summaryrefslogtreecommitdiffstats
path: root/pam.php
diff options
context:
space:
mode:
authorSimon Rettberg2022-11-22 17:10:00 +0100
committerSimon Rettberg2022-11-22 17:10:00 +0100
commit5ff1e943a2b65a92c2b44725fd2d906a40c55118 (patch)
tree3536bc49437c7182bc3a65016ac871bdbec0c680 /pam.php
parent[main] Fix organization name in error message (diff)
downloadbwlp-webadmin-5ff1e943a2b65a92c2b44725fd2d906a40c55118.tar.gz
bwlp-webadmin-5ff1e943a2b65a92c2b44725fd2d906a40c55118.tar.xz
bwlp-webadmin-5ff1e943a2b65a92c2b44725fd2d906a40c55118.zip
[pam] Support browser-based login
Diffstat (limited to 'pam.php')
-rw-r--r--pam.php32
1 files changed, 27 insertions, 5 deletions
diff --git a/pam.php b/pam.php
index c5cb8fb..2a74bc3 100644
--- a/pam.php
+++ b/pam.php
@@ -1,17 +1,39 @@
<?php
// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
-function slxAutoloader($class)
-{
- $file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php';
+spl_autoload_register(function ($class) {
+ $file = 'inc/' . preg_replace('/[^a-z0-9]/', '', strtolower($class)) . '.inc.php';
if (!file_exists($file))
return;
require_once $file;
-}
-spl_autoload_register('slxAutoloader');
+});
require_once 'config.php';
+$action = Request::any('action');
+
+//
+// New version - browser based
+//
+if ($action === 'browser') {
+ // Browser requesting a token
+ Header('Location: shib/client_auth.php?token=' . (string)Request::any('token'));
+ exit;
+}
+
+if ($action === 'verify') {
+ // pam stack on client trying to verify
+ $row = Database::queryFirst("SELECT username FROM client_token WHERE token = :token AND dateline > UNIX_TIMESTAMP() - 300", ['token' => (string)Request::any('token')]);
+ Header('Content-Type: text/plain; charset=utf-8');
+ if ($row === false) {
+ die("ERROR=Invalid token");
+ }
+ die("USER={$row['username']}");
+}
+
+//
+// Old way, ECP
+//
Header('Content-Type: text/plain; charset=utf-8');
$res = Database::simpleQuery("SELECT suffix, authmethod FROM organization INNER JOIN organization_suffix USING(organizationid)");