centralise authentication + more certificate checking

git-svn-id: http://svn.cacert.cl/Software/Voting/vote@44 d4452222-2f33-11de-9270-010000000000
This commit is contained in:
community.cacert.org 2009-05-29 03:43:21 +00:00
parent 8094fd2df4
commit e122d4337b
4 changed files with 47 additions and 12 deletions

View file

@ -89,5 +89,49 @@ BODY;
mail($this->board,$subject,$body,"From: Voting System <returns@cacert.org>");
//mail("testsympa@lists.cacert.org",$subject,$body,"From: Voting System <returns@cacert.org>");
}
function auth()
{
$stmt = $this->getStatement("get voter");
$stmt->execute(array($_SERVER['REMOTE_USER']));
$user = $stmt->fetch();
if ($user) return $user;
if ($_SERVER['SSL_CLIENT_S_DN_EMAIL']) {
$stmt->execute(array($_SERVER['SSL_CLIENT_S_DN_EMAIL']));
$user = $stmt->fetch();
if ($user) return $user;
}
$d=0;
while ($email=$_SERVER["SSL_CLIENT_S_DN_EMAIL_$d"]) {
$stmt->execute(array($email));
$user = $stmt->fetch();
if ($user) return $user;
++$d;
}
if (preg_match_all('/\/emailAddress=([^\/]*)/',$dn,$reg,PREG_SET_ORDER)) {
foreach ($reg as $emailarr) {
$stmt->execute(array($emailarr[1]));
$user = $stmt->fetch();
if ($user) return $user;
}
}
if ($_SERVER['SSL_CLIENT_CERT']) {
# subjectAltName unpresented by Apache http://httpd.apache.org/docs/trunk/mod/mod_ssl.html
# subjectAltName http://tools.ietf.org/html/rfc5280#section-4.2.1.6
# WARNING WARNING openssl_x509_parse is an unstable PHP API
$x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
$subjectAltName = $x509['extensions']['subjectAltName']; // going off https://foaf.me/testSSL.php
#print_r(split("[, ]",$subjectAltName));
#print_r($x509);
#echo $subjectAltName;
if (preg_match_all('/email:([^, ]*)/',$subjectAltName,$reg,PREG_SET_ORDER)) {
foreach ($reg as $emailarr) {
$stmt->execute(array($emailarr[1]));
$user = $stmt->fetch();
if ($user) return $user;
}
}
}
return FALSE;
}
}
?>

View file

@ -4,12 +4,9 @@
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
$user = $_SERVER['REMOTE_USER'];
require_once("database.php");
$db = new DB();
$stmt = $db->getStatement("get voter");
$stmt->execute(array($user));
if (!($user = $stmt->fetch())) {
if (!($user = $db->auth())) {
header("HTTP/1.0 302 Redirect");
header("Location: denied.php");
exit();

View file

@ -4,12 +4,9 @@
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
$user = $_SERVER['REMOTE_USER'];
require_once("database.php");
$db = new DB();
$stmt = $db->getStatement("get voter");
$stmt->execute(array($user));
if (!($user = $stmt->fetch())) {
if (!($user = $db->auth())) {
header("HTTP/1.0 302 Redirect");
header("Location: denied.php");
exit();

View file

@ -4,12 +4,9 @@
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
$user = $_SERVER['REMOTE_USER'];
require_once("database.php");
$db = new DB();
$stmt = $db->getStatement("get voter");
$stmt->execute(array($user));
if (!($user = $stmt->fetch())) {
if (!($user = $db->auth())) {
header("HTTP/1.0 302 Redirect");
header("Location: denied.php");
exit();