chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49722 Commits
17 Branches
107 Tags
940 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 8b3203e593
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8b3203e593'
${ noResults }
chamilo-lms/main/auth/hmac/login.php

107 lines
3.5 KiB
Raw Blame History

<?php
use ChamiloSession as Session;
/**
* This file contains the necessary elements to allow a Single Sign On
* based on a validation of a hmac computed hash.
*
* To allow the SSO access /main/auth/hmac/login.php must receive as
* query string parameters the following parameters:
*
* 'email': user email.
*
* 'time': time of the request, as HH:mm.
*
* 'system': System name, a control value.
*
* 'Token': a HMAC computed SHA256 algorithm based on the concatenation of
* the 'time' and 'email' value.
*
* Example:
*
* https://campus.chamilo/main/auth/hmac/login.php?email=user@domain.com&time=10:48&system=SystemName&Token=0407ae5cf5f80525800eaf4276a48c5ce293dd766be4c5edb0a87ecd082f20bd
*
* Also a settings.php file must be configured the set the following values:
*
* 'secret': secret key used to generate a HMAC computed hash to validate the
* received 'Token' parameter on the query string.
*
* 'secret': secret key used to generate a HMAC computed hash to validate the 'Token' parameter on the query string.
*
* 'expiration_time': integer value, maximum time in minutes of the request lifetime.
*
*/
require_once '../../../main/inc/global.inc.php';
// Create a settings.dist.php
if (file_exists('settings.php')) {
require_once 'settings.php';
} else {
$message = '';
if (api_is_platform_admin()) {
$message = 'Create a settings.php';
}
api_not_allowed(true, $message);
}
// Check if we have all the parameters from the query string
if (isset($_GET['email']) && isset($_GET['time']) && isset($_GET['system']) && isset($_GET['Token'])) {
$email = $_GET['email'];
$time = $_GET['time'];
$system = $_GET['system'];
$token = $_GET['Token'];
// Generate the token
$validToken = hash_hmac('sha256', $time.$email, $settingsInfo['secret'], false);
// Compare the received token & the valid token
if ($token !== $validToken) {
Display::addFlash(Display::return_message('Incorrect token', 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}
// Check the system is correct
if ($settingsInfo['system'] !== $system) {
Display::addFlash(Display::return_message('Incorrect client', 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}
// Check if the request expired with a diff between the query string parameter & the actual time
if ($settingsInfo['expiration_time'] && $settingsInfo['expiration_time'] > 0) {
$tokenTime = strtotime($time);
$diff = abs($tokenTime - time()) / 60;
if ($diff > $settingsInfo['expiration_time']) {
Display::addFlash(Display::return_message('Token expired', 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}
}
// Get the user info
$userInfo = api_get_user_info_from_email($email);
// Log-in user if exists or a show error message
if (!empty($userInfo)) {
Session::write('_user', $userInfo);
Session::write('is_platformAdmin', false);
Session::write('is_allowedCreateCourse', false);
Event::eventLogin($userId);
Session::write('flash_messages', '');
} else {
Display::addFlash(Display::return_message('User not found', 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}
header('Location: '.api_get_path(WEB_PATH).'user_portal.php');
} else {
Display::addFlash(Display::return_message('Invalid request', 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}