2019-02-27 20:39:31 +00:00
|
|
|
<?php
|
|
|
|
error_reporting(E_ALL ^ E_NOTICE);
|
|
|
|
|
|
|
|
include_once('../include/lucidAuth.functions.php');
|
2019-03-04 09:43:08 +00:00
|
|
|
|
2019-02-27 20:39:31 +00:00
|
|
|
if (!empty($_COOKIE['JWT'])) {
|
|
|
|
$validateTokenResult = validateToken($_COOKIE['JWT']);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($validateTokenResult['status'] === "Success") {
|
2020-01-07 13:15:03 +00:00
|
|
|
switch ($_REQUEST['do']) {
|
2020-01-07 15:41:36 +00:00
|
|
|
case 'mutateusers':
|
2020-06-05 15:09:43 +00:00
|
|
|
if (isset($_REQUEST['new']) && isset($_REQUEST['removed'])) {
|
2020-01-07 15:41:36 +00:00
|
|
|
// Do magic!
|
2020-06-05 15:09:43 +00:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
echo json_encode([
|
|
|
|
"Result" => "Failure",
|
|
|
|
"Reason" => "Incomplete request data"
|
|
|
|
]);
|
|
|
|
}
|
2020-01-07 15:41:36 +00:00
|
|
|
break;
|
2020-01-07 13:15:03 +00:00
|
|
|
case 'retrievesessions':
|
|
|
|
$storedTokens = [];
|
2019-12-10 15:57:06 +00:00
|
|
|
|
2020-01-07 13:15:03 +00:00
|
|
|
$pdoQuery = $pdoDB->prepare('
|
|
|
|
SELECT SecureToken.Id, SecureToken.UserId, SecureToken.Value
|
|
|
|
FROM SecureToken
|
|
|
|
WHERE SecureToken.UserId = :userid
|
|
|
|
');
|
|
|
|
$pdoQuery->execute([
|
|
|
|
':userid' => (int) $_REQUEST['userid']
|
|
|
|
]);
|
|
|
|
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
|
|
|
|
try {
|
|
|
|
$JWTPayload = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
|
|
|
|
$storedTokens[] = [
|
|
|
|
'tid' => $row['Id'],
|
|
|
|
'iat' => $JWTPayload->iat,
|
|
|
|
'iss' => $JWTPayload->iss,
|
|
|
|
'fp' => $JWTPayload->fp
|
|
|
|
];
|
|
|
|
} catch (Exception $e) {
|
|
|
|
// Invalid token
|
|
|
|
continue;
|
|
|
|
}
|
2019-12-10 15:57:06 +00:00
|
|
|
}
|
2019-12-06 15:15:38 +00:00
|
|
|
|
2020-01-07 13:15:03 +00:00
|
|
|
// Return JSON object
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
echo json_encode([
|
|
|
|
"Result" => "Success",
|
|
|
|
"SessionCount" => sizeof($storedTokens),
|
|
|
|
"UserSessions" => json_encode($storedTokens)
|
|
|
|
]);
|
|
|
|
break;
|
|
|
|
case 'deletesession':
|
|
|
|
if (isset($_REQUEST['userid']) && isset($_REQUEST['tokenid'])) {
|
|
|
|
try {
|
|
|
|
$pdoQuery = $pdoDB->prepare('
|
|
|
|
DELETE FROM SecureToken
|
|
|
|
WHERE SecureToken.UserId = :userid AND SecureToken.Id = :tokenid
|
|
|
|
');
|
|
|
|
$pdoQuery->execute([
|
|
|
|
':userid' => (int) $_REQUEST['userid'],
|
|
|
|
':tokenid' => (int) $_REQUEST['tokenid']
|
|
|
|
]);
|
|
|
|
|
|
|
|
// Return JSON object
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
echo json_encode([
|
|
|
|
"Result" => "Success",
|
|
|
|
"RowCount" => $pdoQuery->RowCount()
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
catch (Exception $e) {
|
|
|
|
// Return JSON object
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
echo json_encode([
|
|
|
|
"Result" => "Failure",
|
|
|
|
"Reason" => "Failed deleting tokens from database"
|
|
|
|
]);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
echo json_encode([
|
|
|
|
"Result" => "Failure",
|
|
|
|
"Reason" => "Incomplete request data"
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
// No action requested, default action
|
|
|
|
include_once('../include/lucidAuth.template.php');
|
2019-12-06 15:15:38 +00:00
|
|
|
|
2020-01-07 13:15:03 +00:00
|
|
|
try {
|
|
|
|
$allUsers = $pdoDB->query('
|
|
|
|
SELECT User.Id, User.Username, Role.Rolename
|
|
|
|
FROM User
|
|
|
|
LEFT JOIN Role
|
|
|
|
ON (Role.Id = User.RoleId)
|
|
|
|
')->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
} catch (Exception $e) {
|
2019-03-04 09:43:08 +00:00
|
|
|
// Should really do some actual errorhandling here
|
2020-01-07 13:15:03 +00:00
|
|
|
throw new Exception($e);
|
|
|
|
}
|
|
|
|
foreach($allUsers as $row) {
|
|
|
|
$tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
|
|
|
|
$validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,
|
|
|
|
$row['Id'],
|
|
|
|
explode('\\', $row['Username'])[1],
|
|
|
|
$row['Rolename'],
|
|
|
|
'<button class="bttn-simple bttn-xs bttn-primary session" data-translation="button_sessions">Sessions</button>' . ($validateTokenResult['uid'] === $row['Id'] ? null : ' <button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">Delete</button>')
|
|
|
|
);
|
|
|
|
}
|
2019-12-06 15:15:38 +00:00
|
|
|
|
2020-01-07 13:15:03 +00:00
|
|
|
echo sprintf($pageLayout['full_alt'],
|
|
|
|
sprintf($contentLayout['manage']['header'],
|
|
|
|
$validateTokenResult['name']
|
|
|
|
),
|
|
|
|
sprintf($contentLayout['manage']['section'],
|
|
|
|
implode($tableRows)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
break;
|
2019-12-06 15:15:38 +00:00
|
|
|
}
|
2019-02-27 20:39:31 +00:00
|
|
|
} else {
|
|
|
|
// No cookie containing valid authentication token found;
|
|
|
|
// explicitly deleting any remaining cookie, then redirecting to loginpage
|
|
|
|
setcookie('JWT', FALSE);
|
|
|
|
|
|
|
|
header("HTTP/1.1 401 Unauthorized");
|
|
|
|
header("Location: lucidAuth.login.php");
|
|
|
|
}
|
|
|
|
|
2019-02-25 14:00:32 +00:00
|
|
|
?>
|