README.md

@@ -29,4 +29,4 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
   The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
 
 ## Questions or bugs
-Feel free to open issues in this repository (or in its mirror on [GitHub](#)).
+Feel free to open issues in this repository.

include/lucidAuth.functions.php

@@ -135,10 +135,13 @@ function validateToken (string $secureToken) {
 	if (!empty($storedTokens) && sizeof(array_filter($storedTokens, function ($value) use ($jwtPayload) {
 		return $value->iat === $jwtPayload->iat;
 	})) === 1) {
-		return ['status' => 'Success'];
+		return [
+			'status'	=> 'Success',
+			'name'		=> $jwtPayload->name
+		];
 	} else {
 		if ($settings->Debug['LogToFile']) {
-			file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- No matching token in database' . PHP_EOL, FILE_APPEND);
+			file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Either no matching token or multiple matching tokens found in database' . PHP_EOL, FILE_APPEND);
 		}
 		return ['status' => 'Fail', 'reason' => '2'];
 	}

include/lucidAuth.template.php

@@ -9,7 +9,7 @@ $pageLayout['full'] = <<<'FULL'
     <meta charset="utf-8" />
     <title>lucidAuth</title>
 	<meta name="application-name" content="lucidAuth" />
-	<meta name="theme-color" content="#B50000" />
+	<meta name="theme-color" content="#003399" />
 	<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
 	<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
 	<link rel="manifest" href="/manifest.json" />
@@ -52,7 +52,7 @@ $pageLayout['bare'] = <<<'BARE'
 </html>
 BARE;
 
-$contentLayout['login'] = <<<LOGIN
+$contentLayout['login'] = <<<'LOGIN'
 		  <script src="misc/script.index.js"></script>
           <fieldset>
             <legend>Login Details</legend>
@@ -67,7 +67,7 @@ $contentLayout['login'] = <<<LOGIN
                 <input type="password" id="password" name="password" tabindex="200" />
               </li>
               <li>
-				<input type="hidden" id="ref" name="ref" value="{$_GET['ref']}" />
+				<input type="hidden" id="ref" name="ref" value="%1$s" />
 				<button id="btnlogin" class="bttn-simple bttn-xs bttn-primary" tabindex="300" data-translation="button_login">login</button>
               </li>
               <li class="misc">
@@ -81,43 +81,34 @@ $contentLayout['login'] = <<<LOGIN
           <img src="/images/tag_lock.png" style="position: absolute; top: 175px; left: 20px;" alt="Secure!" />
 LOGIN;
 
-$contentLayout['manage'] = <<<MANAGE
+$contentLayout['manage'] = <<<'MANAGE'
+		  <script src="misc/script.editable.table.js"></script>
 		  <script src="misc/script.manage.js"></script>
-          <span id="user"><span data-translation="span_loggedinas">Ingelogd als</span>&nbsp;{$_SESSION['fullname']}&nbsp;---&nbsp;[<a id="linkplugindialog" tabindex="600" data-translation="link_plugin">Browser plugin</a><div id="pluginlogos"><span data-translation="label_selectbrowser" style="float: left; margin-left: 5px;">Select browser:</span><span style="font-size: 8px; float: right; margin-right: 5px; margin-top: 2px;">[v0.2.122.4]</span><br /><img id="linkpluginchrome" src="images/chrome_256x256.png" /><img id="linkpluginfirefox" src="images/firefox_256x256.png" /><img id="linkpluginopera" src="images/opera_256x256.png" /></div>]&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="index.php?do=logout" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
+          <span id="user"><span data-translation="span_loggedinas">Ingelogd als</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="#" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
-<!--          <fieldset style="clear: both;">
+          <fieldset style="clear: both;">
-            <legend>Beheer Account</legend>
+            <legend>Beheer Gebruikers</legend>
             <ul>
               <li>
+                <table id="tabletest">
+                  <thead>
+                    <tr>
+                      <th>Username</th>
+                      <th>Role</th>
+                      <th>Sessions</th>
+                    </tr>
+                  </thead>
+                  <tbody>
+                    %2$s
+                  </tbody>
+                </table>
               </li>
               <li>
 		        <button id="btnaliasadd" class="bttn-simple bttn-xs bttn-primary" tabindex="200" data-translation="button_add">voeg toe</button>
-              </li>
-              <li>
-                <label id="labelallaliases" class="pre" for="allaliases" data-translation="label_allaliases">Alle aliassen:</label><output id="aliasstats">[--]</output>
-                <select id="allaliases" size="10" multiple="multiple" tabindex="300">
-                </select>
-              </li>
-              <li>
 		        <button id="btnaliasdelete" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_delete">verwijder</button>
-              </li>
+				<button id="btnsync" class="bttn-simple bttn-xs bttn-primary" tabindex="500" data-translation="button_sync">synchroniseer</button>
-              <li>
-				<button id="btnsync" class="bttn-simple bttn-xs bttn-primary" style="background-position: center;" tabindex="500" data-translation="button_sync">synchroniseer</button>
               </li>
             </ul>
           </fieldset>
-          -->
 MANAGE;
 
