Rudimentary implementation of authentication processflow

public/lucidAuth.login.php

@@ -3,13 +3,23 @@
 
 	include_once('../include/lucidAuth.functions.php');
 	
-	echo $settings->Debug['Verbose'];
-  
 	if ($_POST['do'] == 'login') {
 		$result = authenticateLDAP($_POST['username'], $_POST['password']);
 		if ($result['status'] == 'Success') {
+			// Convert base64 encoded string back from JSON;
+			//   forcing it into an associative array (instead of javascript's default StdClass object)
+			try {
+				$proxyHeaders = json_decode(base64_decode($_POST['ref']), JSON_OBJECT_AS_ARRAY);
+			}
+			catch (Exception $e) {
+				// Since this request is only ever called through an AJAX-request; return JSON object
+				echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
+				exit;
+			}
+			$originalUri = $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'];
+
 			// Since this request is only ever called through an AJAX-request; return JSON object
-			echo '{"Result":"Success","Location":"<originalurl>"}' . PHP_EOL;
+			echo '{"Result":"Success","Location":"' . $originalUri . '"}' . PHP_EOL;
 		} else {
 			switch ($result['reason']) {
 				case '1':

public/lucidAuth.validateRequest.php

@@ -16,7 +16,10 @@
 	}, ARRAY_FILTER_USE_KEY);
 	
 	// For debugging purposes - enable it in ../lucidAuth.config.php
-	if ($settings->Debug['LogToFile']) file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- ' . (json_encode($proxyHeaders, JSON_FORCE_OBJECT) . PHP_EOL), FILE_APPEND);
+	if ($settings->Debug['LogToFile']) {
+		file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- ' . (json_encode($proxyHeaders, JSON_FORCE_OBJECT)) . PHP_EOL, FILE_APPEND);
+		file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --+ ' . (base64_encode(json_encode($proxyHeaders))) . PHP_EOL, FILE_APPEND);
+	}
 
 #	if (sizeof($proxyHeaders) == 0) {
 	if (False) {
@@ -25,16 +28,18 @@
 		exit;
 	}
 
-#	if (validateToken($_COOKIE['Exp'], $_COOKIE['Sub'], $_COOKIE['JWT']) != True) {
-	if (False) {
-		// No or invalid authentication token found, redirecting to loginpage
-		header("HTTP/1.1 401 Unauthorized");
-#remember to include cookies/headers/something
-		header("Location: lucidAuth.login.php");
-	} else {
+	if ((!empty($_COOKIE['Exp']) && !empty($_COOKIE['Sub']) && !empty($_COOKIE['JWT'])) && validateToken([
+		'Exp' => $_COOKIE['Exp'],
+		'Sub' => $_COOKIE['Sub'],
+		'JWT' => $_COOKIE['JWT']
+	])['status'] == "Success") {
 		// Valid authentication token found
 		header("HTTP/1.1 202 Accepted");
 		exit;
+	} else {
+		// No cookie containing valid authentication token found, redirecting to loginpage
+		header("HTTP/1.1 401 Unauthorized");
+		header("Location: lucidAuth.login.php?ref=" . base64_encode(json_encode($proxyHeaders)));
 	}
 
 ?>

public/misc/script.index.js

@@ -16,7 +16,8 @@ $(document).ready(function(){
 		$.post("lucidAuth.login.php", {
 			do: "login",
 			username: $('#username').val(),
-			password: $('#password').val()
+			password: $('#password').val(),
+			ref: $('#ref').val()
 		})
 		.done(function(data,status) {
 			try {