Commit 3ba8864a authored by Imran Hussain's avatar Imran Hussain
Browse files

Core of SSO complete.

It's not very pretty.

TODO:
* bans
* html/css
parents
sso.db
\ No newline at end of file
[submodule "lib/ldap-auth"]
path = lib/ldap-auth
url = https://projects.sucs.org/imranh/ldap-auth.git
<?php
$DB_PATH = "../sso.db";
$DB_CON;
if ( !file_exists($DB_PATH) ) {
$DB_CON = new SQLite3($DB_PATH);
$DB_CON->exec("CREATE TABLE sessions
(
id TEXT PRIMARY KEY NOT NULL,
sucs_username TEXT,
iss_username TEXT,
ipaddr TEXT NOT NULL,
failedlogincount INT NOT NULL,
lastfailedlogintime INT
)"
);
} else {
$DB_CON = new SQLite3($DB_PATH);
}
?>
\ No newline at end of file
Subproject commit 9c8e7ad06d05ad49f592ae52219d7b46cc8f31bf
<?php
//ini_set('display_errors', 1);
//ini_set('display_startup_errors', 1);
//error_reporting(E_ALL);
// declare some useful stuff here
$SESSIONID;
$RATELIMITED = false;
$SUCS_LOGIN = false;
$ISS_LOGIN = false;
session_start();
$SESSIONID = session_id();
// look at the db to see if they have an entry, if so load data in vars for use
// otherwise set them up
require "../lib/db.php";
$result = $DB_CON->query("SELECT * FROM sessions WHERE id='${SESSIONID}'");
$details = $result->fetchArray();
// if there's an entry then load that data otherwise
// otherwise make an entry
if ( $details["id"] === $SESSIONID ) {
//var_dump($details);
//echo time();
if ($details["sucs_username"] !== null) {
$SUCS_LOGIN = true;
}
if ($details["iss_username"] !== null) {
$ISS_LOGIN = true;
}
if ($details["lastfailedlogintime"] <= time()-strtotime("-10 minutes")) {
$details["lastfailedlogintime"] = 2;
}
if ($details["failedlogincount"] >= 3) {
$RATELIMITED = true;
}
} else {
$DB_CON->exec("INSERT INTO sessions (id, ipaddr, failedlogincount) VALUES ('${SESSIONID}','${_SERVER["REMOTE_ADDR"]}',0)");
}
// look for username and password in $_POST first
// otherwise try using the legcay sucssite_session cookie/info
// if all that fails then throw up a login form
if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
// require the login lib and validate the user/password
require("../lib/ldap-auth/ldap-auth.php");
$isAuthd = ldapAuth($_POST["username"], $_POST["password"]);
$username = $_POST["username"];
if ($isAuthd == "sucs"){
//do stuff for sucs auth
$DB_CON->exec("UPDATE sessions SET sucs_username='${username}' WHERE id='${SESSIONID}'");
$SUCS_LOGIN = true;
} elseif ($isAuthd == "uni"){
//do stuff for uni auth
$DB_CON->exec("UPDATE sessions SET iss_username='${username}' WHERE id='${SESSIONID}'");
$ISS_LOGIN = true;
}else{
//do stuff for not authd peeps
echo "failed!";
$details["failedlogincount"] = $details["failedlogincount"] + 1;
$DB_CON->exec("UPDATE sessions SET failedlogincount=${details['failedlogincount']}, lastfailedlogintime=strftime('%s','now') WHERE id='${SESSIONID}'");
}
} elseif ( isset($_COOKIE["sucssite_session"]) ) {
// found a sucssite_session
$legacySessionID = $_COOKIE["sucssite_session"];
// connect to the sucssite db to get the username of the session
$db_connection = pg_connect("dbname=sucssite");
$username = pg_fetch_result(pg_query_params($db_connection, "SELECT * FROM session WHERE hash=$1", array($legacySessionID)), 0, "username");
if ($username !== null) {
// we have a vlid username from a old session
$DB_CON->exec("UPDATE sessions SET sucs_username='${username}' WHERE id='${SESSIONID}'");
$SUCS_LOGIN = true;
}
}
?>
<?php
if (!$SUCS_LOGIN && !$ISS_LOGIN) {
print("
<form action=\"#\" method=\"post\">
Username: <input type=\"text\" name=\"username\"><br>
Password: <input type=\"password\" name=\"password\"><br>
<input type=\"submit\" value=\"Submit\">
</form>
");
} elseif ($SUCS_LOGIN && !$ISS_LOGIN) {
if ($details["sucs_username"] == null) {
$sucs_username = $_POST["username"];
} else {
$sucs_username = $details["sucs_username"];
}
print("
<p>Hi $sucs_username! Log in with your ISS creds if you want</p>
<form action=\"#\" method=\"post\">
Username: <input type=\"text\" name=\"username\"><br>
Password: <input type=\"password\" name=\"password\"><br>
<input type=\"submit\" value=\"Submit\">
</form>
");
} elseif (!$SUCS_LOGIN && $ISS_LOGIN) {
if ($details["iss_username"] == null) {
$iss_username = $_POST["username"];
} else {
$iss_username = $details["iss_username"];
}
print("
<p>Hi $iss_username! Log in with your SUCS creds</p>
<form action=\"#\" method=\"post\">
Username: <input type=\"text\" name=\"username\"><br>
Password: <input type=\"password\" name=\"password\"><br>
<input type=\"submit\" value=\"Submit\">
</form>
");
} else {
print("
<p>You've logged in in every possible way!</p>
");
}
?>
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment