centralise authentication + more certificate checking
git-svn-id: http://svn.cacert.cl/Software/Voting/vote@44 d4452222-2f33-11de-9270-010000000000
This commit is contained in:
parent
8094fd2df4
commit
e122d4337b
4 changed files with 47 additions and 12 deletions
44
database.php
44
database.php
|
@ -89,5 +89,49 @@ BODY;
|
|||
mail($this->board,$subject,$body,"From: Voting System <returns@cacert.org>");
|
||||
//mail("testsympa@lists.cacert.org",$subject,$body,"From: Voting System <returns@cacert.org>");
|
||||
}
|
||||
function auth()
|
||||
{
|
||||
$stmt = $this->getStatement("get voter");
|
||||
$stmt->execute(array($_SERVER['REMOTE_USER']));
|
||||
$user = $stmt->fetch();
|
||||
if ($user) return $user;
|
||||
if ($_SERVER['SSL_CLIENT_S_DN_EMAIL']) {
|
||||
$stmt->execute(array($_SERVER['SSL_CLIENT_S_DN_EMAIL']));
|
||||
$user = $stmt->fetch();
|
||||
if ($user) return $user;
|
||||
}
|
||||
$d=0;
|
||||
while ($email=$_SERVER["SSL_CLIENT_S_DN_EMAIL_$d"]) {
|
||||
$stmt->execute(array($email));
|
||||
$user = $stmt->fetch();
|
||||
if ($user) return $user;
|
||||
++$d;
|
||||
}
|
||||
if (preg_match_all('/\/emailAddress=([^\/]*)/',$dn,$reg,PREG_SET_ORDER)) {
|
||||
foreach ($reg as $emailarr) {
|
||||
$stmt->execute(array($emailarr[1]));
|
||||
$user = $stmt->fetch();
|
||||
if ($user) return $user;
|
||||
}
|
||||
}
|
||||
if ($_SERVER['SSL_CLIENT_CERT']) {
|
||||
# subjectAltName unpresented by Apache http://httpd.apache.org/docs/trunk/mod/mod_ssl.html
|
||||
# subjectAltName http://tools.ietf.org/html/rfc5280#section-4.2.1.6
|
||||
# WARNING WARNING openssl_x509_parse is an unstable PHP API
|
||||
$x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
|
||||
$subjectAltName = $x509['extensions']['subjectAltName']; // going off https://foaf.me/testSSL.php
|
||||
#print_r(split("[, ]",$subjectAltName));
|
||||
#print_r($x509);
|
||||
#echo $subjectAltName;
|
||||
if (preg_match_all('/email:([^, ]*)/',$subjectAltName,$reg,PREG_SET_ORDER)) {
|
||||
foreach ($reg as $emailarr) {
|
||||
$stmt->execute(array($emailarr[1]));
|
||||
$user = $stmt->fetch();
|
||||
if ($user) return $user;
|
||||
}
|
||||
}
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -4,12 +4,9 @@
|
|||
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
|
||||
exit();
|
||||
}
|
||||
$user = $_SERVER['REMOTE_USER'];
|
||||
require_once("database.php");
|
||||
$db = new DB();
|
||||
$stmt = $db->getStatement("get voter");
|
||||
$stmt->execute(array($user));
|
||||
if (!($user = $stmt->fetch())) {
|
||||
if (!($user = $db->auth())) {
|
||||
header("HTTP/1.0 302 Redirect");
|
||||
header("Location: denied.php");
|
||||
exit();
|
||||
|
|
|
@ -4,12 +4,9 @@
|
|||
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
|
||||
exit();
|
||||
}
|
||||
$user = $_SERVER['REMOTE_USER'];
|
||||
require_once("database.php");
|
||||
$db = new DB();
|
||||
$stmt = $db->getStatement("get voter");
|
||||
$stmt->execute(array($user));
|
||||
if (!($user = $stmt->fetch())) {
|
||||
if (!($user = $db->auth())) {
|
||||
header("HTTP/1.0 302 Redirect");
|
||||
header("Location: denied.php");
|
||||
exit();
|
||||
|
|
5
vote.php
5
vote.php
|
@ -4,12 +4,9 @@
|
|||
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
|
||||
exit();
|
||||
}
|
||||
$user = $_SERVER['REMOTE_USER'];
|
||||
require_once("database.php");
|
||||
$db = new DB();
|
||||
$stmt = $db->getStatement("get voter");
|
||||
$stmt->execute(array($user));
|
||||
if (!($user = $stmt->fetch())) {
|
||||
if (!($user = $db->auth())) {
|
||||
header("HTTP/1.0 302 Redirect");
|
||||
header("Location: denied.php");
|
||||
exit();
|
||||
|
|
Loading…
Reference in a new issue