Главная Обзор Помощь
Вход
LBP
/
Organizr
зеркало из https://github.com/causefx/Organizr.git
4
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: 2cf8a9b5e1
Ветки Метки
Organizr
/
api
/
functions
/
token-functions.php

token-functions.php 6.0 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173 
  1. <?php
    2. 

  2. function jwtParse($token)
    3. 

  3. {
    4. 

  4. 	try {
    5. 

  5. 		$result = array();
    6. 

  6. 		$result['valid'] = false;
    7. 

  7. 		// Check Token with JWT
    8. 

  8. 		// Set key
    9. 

  9. 		if (!isset($GLOBALS['organizrHash'])) {
    10. 

  10. 			return null;
    11. 

  11. 		}
    12. 

  12. 		$key = $GLOBALS['organizrHash'];
    13. 

  13. 		// SHA256 Encryption
    14. 

  14. 		$signer = new Lcobucci\JWT\Signer\Hmac\Sha256();
    15. 

  15. 		$jwttoken = (new Lcobucci\JWT\Parser())->parse((string)$token); // Parses from a string
    16. 

  16. 		$jwttoken->getHeaders(); // Retrieves the token header
    17. 

  17. 		$jwttoken->getClaims(); // Retrieves the token claims
    18. 

  18. 		// Start Validation
    19. 

  19. 		if ($jwttoken->verify($signer, $key)) {
    20. 

  20. 			$data = new Lcobucci\JWT\ValidationData(); // It will use the current time to validate (iat, nbf and exp)
    21. 

  21. 			$data->setIssuer('Organizr');
    22. 

  22. 			$data->setAudience('Organizr');
    23. 

  23. 			if ($jwttoken->validate($data)) {
    24. 

  24. 				$result['valid'] = true;
    25. 

  25. 				$result['username'] = $jwttoken->getClaim('username');
    26. 

  26. 				$result['group'] = $jwttoken->getClaim('group');
    27. 

  27. 				$result['groupID'] = $jwttoken->getClaim('groupID');
    28. 

  28. 				$result['userID'] = $jwttoken->getClaim('userID');
    29. 

  29. 				$result['email'] = $jwttoken->getClaim('email');
    30. 

  30. 				$result['image'] = $jwttoken->getClaim('image');
    31. 

  31. 				$result['tokenExpire'] = $jwttoken->getClaim('exp');
    32. 

  32. 				$result['tokenDate'] = $jwttoken->getClaim('iat');
    33. 

  33. 				$result['token'] = $jwttoken->getClaim('exp');
    34. 

  34. 			}
    35. 

  35. 		}
    36. 

  36. 		if ($result['valid'] == true) {
    37. 

  37. 			return $result;
    38. 

  38. 		} else {
    39. 

  39. 			return false;
    40. 

  40. 		}
    41. 

  41. 	} catch (\RunException $e) {
    42. 

  42. 		return false;
    43. 

  43. 	} catch (\OutOfBoundsException $e) {
    44. 

  44. 		return false;
    45. 

  45. 	} catch (\RunTimeException $e) {
    46. 

  46. 		return false;
    47. 

  47. 	} catch (\InvalidArgumentException $e) {
    48. 

  48. 		return false;
    49. 

  49. 	}
    50. 

  50. }
    51. 

  51. 

  52. function createToken($username, $email, $image, $group, $groupID, $key, $days = 1)
    53. 

  53. {
    54. 

  54. 	if (!isset($GLOBALS['dbLocation']) || !isset($GLOBALS['dbName'])) {
    55. 

  55. 		return false;
    56. 

  56. 	}
    57. 

  57. 	//Quick get user ID
    58. 

  58. 	try {
    59. 

  59. 		$database = new Dibi\Connection([
    60. 

  60. 			'driver' => 'sqlite3',
    61. 

  61. 			'database' => $GLOBALS['dbLocation'] . $GLOBALS['dbName'],
    62. 

  62. 		]);
    63. 

  63. 		$result = $database->fetch('SELECT * FROM users WHERE username = ? COLLATE NOCASE OR email = ? COLLATE NOCASE', $username, $email);
    64. 

  64. 		// Create JWT
    65. 

  65. 		// Set key
    66. 

  66. 		// SHA256 Encryption
    67. 

  67. 		$signer = new Lcobucci\JWT\Signer\Hmac\Sha256();
    68. 

  68. 		// Start Builder
    69. 

  69. 		$jwttoken = (new Lcobucci\JWT\Builder())->setIssuer('Organizr')// Configures the issuer (iss claim)
    70. 

  70. 		->setAudience('Organizr')// Configures the audience (aud claim)
    71. 

  71. 		->setId('4f1g23a12aa', true)// Configures the id (jti claim), replicating as a header item
    72. 

  72. 		->setIssuedAt(time())// Configures the time that the token was issue (iat claim)
    73. 

  73. 		->setExpiration(time() + (86400 * $days))// Configures the expiration time of the token (exp claim)
    74. 

  74. 		->set('username', $result['username'])// Configures a new claim, called "username"
    75. 

  75. 		->set('group', $result['group'])// Configures a new claim, called "group"
    76. 

  76. 		->set('groupID', $result['group_id'])// Configures a new claim, called "groupID"
    77. 

  77. 		->set('email', $result['email'])// Configures a new claim, called "email"
    78. 

  78. 		->set('image', $result['image'])// Configures a new claim, called "image"
    79. 

  79. 		->set('userID', $result['id'])// Configures a new claim, called "image"
    80. 

  80. 		->sign($signer, $key)// creates a signature using "testing" as key
    81. 

