147 lines
3.8 KiB
PHP
147 lines
3.8 KiB
PHP
<?php
|
|
|
|
// phpcs:disable PSR1.Classes.ClassDeclaration.MissingNamespace
|
|
// phpcs:disable PSR1.Files.SideEffects
|
|
defined('SYSPATH') or die('No direct access allowed.');
|
|
// phpcs:enable PSR1.Files.SideEffects
|
|
// phpcs:disable Squiz.Classes.ValidClassName.NotCamelCaps
|
|
|
|
class Auth_Multisite_Model
|
|
{
|
|
private $htpasswdPath;
|
|
|
|
private $serialsPath;
|
|
|
|
private $secretPath;
|
|
|
|
private $authFile;
|
|
|
|
|
|
public function __construct($htpasswdPath, $serialsPath, $secretPath, $loginUrl)
|
|
{
|
|
$this->htpasswdPath = $htpasswdPath;
|
|
$this->serialsPath = $serialsPath;
|
|
$this->secretPath = $secretPath;
|
|
$this->loginUrl = $loginUrl;
|
|
|
|
// When the auth.serial file exists, use this instead of the htpasswd
|
|
// for validating the cookie. The structure of the file is equal, so
|
|
// the same code can be used.
|
|
if (file_exists($this->serialsPath)) {
|
|
$this->authFile = 'serial';
|
|
} elseif (file_exists($this->htpasswdPath)) {
|
|
$this->authFile = 'htpasswd';
|
|
} else {
|
|
throw new Kohana_exception('error.auth_multisite_missing_htpasswd');
|
|
}
|
|
|
|
if (!file_exists($this->secretPath)) {
|
|
$this->redirectToLogin();
|
|
}
|
|
}
|
|
//end __construct()
|
|
|
|
|
|
private function loadAuthFile($path)
|
|
{
|
|
$creds = [];
|
|
foreach (file($path) as $line) {
|
|
if (strpos($line, ':') !== false) {
|
|
list($username, $secret) = explode(':', $line, 2);
|
|
$creds[$username] = rtrim($secret);
|
|
}
|
|
}
|
|
return $creds;
|
|
}
|
|
//end loadAuthFile()
|
|
|
|
|
|
private function loadSecret()
|
|
{
|
|
return trim(file_get_contents($this->secretPath));
|
|
}
|
|
//end loadSecret()
|
|
|
|
|
|
private function generateHash($username, $now, $user_secret)
|
|
{
|
|
$secret = $this->loadSecret();
|
|
return md5($username . $now . $user_secret . $secret);
|
|
}
|
|
//end generateHash()
|
|
|
|
|
|
private function checkAuthCookie($cookieName)
|
|
{
|
|
if (!isset($_COOKIE[$cookieName]) || $_COOKIE[$cookieName] == '') {
|
|
throw new Exception();
|
|
}
|
|
|
|
$cookie = $_COOKIE[$cookieName];
|
|
if ($cookie[0] == '"') {
|
|
$cookie = trim($cookie, '"');
|
|
}
|
|
list($username, $issueTime, $cookieHash) = explode(':', $cookie, 3);
|
|
|
|
if ($this->authFile == 'htpasswd') {
|
|
$users = $this->loadAuthFile($this->htpasswdPath);
|
|
} else {
|
|
$users = $this->loadAuthFile($this->serialsPath);
|
|
}
|
|
|
|
if (!isset($users[$username])) {
|
|
throw new Exception();
|
|
}
|
|
$user_secret = $users[$username];
|
|
|
|
// Validate the hash
|
|
if ($cookieHash != $this->generateHash($username, $issueTime, $user_secret)) {
|
|
throw new Exception();
|
|
}
|
|
|
|
// FIXME: Maybe renew the cookie here too
|
|
return $username;
|
|
}
|
|
//end checkAuthCookie()
|
|
|
|
|
|
private function checkAuth()
|
|
{
|
|
// Loop all cookies trying to fetch a valid authentication
|
|
// cookie for this installation
|
|
foreach (array_keys($_COOKIE) as $cookieName) {
|
|
if (substr($cookieName, 0, 5) != 'auth_') {
|
|
continue;
|
|
}
|
|
try {
|
|
$name = $this->checkAuthCookie($cookieName);
|
|
return $name;
|
|
} catch (Exception $e) {
|
|
}
|
|
}
|
|
return '';
|
|
}
|
|
//end checkAuth()
|
|
|
|
|
|
private function redirectToLogin()
|
|
{
|
|
header('Location:' . $this->loginUrl . '?_origtarget=' . $_SERVER['REQUEST_URI']);
|
|
}
|
|
//end redirectToLogin()
|
|
|
|
|
|
public function check()
|
|
{
|
|
$username = $this->checkAuth();
|
|
if ($username === '') {
|
|
$this->redirectToLogin();
|
|
exit(0);
|
|
}
|
|
|
|
return $username;
|
|
}
|
|
//end check()
|
|
}
|
|
//end class
|