forked from ndlibersa/resources
-
Notifications
You must be signed in to change notification settings - Fork 0
/
user.php
104 lines (66 loc) · 2.88 KB
/
user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
/*
**************************************************************************************************************************
** CORAL Resources Module v. 1.0
**
** Copyright (c) 2010 University of Notre Dame
**
** This file is part of CORAL.
**
** CORAL is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
**
** CORAL is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License along with CORAL. If not, see <http://www.gnu.org/licenses/>.
**
**************************************************************************************************************************
*/
$util = new Utility();
$config = new Configuration();
$addURL = '';
//if set to use auth module
if ($config->settings->authModule == 'Y'){
//check if a cookie has been set for this user in a session
$loginID = $util->getLoginCookie();
//load user and verify they have a valid open session
$user = new User(new NamedArguments(array('primaryKey' => $loginID)));
//if the user has an open session
if (($loginID) && ($user->hasOpenSession())){
session_start();
$_SESSION['loginID'] = $loginID;
//no open session
}else{
//redirect to auth page
if (isset($user->loginID)) {
$addURL = '?timeout&service=';
}else{
$addURL = '?service=';
}
$authURL = $util->getCORALURL() . "auth/" . $addURL . htmlentities($_SERVER['REQUEST_URI']);
header('Location: ' . $authURL, true);
}
//otherwise plug into apache server variable
}else{
//get login id from server
if (!isset($_SESSION['loginID']) || ($_SESSION['loginID'] == '')){
$varName = $config->settings->remoteAuthVariableName;
//the following code takes the remote auth variable name from the config settings and evaluates it to get the actual value from web server
//if the first character is a $ it needs to be stripped off for the eval to work
$theVarStem = ltrim($varName, "$");
//evaluate the remote variable
$remoteAuth=eval("return \$$theVarStem;");
//use the split in case the remote login is supplied as an email address
list ($loginID,$restofAddr) = explode("@", $remoteAuth);
session_start();
$_SESSION['loginID'] = $loginID;
}else{
$loginID = $_SESSION['loginID'];
}
}
if (isset($loginID) && ($loginID != "")){
include_once('setuser.php');
}else{
$user = new User();
$errorMessage = _("Login is not working. Check the .htaccess file and the remoteAuthVariableName specified in /admin/configuration.ini");
}
?>