Cookie-based autologin when previous login was via client cert validation issues
Bernd Wurst commited on 2013-01-26 14:49:03
Zeige 6 geänderte Dateien mit 38 Einfügungen und 17 Löschungen.
- certlogin/ajax.php 5bb0054..fd52b89
- inc/error.php e00c2ab..d2c97ba
- modules/index/certlogin.php 91c9dfd..b6c4b55
- modules/index/include/x509.php 1326e33..4cff523
- modules/index/logout.php e526382..487fd63
- modules/su/su.php 69f1e57..682c876
| ... | ... |
@@ -125,6 +125,12 @@ function require_role($roles) |
| 125 | 125 |
|
| 126 | 126 |
function login_screen($why) |
| 127 | 127 |
{
|
| 128 |
+ if (have_module('index')) {
|
|
| 129 |
+ if (isset($_COOKIE['CLIENTCERT_AUTOLOGIN']) && $_COOKIE['CLIENTCERT_AUTOLOGIN'] == '1') {
|
|
| 130 |
+ require_once('modules/index/include/x509.php');
|
|
| 131 |
+ do_ajax_cert_login(); |
|
| 132 |
+ } |
|
| 133 |
+ } |
|
| 128 | 134 |
require_once('inc/theme.php');
|
| 129 | 135 |
if ($why) {
|
| 130 | 136 |
warning($why); |
| ... | ... |
@@ -14,24 +14,15 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
+require_once('x509.php');
|
|
| 18 |
+ |
|
| 17 | 19 |
title('Login über SSL-Client-Zertifikat');
|
| 18 | 20 |
|
| 19 |
-$path = config('jquery_ui_path');
|
|
| 20 |
-html_header('
|
|
| 21 |
-<link rel="stylesheet" href="'.$path.'/themes/base/jquery-ui.css"> |
|
| 22 |
-<script type="text/javascript" src="'.$path.'/jquery-1.9.0.js" ></script> |
|
| 23 |
-<script type="text/javascript" src="'.$path.'/ui/jquery-ui.js" ></script> |
|
| 24 |
-<script> |
|
| 25 |
- function redirect(status) {
|
|
| 26 |
- if (status == "ok") {
|
|
| 27 |
- window.location.href="../../go/index/index"; |
|
| 21 |
+if ($_SESSION['role'] == ROLE_ANONYMOUS) {
|
|
| 22 |
+ do_ajax_cert_login(); |
|
| 28 | 23 |
} else {
|
| 29 |
- window.location.href="../../certlogin/"; |
|
| 30 |
- } |
|
| 24 |
+ redirect('index');
|
|
| 31 | 25 |
} |
| 32 |
- $.get("../../certlogin/ajax.php", redirect);
|
|
| 33 |
-</script> |
|
| 34 |
-'); |
|
| 35 | 26 |
|
| 36 | 27 |
output('<p>Sie werden nun über Ihr SSL-Client-Zertifikat eingeloggt. Möglicherweise werden Sie von Ihrem Browser zunächst gebeten, ein Zertifkkat auszuwählen.</p>');
|
| 37 | 28 |
|
| ... | ... |
@@ -16,6 +16,26 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 16 | 16 |
|
| 17 | 17 |
require_once('inc/security.php');
|
| 18 | 18 |
|
| 19 |
+function do_ajax_cert_login() {
|
|
| 20 |
+ global $prefix; |
|
| 21 |
+ $path = config('jquery_ui_path');
|
|
| 22 |
+ html_header('
|
|
| 23 |
+<link rel="stylesheet" href="'.$path.'/themes/base/jquery-ui.css" /> |
|
| 24 |
+<script type="text/javascript" src="'.$path.'/jquery-1.9.0.js" ></script> |
|
| 25 |
+<script type="text/javascript" src="'.$path.'/ui/jquery-ui.js" ></script> |
|
| 26 |
+<script type="text/javascript"> |
|
| 27 |
+ function redirect(status) {
|
|
| 28 |
+ if (status == "ok") {
|
|
| 29 |
+ window.location.reload(); |
|
| 30 |
+ } else {
|
|
| 31 |
+ window.location.href="../../certlogin/"; |
|
| 32 |
+ } |
|
| 33 |
+ } |
|
| 34 |
+ $.get("'.$prefix.'certlogin/ajax.php", redirect);
|
|
| 35 |
+</script> |
|
| 36 |
+'); |
|
| 37 |
+} |
|
| 38 |
+ |
|
| 19 | 39 |
function get_logins_by_cert($cert) |
| 20 | 40 |
{
|
| 21 | 41 |
$cert = mysql_real_escape_string(str_replace(array('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----', ' ', "\n"), array(), $cert));
|
| ... | ... |
@@ -18,6 +18,9 @@ require_once('session/start.php');
|
| 18 | 18 |
|
| 19 | 19 |
require_once('inc/error.php');
|
| 20 | 20 |
|
| 21 |
+if (isset($_COOKIE['CLIENTCERT_AUTOLOGIN'])) {
|
|
| 22 |
+ setcookie('CLIENTCERT_AUTOLOGIN', FALSE, 0, '/');
|
|
| 23 |
+} |
|
| 21 | 24 |
if (!session_destroy()) |
| 22 | 25 |
{
|
| 23 | 26 |
logger(LOG_INFO, "modules/index/logout", "logout", "session timed out."); |
| ... | ... |
@@ -85,15 +85,15 @@ if ($debugmode) |
| 85 | 85 |
$path = config('jquery_ui_path');
|
| 86 | 86 |
|
| 87 | 87 |
html_header('
|
| 88 |
-<link rel="stylesheet" href="'.$path.'/themes/base/jquery-ui.css"> |
|
| 88 |
+<link rel="stylesheet" href="'.$path.'/themes/base/jquery-ui.css" /> |
|
| 89 | 89 |
<script type="text/javascript" src="'.$path.'/jquery-1.9.0.js" ></script> |
| 90 | 90 |
<script type="text/javascript" src="'.$path.'/ui/jquery-ui.js" ></script> |
| 91 | 91 |
'); |
| 92 | 92 |
|
| 93 |
-output(html_form('su_su', '', '', '<label for="query"><strong>Suchtext:</strong></label> <input autocomplete="off" type="text" name="query" id="query" />
|
|
| 93 |
+output(html_form('su_su', '', '', '<p><label for="query"><strong>Suchtext:</strong></label> <input type="text" name="query" id="query" /> <input type="submit" value="Suchen" /></p>
|
|
| 94 | 94 |
')); |
| 95 | 95 |
output('
|
| 96 |
-<script> |
|
| 96 |
+<script type="text/javascript"> |
|
| 97 | 97 |
$("#query").autocomplete({
|
| 98 | 98 |
source: "su_ajax", |
| 99 | 99 |
select: function( event, ui ) {
|
| 100 | 100 |