You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 lines
3.8 KiB
120 lines
3.8 KiB
<?php |
|
namespace MSFD\Controllers; |
|
use MSFD\Services\PgSql; |
|
use MSFD\Services\GeoserverAPI; |
|
|
|
|
|
|
|
class AuthController { |
|
|
|
public function index() { |
|
$view = new ViewController(); |
|
$view->render('login', []); |
|
} |
|
|
|
public function signin() { |
|
// Prevent invalid email input |
|
$email = $_POST['username']; |
|
if (!valid_email($email)) { |
|
header('HTTP/1.1 422 Unprocessable Entity'); |
|
header('Location: login'); |
|
/* header('Refresh: 1; URL = index.php'); */ |
|
die(); |
|
} |
|
|
|
// Handle guest login |
|
if (!isset($_POST['password'])) { |
|
$_SESSION['user_groups'] = [1]; |
|
$_SESSION['user_name'] = "Guest"; |
|
$_SESSION['user_id'] = self::insertGuestUser($email); |
|
/* header('HTTP/1.1 302 Found'); */ |
|
header('Location: /'); |
|
return TRUE; |
|
} else { // handle user login |
|
$email = $_POST['username']; |
|
$password = $_POST['password']; |
|
} |
|
|
|
$api = new GeoserverAPI(); |
|
$sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}'"; |
|
$user_id = PgSql::getCol($sql); |
|
|
|
if ($user_id) { |
|
$res = $api->getUser($user_id); |
|
$sql_groups = "SELECT group_id FROM webapp.users u |
|
JOIN webapp.users__groups ug ON u.geo_id = ug.user_id |
|
WHERE geo_id = '${user_id}'"; |
|
$user_groups = Pgsql::getColValues($sql_groups); |
|
$sql_name = "SELECT fname FROM webapp.users u |
|
WHERE geo_id = '${user_id}'"; |
|
$user_name = PgSql::getCol($sql_name); |
|
|
|
if ($res !== FALSE) { |
|
foreach($res->users as $entry) { |
|
// if user id exists in geoserver |
|
if ($entry->userName == $user_id) { |
|
// STORE ROLE HERE IN SESSION USING API |
|
$role = $api->getRole($user_id); |
|
$_SESSION['user_id'] = $user_id; |
|
$_SESSION['user_groups'] = $user_groups; |
|
$_SESSION['user_name'] = $user_name; |
|
|
|
header('Location: /'); |
|
} |
|
} |
|
} else { |
|
header('HTTP/1.1 403 Forbidden'); |
|
/* header('Refresh: 2; URL = index.php'); */ |
|
die(); |
|
} |
|
} else { |
|
echo 'No such user in geoserver'; |
|
header('HTTP/1.1 403 Forbidden'); |
|
/* header('Refresh: 2; URL = index.php'); */ |
|
die(); |
|
} |
|
} |
|
|
|
|
|
public function logout() { |
|
/* session_start(); */ |
|
session_destroy(); |
|
unset($_SESSION); |
|
/* $_SESSION = array(); */ |
|
header("Location: login"); |
|
exit(); |
|
/* header('Refresh: 2; URL = index.php'); */ |
|
} |
|
|
|
|
|
private function insertGuestUser($email) { |
|
$uid = guidv4($email); |
|
$sql = "INSERT INTO webapp.users (email, password, origin, geo_id) |
|
VALUES ('${email}', '', 'GUEST', '${uid}') |
|
ON CONFLICT (email) DO UPDATE |
|
SET geo_id = EXCLUDED.geo_id, |
|
last_login = now()"; |
|
return json_decode(PgSql::insert($sql, 'geo_id'))->geo_id; |
|
} |
|
} |
|
|
|
|
|
function guidv4($data = null) { |
|
// Generate 16 bytes (128 bits) of random data or use the data passed into the function. |
|
$data = $data ?? random_bytes(16); |
|
assert(strlen($data) == 16); |
|
|
|
// Set version to 0100 |
|
$data[6] = chr(ord($data[6]) & 0x0f | 0x40); |
|
// Set bits 6-7 to 10 |
|
$data[8] = chr(ord($data[8]) & 0x3f | 0x80); |
|
|
|
// Output the 36 character UUID. |
|
return vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex($data), 4)); |
|
} |
|
|
|
|
|
|
|
function valid_email($str) { |
|
return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE; |
|
}
|
|
|