This repository has been archived by the owner on Sep 3, 2018. It is now read-only.
/
tiki-autologin.php
124 lines (113 loc) · 3.8 KB
/
tiki-autologin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<?php
require_once('tiki-setup.php');
$access->check_feature('login_autologin');
if (empty($prefs['login_autologin_user'])) {
$access->display_error('', tra('Remote system user needs to be configured'), "500");
die;
}
if (empty($prefs['login_autologin_group'])) {
$access->display_error('', tra('Remote system group for autologin need to be configured'), "500");
die;
}
if (!empty($_REQUEST['uname'])) {
$uname = $_REQUEST['uname'];
} else {
$access->display_error('', tra('User name needs to be specified'), "400");
die;
}
if (!empty($_REQUEST['email'])) {
$email = $_REQUEST['email'];
} else {
$email = '';
}
if (!empty($_REQUEST['realName'])) {
$realName = $_REQUEST['realName'];
} else {
$realName = '';
}
if (!empty($_REQUEST['groups'])) {
$groups = $_REQUEST['groups'];
} else {
$groups = array();
}
if (!empty($_REQUEST['page'])) {
$page = $_REQUEST['page'];
} else {
$page = '';
}
if (!empty($_REQUEST['base_url'])) {
$autologin_base_url = $_REQUEST['base_url'];
} else {
$access->display_error('', tra('Base URL not received from remote system'), "500");
die;
}
if ($user == $prefs['login_autologin_user']) {
// Attempted server-side login
if (!empty($prefs['login_autologin_allowedgroups'])) {
$allowedgroups = array_map('trim', explode(',', $prefs['login_autologin_allowedgroups']));
if (!array_intersect($allowedgroups, $groups)) {
$access->display_error('', tra('Permission denied'), "401");
die;
}
}
if ($prefs['login_autologin_createnew'] == 'y' && !TikiLib::lib('user')->user_exists($uname)) {
$randompass = TikiLib::lib('user')->genPass();
if (empty($email)) {
$access->display_error('', tra('Email needs to be specified'), "400");
die;
}
TikiLib::lib('user')->add_user($uname, $randompass, $email);
} elseif (!TikiLib::lib('user')->user_exists($uname)) {
$access->display_error('', tra('Permission denied'), "401");
die;
} elseif (!empty($email)) {
TikiLib::lib('user')->change_user_email($uname, $email);
}
if (!empty($realName)) {
TikiLib::lib('tiki')->set_user_preference($uname, 'realName', $realName);
}
if (!empty($prefs['login_autologin_syncgroups']) && !empty($groups)) {
$syncgroups = array_map('trim', explode(',', $prefs['login_autologin_syncgroups']));
foreach ($syncgroups as $g) {
if (!in_array($g, $groups) && TikiLib::lib('user')->group_exists($g)) {
TikiLib::lib('user')->remove_user_from_group($uname, $g);
}
}
foreach ($groups as $g) {
if (in_array($g, $syncgroups) && TikiLib::lib('user')->group_exists($g)) {
TikiLib::lib('user')->assign_user_to_group($uname, $g);
}
}
}
// Generate token url to log the user in for real
require_once 'lib/auth/tokens.php';
$tokenlib = AuthTokens::build( $prefs );
$params['uname'] = $uname;
$params['page'] = $page;
$params['base_url'] = $autologin_base_url;
$url = $base_url . 'tiki-autologin.php' . '?' . http_build_query( $params, '', '&' );
$url = $tokenlib->includeToken( $url, array($prefs['login_autologin_group']), '', 30, 1);
echo $url;
} else {
// Actual user attempt via token
if (!in_array($prefs['login_autologin_group'], Perms::get()->getGroups())) {
$access->display_error('', tra('Permission denied'), "401");
die;
}
if ($user || TikiLib::lib('user')->autologin_user($uname)) {
if (!empty($autologin_base_url)) {
$_SESSION['autologin_base_url'] = $autologin_base_url;
}
if (!empty($_SESSION['loginfrom'])) {
TikiLib::lib('access')->redirect($_SESSION['loginfrom']);
} elseif (!empty($page)) {
$sefurl = TikiLib::lib('wiki')->sefurl($page);
TikiLib::lib('access')->redirect($sefurl);
} else {
TikiLib::lib('access')->redirect("tiki-index.php");
}
} else {
$access->display_error('', tra('Permission denied'), "401");
die;
}
}