tiki-autologin.php 3.79 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
<?php

require_once('tiki-setup.php');

$access->check_feature('login_autologin');

if (empty($prefs['login_autologin_user'])) {
	$access->display_error('', tra('Remote system user needs to be configured'), "500");
	die;
}

if (empty($prefs['login_autologin_group'])) {
	$access->display_error('', tra('Remote system group for autologin need to be configured'), "500");
	die;
}

rjsmelo's avatar
rjsmelo committed
17
if (! empty($_REQUEST['uname'])) {
18 19 20 21 22 23
	$uname = $_REQUEST['uname'];
} else {
	$access->display_error('', tra('User name needs to be specified'), "400");
	die;
}

rjsmelo's avatar
rjsmelo committed
24
if (! empty($_REQUEST['email'])) {
25 26 27 28 29
	$email = $_REQUEST['email'];
} else {
	$email = '';
}

rjsmelo's avatar
rjsmelo committed
30
if (! empty($_REQUEST['realName'])) {
31 32 33 34 35
	$realName = $_REQUEST['realName'];
} else {
	$realName = '';
}

rjsmelo's avatar
rjsmelo committed
36
if (! empty($_REQUEST['groups'])) {
37 38
	$groups = $_REQUEST['groups'];
} else {
rjsmelo's avatar
rjsmelo committed
39
	$groups = [];
40 41
}

rjsmelo's avatar
rjsmelo committed
42
if (! empty($_REQUEST['page'])) {
43 44 45 46 47
	$page = $_REQUEST['page'];
} else {
	$page = '';
}

rjsmelo's avatar
rjsmelo committed
48
if (! empty($_REQUEST['base_url'])) {
49 50 51 52 53 54 55 56
	$autologin_base_url = $_REQUEST['base_url'];
} else {
	$access->display_error('', tra('Base URL not received from remote system'), "500");
	die;
}

if ($user == $prefs['login_autologin_user']) {
	// Attempted server-side login
rjsmelo's avatar
rjsmelo committed
57 58 59
	if (! empty($prefs['login_autologin_allowedgroups'])) {
		$allowedgroups = array_map('trim', explode(',', $prefs['login_autologin_allowedgroups']));
		if (! array_intersect($allowedgroups, $groups)) {
60 61 62 63
			$access->display_error('', tra('Permission denied'), "401");
			die;
		}
	}
rjsmelo's avatar
rjsmelo committed
64
	if ($prefs['login_autologin_createnew'] == 'y' && ! TikiLib::lib('user')->user_exists($uname)) {
65 66 67 68 69 70
		$randompass = TikiLib::lib('user')->genPass();
		if (empty($email)) {
			$access->display_error('', tra('Email needs to be specified'), "400");
			die;
		}
		TikiLib::lib('user')->add_user($uname, $randompass, $email);
rjsmelo's avatar
rjsmelo committed
71
	} elseif (! TikiLib::lib('user')->user_exists($uname)) {
72 73
		$access->display_error('', tra('Permission denied'), "401");
		die;
rjsmelo's avatar
rjsmelo committed
74
	} elseif (! empty($email) && ($prefs['user_unique_email'] != 'y' || ! TikiLib::lib('user')->other_user_has_email($uname, $email))) {
75 76
		TikiLib::lib('user')->change_user_email($uname, $email);
	}
rjsmelo's avatar
rjsmelo committed
77
	if (! empty($realName)) {
78 79
		TikiLib::lib('tiki')->set_user_preference($uname, 'realName', $realName);
	}
rjsmelo's avatar
rjsmelo committed
80 81
	if (! empty($prefs['login_autologin_syncgroups']) && ! empty($groups)) {
		$syncgroups = array_map('trim', explode(',', $prefs['login_autologin_syncgroups']));
82
		foreach ($syncgroups as $g) {
rjsmelo's avatar
rjsmelo committed
83
			if (! in_array($g, $groups) && TikiLib::lib('user')->group_exists($g)) {
84 85 86 87 88 89 90 91 92 93 94
				TikiLib::lib('user')->remove_user_from_group($uname, $g);
			}
		}
		foreach ($groups as $g) {
			if (in_array($g, $syncgroups) && TikiLib::lib('user')->group_exists($g)) {
				TikiLib::lib('user')->assign_user_to_group($uname, $g);
			}
		}
	}
	// Generate token url to log the user in for real
	require_once 'lib/auth/tokens.php';
rjsmelo's avatar
rjsmelo committed
95
	$tokenlib = AuthTokens::build($prefs);
96 97 98
	$params['uname'] = $uname;
	$params['page'] = $page;
	$params['base_url'] = $autologin_base_url;
rjsmelo's avatar
rjsmelo committed
99 100
	$url = $base_url . 'tiki-autologin.php' . '?' . http_build_query($params, '', '&');
	$url = $tokenlib->includeToken($url, [$prefs['login_autologin_group']], '', 30, 1);
101 102 103
	echo $url;
} else {
	// Actual user attempt via token
rjsmelo's avatar
rjsmelo committed
104
	if (! in_array($prefs['login_autologin_group'], Perms::get()->getGroups())) {
105 106 107 108
		$access->display_error('', tra('Permission denied'), "401");
		die;
	}
	if ($user || TikiLib::lib('user')->autologin_user($uname)) {
rjsmelo's avatar
rjsmelo committed
109
		if (! empty($autologin_base_url)) {
110 111
			$_SESSION['autologin_base_url'] = $autologin_base_url;
		}
rjsmelo's avatar
rjsmelo committed
112
		if (! empty($_SESSION['loginfrom'])) {
113
			TikiLib::lib('access')->redirect($_SESSION['loginfrom']);
rjsmelo's avatar
rjsmelo committed
114
		} elseif (! empty($page)) {
115 116 117 118 119 120 121 122 123 124
			$sefurl = TikiLib::lib('wiki')->sefurl($page);
			TikiLib::lib('access')->redirect($sefurl);
		} else {
			TikiLib::lib('access')->redirect("tiki-index.php");
		}
	} else {
		$access->display_error('', tra('Permission denied'), "401");
		die;
	}
}