diff options
Diffstat (limited to 'plugins/session')
-rw-r--r-- | plugins/session/main.php | 21 | ||||
-rw-r--r-- | plugins/session/www/rpc.php | 31 |
2 files changed, 32 insertions, 20 deletions
diff --git a/plugins/session/main.php b/plugins/session/main.php new file mode 100644 index 0000000..814bfc5 --- /dev/null +++ b/plugins/session/main.php @@ -0,0 +1,21 @@ +<?php + +define('ROOT', __DIR__ . '/../../'); + +function create_key($salt) { + require_once ROOT . 'config.php'; + require_once ROOT . 'plugins/session/session.module'; + $bridge = session_init($config['session']); + $plugin = $config['session']['plugin']; + $plugin_conf = $config[$plugin_conf]; + $plugin_id = $plugin_conf['file']; + require_once ROOT . 'plugins/' . $plugin_id . '/' . $plugin_id . '.module'; + $function = $plugin_id . '_session'; + $username = function_exists($function) ? $function($plugin_conf) : NULL; + if ($username) { + $entry = ['user' => $username, 'secret' => sha1($salt . time() . mt_rand()), 'time' => time()]; + $bridge->create($entry); + return $entry; + } + return FALSE; +} diff --git a/plugins/session/www/rpc.php b/plugins/session/www/rpc.php index 58f3634..fca85a0 100644 --- a/plugins/session/www/rpc.php +++ b/plugins/session/www/rpc.php @@ -1,25 +1,16 @@ <?php -define('ROOT', __DIR__ . '/../../../'); -define('SESS_ROOT' , __DIR__ . '/../'); +define('SESS_ROOT', __DIR__ . '/../'); -main(); +require_once SESS_ROOT . 'main.php'; -function main() { - require_once ROOT . 'config.php'; - require_once SESS_ROOT . 'session.module'; - $bridge = session_init($config['session']); - $plugin = $config['session']['plugin']; - $plugin_conf = $config['session']['plugins'][$plugin_conf]; - $plugin_id = $plugin_conf['file']; - require_once SESS_ROOT . 'plugins/' . $plugin_id . '/' . $plugin_id . '.module'; - $function = $plugin_id . '_authenticate'; - $username = $function($plugin_conf); - if ($username) { - $entry = ['user' => $username, 'secret' => sha1($_POST['salt'] . time() . mt_rand()), 'time' => time()]; - $bridge->create($entry); - header('Content-type: text/plain; charset=UTF-8'); - print json_encode($entry); - } - else header('HTTP/1.1 403 Forbidden'); +$entry = (!empty($_POST['salt']) && strlen($_POST['salt']) >= 16) ? + create_key($_POST['salt']) : FALSE; + +if ($entry) { + header('Content-type: text/plain; charset=UTF-8'); + print json_encode($entry); +} +else { + header('HTTP/1.1 403 Forbidden'); } |