From de7b4681c953982fb8e33a5f74eb93ee8e539108 Mon Sep 17 00:00:00 2001
From: Christoph Burschka
Date: Thu, 16 Jan 2014 15:34:03 +0100
Subject: Finished session auth framework for now. (fixes #1)

Doc changes and some implementations remain.
---
 core/EjabberdAuth.php             |  1 +
 plugins/session/BridgeSession.php | 12 +++++++-----
 plugins/session/install.sql       |  8 +++++---
 plugins/session/main.php          |  5 +++--
 plugins/session/www/rpc.php       | 17 +++++++++++------
 plugins/smf2/smf2.module          |  4 ++--
 6 files changed, 29 insertions(+), 18 deletions(-)

diff --git a/core/EjabberdAuth.php b/core/EjabberdAuth.php
index f83f1b6..f3a5bfc 100644
--- a/core/EjabberdAuth.php
+++ b/core/EjabberdAuth.php
@@ -9,6 +9,7 @@ class EjabberdAuth {
 
   function __construct($config, EjabberdAuthBridge $bridge) {
     $this->bridge = $bridge;
+    $this->bridge->parent = $this;
     if (!empty($config['log_path']) && is_dir($config['log_path']) && is_writable($config['log_path'])) {
       $this->logfile = fopen($config['log_path'] . 'activity-' . date('Y-m-d') . '.log', 'a');
     }
diff --git a/plugins/session/BridgeSession.php b/plugins/session/BridgeSession.php
index 700d545..58e2208 100644
--- a/plugins/session/BridgeSession.php
+++ b/plugins/session/BridgeSession.php
@@ -4,12 +4,12 @@
  * Implements EjabberdAuthBridge.
  */
 class BridgeSession extends EjabberdAuthBridge {
-  function __const($pdo, $config) {
+  function __construct($pdo, $config) {
     $this->db = $pdo;
     $this->timeout = $config['timeout'];
-    $this->table = mysqli::escape_string($config['mysql'['tablename']);
+    $this->table = $config['mysql']['tablename'];
     $this->_isuser = $this->db->prepare(sprintf('SELECT COUNT(*) FROM `%s` WHERE `username` = :user AND `created` >= :limit;', $this->table));
-    $this->_auth = $this->db->prepare(sprintf('DELETE COUNT(*) FROM `%s` WHERE `username` = :user AND `secret` = :secret AND `created` >= :limit;', $this->table));
+    $this->_auth = $this->db->prepare(sprintf('DELETE FROM `%s` WHERE `username` = :user AND `secret` = :secret AND `created` >= :limit;', $this->table));
     $this->_prune = $this->db->prepare(sprintf('DELETE COUNT(*) FROM `%s` WHERE `created` < :limit;', $this->table));
     $this->_create = $this->db->prepare(sprintf('INSERT INTO `%s` (`username`, `secret`, `created`) VALUES (:user, :secret, :time);', $this->table));
   }
@@ -24,12 +24,14 @@ class BridgeSession extends EjabberdAuthBridge {
 
   function isuser($username, $server) {
     $this->prune();
-    return $this->_isuser->execute([':user' => $username, ':limit' => time() - $this->timeout])->fetch()[0] > 0;
+    $this->_isuser->execute([':user' => $username, ':limit' => time() - $this->timeout]);
+    return $this->_isuser->fetch()[0] > 0;
   }
 
   function auth($username, $server, $password) {
     $this->prune();
-    return $this->_auth->execute([[':useer' => $username, ':secret' => $password, ':limit' => time() - $this->timeout])->rowCount() > 0;
+    $this->_auth->execute([':user' => $username, ':secret' => $password, ':limit' => time() - $this->timeout]);
+    return $this->_auth->rowCount() > 0;
   }
 
   function setpass($username, $server, $password) {
diff --git a/plugins/session/install.sql b/plugins/session/install.sql
index 074e4a9..ecf59f9 100644
--- a/plugins/session/install.sql
+++ b/plugins/session/install.sql
@@ -1,5 +1,7 @@
 CREATE TABLE `{TAB}` (
-	username TEXT PRIMARY KEY,
-	secret VARCHAR(40) PRIMARY KEY,
-	created INT INDEX,
+	username VARCHAR(255),
+	secret VARCHAR(40),
+	created INT,
+	PRIMARY KEY(username, secret),
+	INDEX(created)
 );
diff --git a/plugins/session/main.php b/plugins/session/main.php
index 814bfc5..8bd6f74 100644
--- a/plugins/session/main.php
+++ b/plugins/session/main.php
@@ -1,14 +1,15 @@
 <?php
 
 define('ROOT', __DIR__ . '/../../');
+require_once ROOT . 'core/EjabberdAuthBridge.php';
 
 function create_key($salt) {
   require_once ROOT . 'config.php';
   require_once ROOT . 'plugins/session/session.module';
   $bridge = session_init($config['session']);
   $plugin = $config['session']['plugin'];
-  $plugin_conf = $config[$plugin_conf];
-  $plugin_id = $plugin_conf['file'];
+  $plugin_conf = $config[$plugin];
+  $plugin_id = $plugin;
   require_once ROOT . 'plugins/' . $plugin_id . '/' . $plugin_id . '.module';
   $function = $plugin_id . '_session';
   $username = function_exists($function) ? $function($plugin_conf) : NULL;
diff --git a/plugins/session/www/rpc.php b/plugins/session/www/rpc.php
index fca85a0..9e27bc3 100644
--- a/plugins/session/www/rpc.php
+++ b/plugins/session/www/rpc.php
@@ -4,13 +4,18 @@ define('SESS_ROOT', __DIR__ . '/../');
 
 require_once SESS_ROOT . 'main.php';
 
-$entry = (!empty($_POST['salt']) && strlen($_POST['salt']) >= 16) ?
-         create_key($_POST['salt']) : FALSE;
-
-if ($entry) {
-  header('Content-type: text/plain; charset=UTF-8');
-  print json_encode($entry);
+if (!empty($_POST['salt']) && strlen($_POST['salt']) >= 16) {
+  $entry = create_key($_POST['salt']);
+  if ($entry) {
+    header('Content-type: text/plain; charset=UTF-8');
+    print json_encode($entry);
+  }
+  else {
+    header('HTTP/1.1 403 Forbidden');
+    print json_encode(['error' => 'no-session']);
+  }
 }
 else {
   header('HTTP/1.1 403 Forbidden');
+  print json_encode(['error' => 'no-request']);
 }
diff --git a/plugins/smf2/smf2.module b/plugins/smf2/smf2.module
index 066780e..1f91bf0 100644
--- a/plugins/smf2/smf2.module
+++ b/plugins/smf2/smf2.module
@@ -12,13 +12,13 @@ function smf2_bootstrap($config) {
 }
 
 function smf2_init($config) {
-  smf2_bootstap($config);
+  smf2_bootstrap($config);
   require_once __DIR__ . '/BridgeSMF2.php';
   return new BridgeSMF2();
 }
 
 function smf2_session($config) {
-  smf2_bootstap($config);
+  smf2_bootstrap($config);
   $user = smf_ssi('welcome', NULL);
   return (empty($user['is_guest']) && !empty($user['name'])) ? $user['name'] : FALSE;
 }
-- 
cgit v1.1