diff options
| author | Freya Murphy <freya@freyacat.org> | 2024-05-27 11:39:53 -0400 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2024-05-27 11:39:53 -0400 |
| commit | 9c5231c2988001e96492c4a3ffe21cebd4b64adc (patch) | |
| tree | 0b2214439eb8352e4ff30421d5f20b34a488f60e | |
| parent | b (diff) | |
| download | ldap_forwardauth-9c5231c2988001e96492c4a3ffe21cebd4b64adc.tar.gz ldap_forwardauth-9c5231c2988001e96492c4a3ffe21cebd4b64adc.tar.bz2 ldap_forwardauth-9c5231c2988001e96492c4a3ffe21cebd4b64adc.zip | |
aaa
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | src/web/helpers/auth.php | 27 | ||||
| -rw-r--r-- | src/web/index.php | 13 |
3 files changed, 27 insertions, 14 deletions
@@ -1 +1,2 @@ data +conf/ldap/ldap.env diff --git a/src/web/helpers/auth.php b/src/web/helpers/auth.php index 7aa4aff..3ff1e71 100644 --- a/src/web/helpers/auth.php +++ b/src/web/helpers/auth.php @@ -2,6 +2,27 @@ $keys = array(); +function get_cookie() { + $cookie_name = 'X-LDAP-Auth-Key'; + if(isset($_COOKIE[$cookie_name])) { + return $_COOKIE[$cookie_name]; + } else { + return FALSE; + } +} + +function store_cookie($key) { + $cookie_name = 'X-LDAP-Auth-Key'; + setcookie( + $cookie_name, + $key, + time() + (86400 * 30), + "/", + TRUE, + TRUE + ); +} + function load_key($key) { $file = "/tmp/$key"; if (!file_exists($file)) @@ -34,10 +55,10 @@ function get_random($n) } function key_auth() { - if (!isset($_SESSION['auth'])) { + $key = get_cookie(); + if ($key === FALSE) { return FALSE; } - $key = $_SESSION['auth']; $data = load_key($key); if ($data === FALSE) { return FALSE; @@ -55,5 +76,5 @@ function key_auth() { function key_new($user) { $key = get_random(128); store_key($key, $user); - $_SESSION['auth'] = $key; + store_cookie($key); } diff --git a/src/web/index.php b/src/web/index.php index 932fc84..8ae7a95 100644 --- a/src/web/index.php +++ b/src/web/index.php @@ -10,15 +10,6 @@ require($webroot . '/helpers/ldap.php'); require($webroot . '/helpers/auth.php'); // start session -session_set_cookie_params( - 60 * 60 * 24, // lifetime (seconds), - '/', // path - NULL, // domain, - TRUE, // secure, - TRUE // http only -); -session_start(); - function page($file, $data = array()) { extract($data); $webroot = $GLOBALS['webroot']; @@ -56,8 +47,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_URI'] !== '/login') { // we are being forwarded authed // redirect - http_response_code(301); - header("Location: https://$env/login"); + http_response_code(303); + header("Location: http://$env/login"); } else { page('login', array( 'title' => 'Login' |