Resolved conflicts in login.php and functions.php
This commit is contained in:
djpbessems
@ -3,30 +3,13 @@
|
||||
|
||||
include_once('../include/lucidAuth.functions.php');
|
||||
|
||||
if ($_POST['do'] === 'login') {
|
||||
echo $settings->Debug['Verbose'];
|
||||
|
||||
if ($_POST['do'] == 'login') {
|
||||
$result = authenticateLDAP($_POST['username'], $_POST['password']);
|
||||
if ($result['status'] === 'Success') {
|
||||
// Store authentication token; in database serverside & in cookie clientside
|
||||
if (storeToken($result['token'], $settings->LDAP['Domain'] . '\\' . $_POST['username'], $_SERVER['HTTP_HOST'])['status'] !== 'Success') {
|
||||
// Since this action is only ever called through an AJAX-request; return JSON object
|
||||
echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
|
||||
exit;
|
||||
}
|
||||
|
||||
// Convert base64 encoded string back from JSON;
|
||||
// forcing it into an associative array (instead of javascript's default StdClass object)
|
||||
try {
|
||||
$proxyHeaders = json_decode(base64_decode($_POST['ref']), JSON_OBJECT_AS_ARRAY);
|
||||
}
|
||||
catch (Exception $e) {
|
||||
// Since this action is only ever called through an AJAX-request; return JSON object
|
||||
echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
|
||||
exit;
|
||||
}
|
||||
$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
|
||||
|
||||
// Since this action is only ever called through an AJAX-request; return JSON object
|
||||
echo '{"Result":"Success","Location":"' . $originalUri . '"}' . PHP_EOL;
|
||||
if ($result['status'] == 'Success') {
|
||||
// Since this request is only ever called through an AJAX-request; return JSON object
|
||||
echo sprintf('{"Result":"Success","Location":"%1$s","CrossDomainLogin":%2$s}', $originalUri, $settings->Session['CrossDomainLogin'] ? 'True' : 'False') . PHP_EOL;
|
||||
} else {
|
||||
switch ($result['reason']) {
|
||||
case '1':
|
||||
|
||||
18
public/lucidAuth.setXDomainCookie.php
Normal file
18
public/lucidAuth.setXDomainCookie.php
Normal file
@ -0,0 +1,18 @@
|
||||
<?php
|
||||
error_reporting(E_ALL ^ E_NOTICE);
|
||||
|
||||
include_once('../include/lucidAuth.functions.php');
|
||||
|
||||
// Start with checking $_REQUEST['ref']
|
||||
// What do we need?
|
||||
// token again?
|
||||
|
||||
// approach 1:
|
||||
// origin domain, so we can intersect with $settings->Session['CookieDomains'] and iterate through the remaining domains, serving them in one page (which contains iframes already)
|
||||
// this might be slower because it means one additional roundtrip between client and server
|
||||
|
||||
// approach 2:
|
||||
// let the client setup multiple iframes for all domains other than origin domains
|
||||
// this requires passing an array of domains to the client in asynchronous reply; which feels insecure
|
||||
|
||||
?>
|
||||
@ -1,7 +1,7 @@
|
||||
$(document).ready(function(){
|
||||
// Allow user to press enter to submit credentials
|
||||
$('#username, #password').keypress(function(event) {
|
||||
if (event.which == 13) {
|
||||
if (event.which === 13) {
|
||||
$('#btnlogin').trigger('click');
|
||||
}
|
||||
});
|
||||
@ -26,16 +26,20 @@ $(document).ready(function(){
|
||||
catch (e) {
|
||||
console.log(data);
|
||||
}
|
||||
if (ajaxData.Result == 'Success') {
|
||||
if (ajaxData.Result === 'Success') {
|
||||
$('#btnlogin').css({
|
||||
'background': 'green url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAaklEQVQ4jeXOMQ5AQBBG4T2BC4i76EWich7ncAKbqCRuodTqnMNTkFgJs3ZU4tXz/Rlj/hUQv8EpMAClFk9sjUAiHVcCnoFMwhZYgPYG575Xe46aIOyMdJx7ji9GwrEzUgOFCu8DkRp/qxU2BKCUyZR6ygAAAABJRU5ErkJggg==) no-repeat center',
|
||||
'transform': 'rotateX(0deg)'
|
||||
});
|
||||
setTimeout(function() {
|
||||
$('#btnsync').prop('disabled', false).css({
|
||||
$('#btnlogin').prop('disabled', false).css({
|
||||
'background': '#B50000 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
|
||||
'color': '#FFF'
|
||||
});
|
||||
if (ajaxData.CrossDomainLogin) {
|
||||
// Create iframes for other domains
|
||||
console.log('CrossDomainLogin initiated');
|
||||
}
|
||||
window.location.replace(ajaxData.Location);
|
||||
}, 2250);
|
||||
} else {
|
||||
@ -44,7 +48,7 @@ $(document).ready(function(){
|
||||
'transform': 'rotateX(0deg)'
|
||||
});
|
||||
setTimeout(function() {
|
||||
$('#btnsync').prop('disabled', false).css({
|
||||
$('#btnlogin').prop('disabled', false).css({
|
||||
'background': '#B50000 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
|
||||
'color': '#FFF'
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user