lucidAuth/public/lucidAuth.manage.php

129 lines
5.5 KiB
PHP

<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
if (!empty($_COOKIE['JWT'])) {
$validateTokenResult = validateToken($_COOKIE['JWT']);
}
if ($validateTokenResult['status'] === "Success") {
switch ($_REQUEST['do']) {
case 'mutateusers':
// Do magic!
break;
case 'retrievesessions':
$storedTokens = [];
$pdoQuery = $pdoDB->prepare('
SELECT SecureToken.Id, SecureToken.UserId, SecureToken.Value
FROM SecureToken
WHERE SecureToken.UserId = :userid
');
$pdoQuery->execute([
':userid' => (int) $_REQUEST['userid']
]);
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
try {
$JWTPayload = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
$storedTokens[] = [
'tid' => $row['Id'],
'iat' => $JWTPayload->iat,
'iss' => $JWTPayload->iss,
'fp' => $JWTPayload->fp
];
} catch (Exception $e) {
// Invalid token
continue;
}
}
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Success",
"SessionCount" => sizeof($storedTokens),
"UserSessions" => json_encode($storedTokens)
]);
break;
case 'deletesession':
if (isset($_REQUEST['userid']) && isset($_REQUEST['tokenid'])) {
try {
$pdoQuery = $pdoDB->prepare('
DELETE FROM SecureToken
WHERE SecureToken.UserId = :userid AND SecureToken.Id = :tokenid
');
$pdoQuery->execute([
':userid' => (int) $_REQUEST['userid'],
':tokenid' => (int) $_REQUEST['tokenid']
]);
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Success",
"RowCount" => $pdoQuery->RowCount()
]);
}
catch (Exception $e) {
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Failed deleting tokens from database"
]);
exit;
}
} else {
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Incomplete request data"
]);
}
break;
default:
// No action requested, default action
include_once('../include/lucidAuth.template.php');
try {
$allUsers = $pdoDB->query('
SELECT User.Id, User.Username, Role.Rolename
FROM User
LEFT JOIN Role
ON (Role.Id = User.RoleId)
')->fetchAll(PDO::FETCH_ASSOC);
} catch (Exception $e) {
// Should really do some actual errorhandling here
throw new Exception($e);
}
foreach($allUsers as $row) {
$tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
$validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,
$row['Id'],
explode('\\', $row['Username'])[1],
$row['Rolename'],
'<button class="bttn-simple bttn-xs bttn-primary session" data-translation="button_sessions">Sessions</button>' . ($validateTokenResult['uid'] === $row['Id'] ? null : '&nbsp;<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">Delete</button>')
);
}
echo sprintf($pageLayout['full_alt'],
sprintf($contentLayout['manage']['header'],
$validateTokenResult['name']
),
sprintf($contentLayout['manage']['section'],
implode($tableRows)
)
);
break;
}
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage
setcookie('JWT', FALSE);
header("HTTP/1.1 401 Unauthorized");
header("Location: lucidAuth.login.php");
}
?>