Database['Driver']) { # case 'sqlite': # $database = new PDO('sqlite:' . $settings->Database['Path']); $pdoDB = new PDO('sqlite:' . $settings->Sqlite['Path']); # } } catch (Exception $e) { throw new Exception(sprintf('Unable to connect to database \'%1$s\'', $settings->Sqlite['Path'])); } function authenticateLDAP (string $username, string $password) { global $settings; if (!empty($username) && !empty($password)) { // Handle login requests $ds = ldap_connect($settings->LDAP['Server'], $settings->LDAP['Port']); // Strict namingconvention: only allow alphabetic characters $sanitizedUsername = preg_replace('([^a-zA-Z]*)', '', $_POST['username']); $qualifiedUsername = $settings->LDAP['Domain'] . '\\' . $sanitizedUsername; if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) { // Successful authentication; get additional userdetails from authenticationsource $ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername"); $commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0]; // Create JWT-payload $jwtPayload = [ 'iat' => time(), // Issued at: time when the token was generated 'iss' => $_SERVER['SERVER_NAME'], // Issuer 'sub' => $qualifiedUsername, // Subject (ie. username) 'name' => $commonName // Common name (as retrieved from AD) ]; $secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64'])); return ['status' => 'Success', 'token' => $secureToken]; } else { // LDAP authentication failed! return ['status' => 'Fail', 'reason' => '1']; } } else { // Empty username or passwords not allowed! return ['status' => 'Fail', 'reason' => '1']; } } function storeToken (string $username, string $password, object $cookie) { global $settings; } function retrieveTokenFromDB (string $username, string $foo) { global $settings; } function validateToken (string $secureToken) { global $settings; try { $jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']); } catch (Exception $e) { // Invalid token, inform client (client should handle discarding invalid token) return ['status' => 'Fail', 'reason' => '3']; } $pdoQuery = $pdoDB->prepare(' SELECT SecureToken.Payload FROM SecureToken LEFT JOIN User ON (User.Id=SecureToken.UserId) WHERE User.Username = :username '); $pdoQuery->execute([ 'username' => $jwtPayload['sub'] ]); foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) { $storedTokens[] = $row['Payload']; } print_r($storedTokens); # if (!empty($storedTokens) && ) { # } If ($secureToken['iat'] < (time() - $settings->Session['Duration'])) { // Expired token (shouldn't the browser disregard it?) return ['status' => 'Fail', 'reason' => '3']; } } ?>