Re: [MRBS-general] using third-party login (avoiding the need to separately sign into MRBS)
Brought to you by:
jberanek
Menu
▾
▴
Re: [MRBS-general] using third-party login (avoiding the need to separately sign into MRBS)
|
From: Diego Z. <die...@un...> - 2014-05-13 06:44:43
|
Il 12/05/2014 15:57, RC Z ha scritto:
> I'm trying to avoid the need for users to sign in twice: is it possible
> to use third-party authentication and then check against a session
> variable to automatically sign a user into MRBS?
Yup. Already doing that :)
> For example, John Smith has username john.smith and successfully logs
> into the non-MRBS system. $_SESSION['username'] is set to "john.smith".
> When he goes to MRBS, I want to be able to check for the username
> session variable and if it's set, check the value (john.smith) and log
> him in automatically.
Remember that $_SESSION can be different in different web apps on even
the same vhost. It depends on session_name() .
> I feel like this is probably easy to do, but I can't figure it out and
> thought it would probably be best to just ask. Any help would be
> appreciated!
You have to write your own session handler.
Mine is:
<?php
/*****************************************************************************\
*
*
* File name session_difa.inc
*
*
*
* Description Use PHP built-in sessions handling
*
*
*
* Notes To use this authentication scheme, set in
*
* config.inc.php:
*
* $auth["session"] = "difa";
*
*
*
*
*
* History
*
* 2013/01/18 NdK changed it for a sort-of SSO
*
* 2003/11/09 JFL Created this file
*
* Remaining history in ChangeLog and CVS logs
*
*
*
\*****************************************************************************/
// $Id: session_php.inc 2558 2012-11-05 16:51:11Z cimorrison $
global $PHP_SELF;
// Get non-standard form variables
$Action = get_form_var('Action', 'string');
$NewUserName = get_form_var('NewUserName', 'string');
$NewUserPassword = get_form_var('NewUserPassword', 'string');
$TargetURL = get_form_var('TargetURL', 'string');
$returl = get_form_var('returl', 'string');
if (isset($cookie_path_override))
{
$cookie_path = $cookie_path_override;
}
else
{
$cookie_path = $PHP_SELF;
// Strip off everything after the last '/' in $PHP_SELF
$cookie_path = preg_replace('/[^\/]*$/', '', $cookie_path);
}
global $auth;
if (!isset($auth["session_php"]["session_expire_time"]))
{
// Default to the behaviour of previous versions of MRBS, use only
// session cookies - no persistent cookie.
$auth["session_php"]["session_expire_time"] = 0;
}
session_name("DIFA_APPS"); // call before session_set_cookie_params() -
see PHP manual
//session_set_cookie_params($auth["session_php"]["session_expire_time"],
// $cookie_path);
session_start();
/*
Display the login form. Used by two routines below.
Will eventually return to $TargetURL.
*/
function printLoginForm($TargetURL)
{
echo "<p>Il sistema di prenotazione aule ora utilizza il <a
href='/login'>login centralizzato</a></p>\n";
// Print footer and exit
print_footer(TRUE);
}
/* authGet()
*
* Request the user name/password
*
* Returns: Nothing
*/
function authGet()
{
global $PHP_SELF, $QUERY_STRING;
print_header(0, 0, 0, 0, "");
echo "<p>".get_vocab("norights")."</p>\n";
$TargetURL = basename($PHP_SELF);
if (isset($QUERY_STRING))
{
$TargetURL = $TargetURL . "?" . $QUERY_STRING;
}
printLoginForm($TargetURL);
exit();
}
function getUserName()
{
if (isset($_SESSION) && isset($_SESSION["user"]) && ($_SESSION["user"]
!== ''))
{
return $_SESSION["user"];
}
else
{
global $HTTP_SESSION_VARS;
if (isset($HTTP_SESSION_VARS["user"]) && ($HTTP_SESSION_VARS["user"]
!== ''))
{
return $HTTP_SESSION_VARS["user"];
}
}
}
// Print the logon entry on the top banner.
function PrintLogonBox()
{
global $PHP_SELF, $QUERY_STRING, $user_list_link, $day, $month, $year;
$TargetURL = basename($PHP_SELF);
if (isset($url_base) && ($url_base !== ''))
{
$TargetURL = $url_base . '/' . $TargetURL;
}
if (isset($QUERY_STRING))
{
$TargetURL = $TargetURL . "?" . $QUERY_STRING;
}
$user=getUserName();
if (isset($user))
{
// words 'you are xxxx' becomes a link to the
// report page with only entries created by xxx. Past entries are not
// displayed but this can be changed
$search_string = "report.php?from_day=$day&from_month=$month&".
"from_year=$year&to_day=1&to_month=12&to_year=2030&areamatch=&".
"roommatch=&namematch=&descrmatch=&summarize=1&sortby=r&display=d&".
"sumby=d&creatormatch=".urlencode($user); ?>
<a href="<?php echo "$search_string\" title=\""
. get_vocab('show_my_entries') . "\">" . get_vocab('you_are')." "
. htmlspecialchars($user) ?></a>
<?php
}
else
{
?>
<a href=""><?php echo get_vocab('unknown_user'); ?></a>
<?php
}
if (isset($user_list_link))
{
print "<a id=\"user_list_link\" href=\"$user_list_link\">" .
get_vocab('user_list') . "</a>\n";
}
}
?>
Should be quite easy to modify it to suit your needs. Then save it in
session/session_YOURNAME.inc and activate it using
$auth['session']='YOURNAME';
in config file.
Slightly harder to import a different PHP session.
A skeleton class for importing a different session on the same vhost, if
using 'files' as backend and *not* using Suhosin patch (or at least
having it configured to *not* encrypt session data), is:
class ImportSession {
function __construct($sessName) {
if(empty($sessName)) {
$this->data=array();
} else {
$ts=$_SESSION; // Save current $_SESSION
$_SESSION=array(); // Avoid troubles when imported session
is empty
//@@@ TODO: sanitize against session hijacking and arbitrary
file reads!
$ss=@file_get_contents(session_save_path()
.'/sess_'.$_COOKIE[$sessName]);
if(!session_decode($ss)) { // Overwrites $_SESSION
//trigger_error('Session decode failed!');
}
$this->data=$_SESSION;
$_SESSION=$ts; // Restore previous $_SESSION
}
}
// Retrieves a single value from data
// returns '' (empty string) if given key is not found
function get($var) {
if(array_key_exists($var, $this->data))
return $this->data[$var];
return '';
}
}
PS for Campbell: as usual, if something can be useful, use it freely!
--
Diego Zuccato
Servizi Informatici
Dip. di Fisica e Astronomia (DIFA) - Università di Bologna
V.le Berti-Pichat 6/2 - 40127 Bologna - Italy
tel.: +39 051 20 95786
mail: die...@un...
|