From a20f13ab7c96ef52a7b23d515e188fa3af4505ed Mon Sep 17 00:00:00 2001
From: Danny Bessems <danny@bessems.eu>
Date: Wed, 13 Mar 2019 09:59:12 +0000
Subject: [PATCH] Babysteps towards cross-domain-cookies-in-iframes

---
 include/lucidAuth.template.php        |  6 +++---
 public/lucidAuth.setXDomainCookie.php | 21 +++++++++++++++++++--
 public/misc/script.manage.js          |  8 ++++++--
 3 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/include/lucidAuth.template.php b/include/lucidAuth.template.php
index 7ee36c0..e1b45b6 100644
--- a/include/lucidAuth.template.php
+++ b/include/lucidAuth.template.php
@@ -13,7 +13,7 @@ $pageLayout['full'] = <<<'FULL'
 	<link href="misc/style.css" rel="stylesheet" />
 	<link href="misc/style.theme.css" rel="stylesheet" />
     <link href="misc/style.button.css" rel="stylesheet" />
-    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
     <script src="misc/script.translation.js"></script>
   </head>
   <body>
@@ -79,7 +79,7 @@ $pageLayout['bare'] = <<<'BARE'
     <meta charset="utf-8" />
     <title>lucidAuth</title>
 	<meta name="application-name" content="lucidAuth" />
-    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
     <script src="misc/script.iframe.js"></script>
   </head>
   <body>
@@ -119,7 +119,7 @@ LOGIN;
 $contentLayout['manage']['header'] = <<<'MANAGE_HEADER'
 		  <script src="misc/script.editable.table.js"></script>
 		  <script src="misc/script.manage.js"></script>
-          <span id="user"><span data-translation="span_loggedinas">Logged in as</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="#" tabindex="800" data-translation="link_logout">Logout</a>]</span>
+          <span id="user"><span data-translation="span_loggedinas">Logged in as</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" class="current" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" href="#" tabindex="700">NL</a>]&nbsp;[<a id="linklogout" href="#" tabindex="800" data-translation="link_logout">Logout</a>]</span>
           <ul style="clear: both; margin-top: 20px;">
             <li class="buttons">
 		      <button id="btnnewuser" class="bttn-simple bttn-xs bttn-primary" data-translation="button_new">new</button>
diff --git a/public/lucidAuth.setXDomainCookie.php b/public/lucidAuth.setXDomainCookie.php
index c3ab1f8..0d20746 100644
--- a/public/lucidAuth.setXDomainCookie.php
+++ b/public/lucidAuth.setXDomainCookie.php
@@ -3,8 +3,7 @@
 
 	include_once('../include/lucidAuth.functions.php');
 
-
-	// Start with checking $_REQUEST['ref']
+    // Start with checking $_REQUEST['ref']
 	// What do we need?
 	//   token again?
 
@@ -16,6 +15,24 @@
 	//   let the client setup multiple iframes for all domains other than origin domains
 	//   this requires passing an array of domains to the client in asynchronous reply; which feels insecure
 
+	if (!empty($_REQUEST['ref'])) {
+		try {
+			$queryString = json_decode(base64_decode($_REQUEST['ref']), JSON_OBJECT_AS_ARRAY);
+		}
+		catch (Exception $e) {
+			// Silently fail, unless explicitly specified otherwise
+			if ($settings->Debug['Verbose']) throw new Exception($e);
+            exit;
+		}
+
+        switch ($queryString['action']) {
+            case 'login':
+                break;
+            default:
+                break;
+        }
+	}
+
 	include_once('../include/lucidAuth.template.php');
 
 	echo sprintf($pageLayout['bare'],
diff --git a/public/misc/script.manage.js b/public/misc/script.manage.js
index ecb4d31..2048dda 100644
--- a/public/misc/script.manage.js
+++ b/public/misc/script.manage.js
@@ -22,9 +22,9 @@ $(document).ready(function(){
             .append($('<td>', {
                 class: 'immutable',
                 html: '<button class="bttn-simple bttn-xs bttn-primary disabled" data-translation="button_sessions" disabled="true">' +
-                    locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'nl')]['button_sessions'] + '</button>&nbsp;' +
+                    locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_sessions'] + '</button>&nbsp;' +
                     '<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">' +
-                    locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'nl')]['button_delete'] +
+                    locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_delete'] +
                     '</button>'
             }))
         );
@@ -69,6 +69,10 @@ console.log({'new': newEntries, 'removed': removedEntries});
         window.location.reload();
     });
 
+    $('#linklogout').click(function() {
+        console.log('Logging out!');
+    });
+
    	if (localStorage.getItem('theme') !== null) {
 		$('#theme').addClass(localStorage.getItem('theme'));
 	}