-$contentLayout['dialog'] = <<<DIALOG
-          <ul class="dialog">
-            <li>
-              <!--REPL_DIALOGDESC-->
-            </li>
-            <li>
-			  <button id="btnhome" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_home">ga naar startpagina</button>
-            </li>
-          </ul>
-DIALOG;
-
-
 ?>

public/example.php

@@ -0,0 +1,27 @@
+<?php
+
+// Basic example of PHP script to handle with jQuery-Tabledit plug-in.
+// Note that is just an example. Should take precautions such as filtering the input data.
+
+header('Content-Type: application/json');
+
+$input = filter_input_array(INPUT_POST);
+
+$mysqli = new mysqli('localhost', 'user', 'password', 'database');
+
+if (mysqli_connect_errno()) {
+  echo json_encode(array('mysqli' => 'Failed to connect to MySQL: ' . mysqli_connect_error()));
+  exit;
+}
+
+if ($input['action'] === 'edit') {
+    $mysqli->query("UPDATE users SET username='" . $input['username'] . "', email='" . $input['email'] . "', avatar='" . $input['avatar'] . "' WHERE id='" . $input['id'] . "'");
+} else if ($input['action'] === 'delete') {
+    $mysqli->query("UPDATE users SET deleted=1 WHERE id='" . $input['id'] . "'");
+} else if ($input['action'] === 'restore') {
+    $mysqli->query("UPDATE users SET deleted=0 WHERE id='" . $input['id'] . "'");
+}
+
+mysqli_close($mysqli);
+
+echo json_encode($input);

public/lucidAuth.login.php

@@ -3,15 +3,18 @@
 
 	include_once('../include/lucidAuth.functions.php');
 
-	echo $settings->Debug['Verbose'];
-  
 	if ($_POST['do'] == 'login') {
 		$result = authenticateLDAP($_POST['username'], $_POST['password']);
-		if ($result['status'] == 'Success') {
+		if ($result['status'] === 'Success') {
 			// Store authentication token; in database serverside & in cookie clientside
 			if (storeToken($result['token'], $settings->LDAP['Domain'] . '\\' . $_POST['username'], $_SERVER['HTTP_HOST'])['status'] !== 'Success') {
-				// Since this action is only ever called through an AJAX-request; return JSON object
+				// Return JSON object
-				echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
+				header('Content-Type: application/json');
+				echo json_encode([
+					"Result"			=>	"Failure",
+					"Reason"			=>	"Failed storing authentication token in database and/or cookie"
+				]);
+#				echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
 				exit;
 			}
             
@@ -21,33 +24,50 @@
 				$proxyHeaders = json_decode(base64_decode($_POST['ref']), JSON_OBJECT_AS_ARRAY);
 			}
 			catch (Exception $e) {
-				// Since this action is only ever called through an AJAX-request; return JSON object
+				// Return JSON object
-				echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
+				header('Content-Type: application/json');
+				echo json_encode([
+					"Result"			=>	"Failure",
+					"Reason"			=>	"Original request-URI lost in transition"
+				]);
+#				echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
 				exit;
 			}
 			$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
 
-			// Since this request is only ever called through an AJAX-request; return JSON object
+			// Return JSON object
 			header('Content-Type: application/json');
 			echo json_encode([
 				"Result"			=>	"Success",
 				"Location"			=>	$originalUri,
 				"CrossDomainLogin"	=>	$settings->Session['CrossDomainLogin']
 			]);
-#			echo sprintf('{"Result":"Success","Location":"%1$s","CrossDomainLogin":%2$s}', $originalUri, $settings->Session['CrossDomainLogin'] ? 'True' : 'False') . PHP_EOL;
 		} else {
 			switch ($result['reason']) {
 				case '1':
-					echo '{"Result":"Fail","Reason":"Invalid username and/or password"}' . PHP_EOL;
+					header('Content-Type: application/json');
+					echo json_encode([
+						"Result"	=>	"Failure",
+						"Reason"	=>	"Invalid username and/or password"
+					]);
 					break;
 				default:
-					echo '{"Result":"Fail","Reason":"Uncaught error"}' . PHP_EOL;
+					header('Content-Type: application/json');
+					echo json_encode([
+						"Result"	=>	"Failure",
+						"Reason"	=>	"Uncaught error"
+					]);
+					break;
 			}
 		}
 	} else {
 		include_once('../include/lucidAuth.template.php');
 
