From 8eee10ead8906df04255d275b460a78cc90c4e12 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 14 Oct 2015 16:57:54 +0200
Subject: Fix session handling, support staff-affiliation as being detected as
 tutor

---
 shib/api.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'shib/api.php')

diff --git a/shib/api.php b/shib/api.php
index 6772e86..0910c3d 100644
--- a/shib/api.php
+++ b/shib/api.php
@@ -37,6 +37,7 @@ if (empty($_SERVER['persistent-id'])) {
 		. " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId));
 	if ($user === false) {
 		// Not found, so we don't know which satellite to use
+		// TODO: Support STUDENT mode
 		$response['status'] = 'unregistered';
 		$response['id'] = $shibId;
 		$response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/webif/';
@@ -52,7 +53,7 @@ if (empty($_SERVER['persistent-id'])) {
 		if (empty($mail) && isset($_SERVER['mail']))
 			$mail = trim($_SERVER['mail']);
 		//
-		$login = ( empty($user['userid']) ? $shibId : $user['userid'] );
+		$login = (empty($user['userid']) ? $shibId : $user['userid'] );
 		if (empty($firstName) || empty($lastName) || empty($login)) {
 			// This means the user did not provide personal information on signup, nor does the IdP send them
 			$response['status'] = 'anonymous';
@@ -61,9 +62,11 @@ if (empty($_SERVER['persistent-id'])) {
 			// Figure out role
 			if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) {
 				$role = 'TUTOR';
-			} else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false) {
+			} else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false
+					|| strpos(";{$_SERVER['affiliation']};", ';staff@') !== false) {
 				$role = 'TUTOR';
 			} else {
+				@file_put_contents('/tmp/shib-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
 				$role = 'STUDENT';
 			}
 			// Determine satellite(s)
-- 
cgit v1.2.3-55-g7522