summaryrefslogtreecommitdiffstats
path: root/pam.php
blob: 20c5a85f7a955a9149810e97fc7c1cd17e53297f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php

// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
spl_autoload_register(function ($class) {
	$file = 'inc/' . preg_replace('/[^a-z0-9]/', '', strtolower($class)) . '.inc.php';
	if (!file_exists($file))
		return;
	require_once $file;
});

require_once 'config.php';

$action = Request::any('action');

//
// New version - browser based
//
if ($action === 'browser') {
	// Browser requesting a token
	Header('Location: shib/client_auth.php?token=' . Request::any('token'));
	exit;
}

if ($action === 'verify') {
	// pam stack on client trying to verify
	$row = Database::queryFirst("SELECT username FROM client_token WHERE token = :token AND dateline > UNIX_TIMESTAMP() - 300",
		['token' => (string)Request::any('token')]);
	Header('Content-Type: text/plain; charset=utf-8');
	if ($row === false) {
		die("ERROR=Invalid token");
	}
	die("USER={$row['username']}");
}

//
// Old way, ECP
//
Header('Content-Type: text/plain; charset=utf-8');

$res = Database::simpleQuery("SELECT suffix, authmethod FROM organization INNER JOIN organization_suffix USING(organizationid)");
while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
	if (substr($row['authmethod'], 0, 5) === 'https') {
		echo $row['suffix'], '=', $row['authmethod'], "\n";
	}
}