-		echo sprintf($pageLayout['full'], $contentLayout['login']);
+		echo sprintf($pageLayout['full'], 
+			sprintf($contentLayout['login'], 
+				$_GET['ref']
+			)
+		);
 	}
 
 ?>

public/lucidAuth.manage.php

@@ -0,0 +1,50 @@
+<?php
+	error_reporting(E_ALL ^ E_NOTICE);
+
+	include_once('../include/lucidAuth.functions.php');
+
+	if (!empty($_COOKIE['JWT'])) {
+		$validateTokenResult = validateToken($_COOKIE['JWT']);
+	}
+
+	if ($validateTokenResult['status'] === "Success") {
+		include_once('../include/lucidAuth.template.php');
+
+        try {
+        	$allUsers = $pdoDB->query('
+                SELECT User.Username, Role.Rolename, COUNT(DISTINCT SecureToken.Value) AS Sessions
+		        FROM User
+    		    LEFT JOIN Role
+	    		    ON (User.RoleId=Role.Id)
+                LEFT JOIN SecureToken
+                    ON (User.Id=SecureToken.UserId)
+    	    ')->fetchAll(PDO::FETCH_ASSOC);
+        } catch (Exception $e) {
+// Should really do some actual errorhandling here
+            throw new Exception($e);
+        }
+
+    	foreach($allUsers as $row) {
+            $tableRows[] = sprintf('<tr><td>%1$s</td><td>%2$s</td><td>%3$s</td></tr>',
+                explode('\\', $row['Username'])[1],
+                $row['Rolename'],
+                $row['Sessions']
+            );
+    	}
+
+		echo sprintf($pageLayout['full'],
+			sprintf($contentLayout['manage'],
+				$validateTokenResult['name'],
+                implode($tableRows)
+			)
+		);
+	} else {
+		// No cookie containing valid authentication token found;
+		//   explicitly deleting any remaining cookie, then redirecting to loginpage
+		setcookie('JWT', FALSE);
+
+		header("HTTP/1.1 401 Unauthorized");
+		header("Location: lucidAuth.login.php");
+	}
+
+?>

public/lucidAuth.setXDomainCookie.php

@@ -18,7 +18,7 @@
 
 	include_once('../include/lucidAuth.template.php');
 
-	echo sprintf($pageLayout['bare',
+	echo sprintf($pageLayout['bare'],
 		'// iFrames go here'
 	);
 ?>