  81. 		->getToken(); // Retrieves the generated token
    82. 

  82. 		$jwttoken->getHeaders(); // Retrieves the token headers
    83. 

  83. 		$jwttoken->getClaims(); // Retrieves the token claims
    84. 

  84. 		coookie('set', $GLOBALS['cookieName'], $jwttoken, $days);
    85. 

  85. 		// Add token to DB
    86. 

  86. 		$addToken = [
    87. 

  87. 			'token' => (string)$jwttoken,
    88. 

  88. 			'user_id' => $result['id'],
    89. 

  89. 			'created' => $GLOBALS['currentTime'],
    90. 

  90. 			'browser' => isset($_SERVER ['HTTP_USER_AGENT']) ? $_SERVER ['HTTP_USER_AGENT'] : null,
    91. 

  91. 			'ip' => userIP(),
    92. 

  92. 			'expires' => gmdate("Y-m-d\TH:i:s\Z", time() + (86400 * $days))
    93. 

  93. 		];
    94. 

  94. 		$database->query('INSERT INTO [tokens]', $addToken);
    95. 

  95. 		return $jwttoken;
    96. 

  96. 	} catch (Dibi\Exception $e) {
    97. 

  97. 		writeLog('error', $e, 'SYSTEM');
    98. 

  98. 		return false;
    99. 

  99. 	}
    100. 

  100. }
    101. 

  101. 

  102. function validateToken($token, $global = false)
    103. 

  103. {
    104. 

  104. 	// Validate script
    105. 

  105. 	$userInfo = jwtParse($token);
    106. 

  106. 	$validated = $userInfo ? true : false;
    107. 

  107. 	if ($validated == true) {
    108. 

  108. 		if ($global == true) {
    109. 

  109. 			try {
    110. 

  110. 				$database = new Dibi\Connection([
    111. 

  111. 					'driver' => 'sqlite3',
    112. 

  112. 					'database' => $GLOBALS['dbLocation'] . $GLOBALS['dbName'],
    113. 

  113. 				]);
    114. 

  114. 				$all = $database->fetchAll('SELECT * FROM `tokens` WHERE `user_id` = ? AND `expires` > ?', $userInfo['userID'], $GLOBALS['currentTime']);
    115. 

  115. 				$tokenCheck = (searchArray($all, 'token', $token) !== false);
    116. 

  116. 				if (!$tokenCheck) {
    117. 

  117. 					// Delete cookie & reload page
    118. 

  118. 					coookie('delete', $GLOBALS['cookieName']);
    119. 

  119. 					$GLOBALS['organizrUser'] = false;
    120. 

  120. 				}
    121. 

  121. 				$result = $database->fetch('SELECT * FROM users WHERE id = ?', $userInfo['userID']);
    122. 

  122. 				$GLOBALS['organizrUser'] = array(
    123. 

  123. 					"token" => $token,
    124. 

  124. 					"tokenDate" => $userInfo['tokenDate'],
    125. 

  125. 					"tokenExpire" => $userInfo['tokenExpire'],
    126. 

  126. 					"username" => $result['username'],
    127. 

  127. 					"uid" => guestHash(0, 5),
    128. 

  128. 					"group" => $result['group'],
    129. 

  129. 					"groupID" => $result['group_id'],
    130. 

  130. 					"email" => $result['email'],
    131. 

  131. 					"image" => $result['image'],
    132. 

  132. 					"userID" => $result['id'],
    133. 

  133. 					"loggedin" => true,
    134. 

  134. 					"locked" => $result['locked'],
    135. 

  135. 					"tokenList" => $all,
    136. 

  136. 					"authService" => explode('::', $result['auth_service'])[0]
    137. 

  137. 				);
    138. 

  138. 			} catch (Dibi\Exception $e) {
    139. 

  139. 				$GLOBALS['organizrUser'] = false;
    140. 

  140. 			}
    141. 

  141. 		}
    142. 

  142. 	} else {
    143. 

  143. 		// Delete cookie & reload page
    144. 

  144. 		coookie('delete', $GLOBALS['cookieName']);
    145. 

  145. 		$GLOBALS['organizrUser'] = false;
    146. 

  146. 	}
    147. 

  147. }
    148. 

  148. 

  149. function getOrganizrUserToken()
    150. 

  150. {
    151. 

  151. 	if (isset($_COOKIE[$GLOBALS['cookieName']])) {
    152. 

  152. 		// Get token form cookie and validate
    153. 

  153. 		validateToken($_COOKIE[$GLOBALS['cookieName']], true);
    154. 

  154. 	} else {
    155. 

  155. 		$GLOBALS['organizrUser'] = array(
    156. 

  156. 			"token" => null,
    157. 

  157. 			"tokenDate" => null,
    158. 

  158. 			"tokenExpire" => null,
    159. 

  159. 			"username" => "Guest",
    160. 

  160. 			"uid" => guestHash(0, 5),
    161. 

  161. 			"group" => getGuest()['group'],
    162. 

  162. 			"groupID" => getGuest()['group_id'],
    163. 

  163. 			"email" => null,
    164. 

  164. 			//"groupImage"=>getGuest()['image'],
    165. 

  165. 			"image" => getGuest()['image'],
    166. 

  166. 			"userID" => null,
    167. 

  167. 			"loggedin" => false,
    168. 

  168. 			"locked" => false,
    169. 

  169. 			"tokenList" => null,
    170. 

  170. 			"authService" => null
    171. 

  171. 		);
    172. 

  172. 	}
    173. 

  173. }
    174.