Gentics Portal.Node PHP API
 All Classes Namespaces Functions Variables Pages
backend.php
1 <?php
2 
3 $HEAD = <<<EOE
4 <html>
5 <head>
6 <style>
7 body{
8 font-family:Arial, Helvetica, sans-serif;
9 font-size:13px;
10 }
11 .info, .success, .warning, .error, .validation {
12 width: 550px;
13 border: 1px solid;
14 margin: 10px 0px;
15 padding:15px 10px 15px 50px;
16 background-repeat: no-repeat;
17 background-position: 10px center;
18 }
19 .info {
20 color: #00529B;
21 background-color: #BDE5F8;
22 background-image: url('info.png');
23 }
24 .success {
25 color: #4F8A10;
26 background-color: #DFF2BF;
27 background-image:url('success.png');
28 }
29 .warning {
30 color: #9F6000;
31 background-color: #FEEFB3;
32 background-image: url('warning.png');
33 }
34 .error {
35 color: #D8000C;
36 background-color: #FFBABA;
37 background-image: url('error.png');
38 }
39 </style>
40 EOE;
41 
42 /**
43 * Get cookie value and sid, decrypt and save cookie, forward user
44 * to cms backend with given sid
45 */
46 
47 // get 2 values
48 $value = $_GET['value'];
49 $sid = $_GET['sid'];
50 
51 $u = $_GET['u'];
52 $f = $_GET['f'];
53 $l = $_GET['l'];
54 $e = $_GET['e'];
55 $p = $_GET['p'];
56 $s = $_GET['s'];
57 $ch = $_GET['ch'];
58 
59 // include encryption class
60 $key = "secretKey123#";
61 $min_length = 8;
62 include_once 'encryption_class.php';
63 $crypt = new encryption_class();
64 include_once 'db.php';
65 
66 $creator_id = 1;
67 $standard_group_id = 3;
68 
69 //$DEBUGx = true;
70 $DEBUGx = false;
71 
72 // standard login procedure
73 if (isset($sid) && isset($value))
74 {
75  $value = urldecode($crypt->decrypt($key, $value));
76 
77  // delete existing cookies
78  unset($_COOKIE['GCN_SESSION_SECRET']);
79  //setcookie('GCN_SESSION_SECRET', '', time() - 3600);
80 
81  //set cookie
82  setcookie ("GCN_SESSION_SECRET", $value, time()+60*60*24);
83 
84  if ( $DEBUGx == true ) {
85  echo $_COOKIE['GCN_SESSION_SECRET'] . "<br>";
86  echo $value . "<br>";
87  echo $sid . "<br>";
88  echo '<a href="/.Node/?sid='.$sid.'">test '.$sid.'</a>';
89  echo "<br />";
90  //print_r( $_COOKIE );
91 
92  } else {
93  //forward to cms
94  echo '<meta http-equiv="refresh" content=';
95  echo '"0; URL=/.Node/?sid='.$sid.'">';
96  }
97 } elseif ( isset($u) && isset($f) && isset($l) && isset($e) && isset($p) )
98 {
99  $u = urldecode( $crypt->decrypt( $key, $u ) );
100  $f = urldecode( $crypt->decrypt( $key, $f ) );
101  $l = urldecode( $crypt->decrypt( $key, $l ) );
102  $e = urldecode( $crypt->decrypt( $key, $e ) );
103  $p = urldecode( $crypt->decrypt( $key, $p ) );
104  $c = urldecode( $crypt->decrypt( $key, $c ) );
105 
106  if ( isset( $s ) ) $s = urldecode( $crypt->decrypt( $key, $s ) );
107  if ( $ch == 'email' ) $u = $e;
108 
109  // secret key checking for security reasons
110  if ( $c == $key )
111  {
112  $sql = "SELECT id FROM systemuser WHERE login = '" . $u . "'";
113  if ( $DEBUGx == true ) echo $sql . "<br>";
114  $rs = query( $sql );
115 
116  if ( $rs['num'] <= 0 )
117  {
118  $sql = "INSERT INTO systemuser VALUES ( null, '" . $f . "', '" . $l . "', '" . $u . "', 'xxxxx', '" .
119  $e . "', 0, 1, " .
120  $creator_id . ", " . time() . ", " . $creator_id . ", " . time() . ", '', 0, 0 )";
121  if ( $DEBUGx == true ) echo $sql . "<br>";
122  $rs = query( $sql );
123 
124  $sql = "SELECT id FROM systemuser WHERE login = '" . $u . "'";
125  if ( $DEBUGx == true ) echo $sql . "<br>";
126  $rs = query( $sql );
127 
128  if ( $rs['num'] > 0 )
129  {
130  // set correct pw with user_id
131  $user_id = $rs['arr'][0]['id'];
132  if ( $user_id ) {
133  $sql = "UPDATE systemuser SET password = '" . md5( $user_id . $p ) . "' WHERE id = " . $user_id;
134  if ( $DEBUGx == true ) echo $sql . "<br>";
135  if ( $DEBUGx == true ) echo md5( $user_id . $p ) . "<br>";
136  $rs = query( $sql );
137 
138  $sql = "SELECT * FROM user_group WHERE user_id = " . $user_id;
139  if ( $DEBUGx == true ) echo $sql . "<br>";
140  $rs = query( $sql );
141  // put user in standard group if no assignment
142  if ( $rs['num'] < 1 ) {
143 
144  $sql = "INSERT INTO user_group VALUES (" . $user_id . ", " . $standard_group_id . ", " .
145  time() . ", " . $creator_id . " )";
146  if ( $DEBUGx == true ) echo $sql . "<br>";
147  $rs = query( $sql );
148  }
149  }
150  }
151  // reset password for SSO of CMS user
152  } else
153  {
154  $user_id = $rs['arr'][0]['id'];
155 
156  if ( isset( $user_id ) && isset( $p ) )
157  {
158  if ( $DEBUGx == true ) echo $p . "<br>";
159  $passwd = md5( $user_id . $p );
160  $sql = "UPDATE systemuser SET password = '" . $passwd . "' WHERE id = " . $user_id;
161  if ( $DEBUGx == true ) echo $sql . "<br>";
162  $rs = query( $sql );
163  }
164 
165  }
166  //$sid = sendRequest($u, $p);
167 
168  $redir_url = $_SERVER['HTTP_REFERER'];
169  //forward to cms
170  //set cookie
171  //setcookie ("GCN_SESSION_SECRET", $s, time()+60*60*24, '/');
172 
173  if ( isset( $redir_url ) ) {
174  echo '<meta http-equiv="refresh" content=';
175  echo '"5; URL=' . $redir_url . '?ts='. time() . '">';
176  }
177 
178  /**
179  <div class="info">Info message</div>
180 
181  <div class="success">Successful operation message</div>
182 
183  <div class="warning">Warning message</div>
184 
185  <div class="error">Error message</div>
186  **/
187 
188  // user already exists
189  echo $HEAD;
190  echo "</head><body><div class='error'>";
191  echo "You're the first time here, your user in the CMS editor was created.<br><br>";
192  echo "In case you see this again and again, contact your administrator.<br><br>";
193  echo "You have to click the link in the portal once again to login automatically.<br><br>";
194  if ( isset( $redir_url ) ) echo "You will be redirected back in 5 seconds.";
195  echo "</div>";
196  echo "</body></html>";
197 
198  }
199 }
200 
201 ?>