public/misc/script.editable.table.js

@@ -0,0 +1,131 @@
+/*global $, window*/
+$.fn.editableTableWidget = function (options) {
+	'use strict';
+	return $(this).each(function () {
+		var buildDefaultOptions = function () {
+				var opts = $.extend({}, $.fn.editableTableWidget.defaultOptions);
+				opts.editor = opts.editor.clone();
+				return opts;
+			},
+			activeOptions = $.extend(buildDefaultOptions(), options),
+			ARROW_LEFT = 37, ARROW_UP = 38, ARROW_RIGHT = 39, ARROW_DOWN = 40, ENTER = 13, ESC = 27, TAB = 9,
+			element = $(this),
+			editor = activeOptions.editor.css('position', 'absolute').hide().appendTo(element.parent()),
+			active,
+			showEditor = function (select) {
+				active = element.find('td:focus');
+				if (active.length) {
+					editor.val(active.text())
+						.removeClass('error')
+						.show()
+						.offset(active.offset())
+						.css(active.css(activeOptions.cloneProperties))
+						.width(active.width())
+						.height(active.height())
+						.focus();
+					if (select) {
+						editor.select();
+					}
+				}
+			},
+			setActiveText = function () {
+				var text = editor.val(),
+					evt = $.Event('change'),
+					originalContent;
+				if (active.text() === text || editor.hasClass('error')) {
+					return true;
+				}
+				originalContent = active.html();
+				active.text(text).trigger(evt, text);
+				if (evt.result === false) {
+					active.html(originalContent);
+				}
+			},
+			movement = function (element, keycode) {
+				if (keycode === ARROW_RIGHT) {
+					return element.next('td');
+				} else if (keycode === ARROW_LEFT) {
+					return element.prev('td');
+				} else if (keycode === ARROW_UP) {
+					return element.parent().prev().children().eq(element.index());
+				} else if (keycode === ARROW_DOWN) {
+					return element.parent().next().children().eq(element.index());
+				}
+				return [];
+			};
+		editor.blur(function () {
+			setActiveText();
+			editor.hide();
+		}).keydown(function (e) {
+			if (e.which === ENTER) {
+				setActiveText();
+				editor.hide();
+				active.focus();
+				e.preventDefault();
+				e.stopPropagation();
+			} else if (e.which === ESC) {
+				editor.val(active.text());
+				e.preventDefault();
+				e.stopPropagation();
+				editor.hide();
+				active.focus();
+			} else if (e.which === TAB) {
+				active.focus();
+			} else if (this.selectionEnd - this.selectionStart === this.value.length) {
+				var possibleMove = movement(active, e.which);
+				if (possibleMove.length > 0) {
+					possibleMove.focus();
+					e.preventDefault();
+					e.stopPropagation();
+				}
+			}
+		})
+		.on('input paste', function () {
+			var evt = $.Event('validate');
+			active.trigger(evt, editor.val());
+			if (evt.result === false) {
+				editor.addClass('error');
+			} else {
+				editor.removeClass('error');
+			}
+		});
+		element.on('click keypress dblclick', showEditor)
+		.css('cursor', 'pointer')
+		.keydown(function (e) {
+			var prevent = true,
+				possibleMove = movement($(e.target), e.which);
+			if (possibleMove.length > 0) {
+				possibleMove.focus();
+			} else if (e.which === ENTER) {
+				showEditor(false);
+			} else if (e.which === 17 || e.which === 91 || e.which === 93) {
+				showEditor(true);
+				prevent = false;
+			} else {
+				prevent = false;
+			}
+			if (prevent) {
+				e.stopPropagation();
+				e.preventDefault();
+			}
+		});
+
+		element.find('td').prop('tabindex', 1);
+
+		$(window).on('resize', function () {
+			if (editor.is(':visible')) {
+				editor.offset(active.offset())
+				.width(active.width())
+				.height(active.height());
+			}
+		});
+	});
+
+};
+$.fn.editableTableWidget.defaultOptions = {
+	cloneProperties: ['padding', 'padding-top', 'padding-bottom', 'padding-left', 'padding-right',
+					  'text-align', 'font', 'font-size', 'font-family', 'font-weight',
+					  'border', 'border-top', 'border-bottom', 'border-left', 'border-right'],
+	editor: $('<input>')
+};
+

public/misc/script.index.js

@@ -19,7 +19,7 @@ $(document).ready(function(){
 			password: $('#password').val(),
 			ref: $('#ref').val()
 		})
-		.done(function(data,status) {
+		.done(function(data,_status) {
 			if (data.Result === 'Success') {
 				$('#btnlogin').css({
 					'background':	'green url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAaklEQVQ4jeXOMQ5AQBBG4T2BC4i76EWich7ncAKbqCRuodTqnMNTkFgJs3ZU4tXz/Rlj/hUQv8EpMAClFk9sjUAiHVcCnoFMwhZYgPYG575Xe46aIOyMdJx7ji9GwrEzUgOFCu8DkRp/qxU2BKCUyZR6ygAAAABJRU5ErkJggg==) no-repeat center',

public/misc/script.manage.js

@@ -0,0 +1,3 @@
+$(document).ready(function(){
+    $('#tabletest').editableTableWidget();
+});

public/misc/script.translation.js

@@ -8,13 +8,9 @@ var locales = {
 		heading_error:				"ERROR!",
 		label_password:				"Password:",
 		label_username:				"Username:",
-		label_selectbrowser:	"Select browser:",
-		link_install:				"Install!",
 		link_logout:				"Logout",
-		link_plugin:				"Browser plugin",
 		span_credentialsavailable:	"Login credentials available upon request!",
-		span_loggedinas:			"Logged in as",
+		span_loggedinas:			"Logged in as"
-		span_plugin:				"Browser plugin?"
 	},
 	nl: {
 		button_add:					"voeg toe",
@@ -25,13 +21,9 @@ var locales = {
 		heading_error:				"FOUT!",
 		label_password:				"Wachtwoord:",
 		label_username:				"Gebruikersnaam:",
-		label_selectbrowser:	"Selecteer browser:",
-		link_install:				"Installeer!",
 		link_logout:				"Log uit",
-		link_plugin:				"Browser plugin",
 		span_credentialsavailable:	"Inloggegevens verkrijgbaar op aanvraag!",
-		span_loggedinas:			"Ingelogd als",
+		span_loggedinas:			"Ingelogd als"
-		span_plugin:				"Browser plugin?"
 	} // ... etc.
 };