject: json auth service complete

---
 includes/sys_auth.php | 79 +++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 58 insertions(+), 21 deletions(-)

(limited to 'includes')

diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 009be2d8..15c5591a 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -3,7 +3,7 @@
 
 // Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
 function load_auth() {
-	global $user;
+	global $user, $privileges;
 
 	if (!isset ($_SESSION['IP']))
 		$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
@@ -19,30 +19,12 @@ function load_auth() {
 		if (count($user) > 0) {
 			// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
 			list ($user) = $user;
-			sql_query("UPDATE `User` SET "
-				. "`lastLogIn` = '" . time() . "'"
-				. " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"
-			);
+			sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
 		} else
 			unset ($_SESSION['uid']);
 	}
 
-	load_privileges();
-}
-
-function load_privileges() {
-	global $privileges, $user;
-
-	$privileges = array ();
-	if (isset ($user)) {
-		$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user['UID']) . ";");
-		foreach ($user_privs as $user_priv)
-			$privileges[] = $user_priv['name'];
-	} else {
-		$guest_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=-1;");
-		foreach ($guest_privs as $guest_priv)
-			$privileges[] = $guest_priv['name'];
-	}
+	$privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
 }
 
 function PassCrypt($passwort) {
@@ -55,4 +37,59 @@ function PassCrypt($passwort) {
 			return md5($passwort);
 	}
 }
+
+// JSON Authorisierungs-Schnittstelle
+function json_auth_service() {
+	global $CurrentExternAuthPass;
+
+	header("Content-Type: application/json");
+
+	$User = $_REQUEST['user'];
+	$Pass = $_REQUEST['pw'];
+	$SourceOuth = $_REQUEST['so'];
+
+	if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
+		$sql = "SELECT * FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
+		$Erg = sql_query($sql);
+
+		if (mysql_num_rows($Erg) == 1) {
+			if (mysql_result($Erg, 0, "Passwort") == PassCrypt($Pass)) {
+				$UID = mysql_result($Erg, 0, "UID");
+
+				$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
+				foreach ($user_privs as $user_priv)
+					$privileges[] = $user_priv['name'];
+
+				$msg = array (
+					'status' => 'success',
+					'rights' => $privileges
+				);
+				echo json_encode($msg);
+				die();
+			}
+		}
+	}
+
+	echo json_encode(array (
+		'status' => 'failed',
+		'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too"
+	));
+	die();
+}
+
+function privileges_for_user($user_id) {
+	$privileges = array ();
+	$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";");
+	foreach ($user_privs as $user_priv)
+		$privileges[] = $user_priv['name'];
+	return $privileges;
+}
+
+function privileges_for_group($group_id) {
+	$privileges = array ();
+	$groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id));
+	foreach ($groups_privs as $guest_priv)
+		$privileges[] = $guest_priv['name'];
+	return $privileges;
+}
 ?>
-- 
cgit v1.2.3-54-g00ecf