TeaWeb/auth/auth.php

<?php

	$GLOBALS["COOKIE_NAME_USER_DATA"] = "user_data";
	$GLOBALS["COOKIE_NAME_USER_SIGN"] = "user_sign";

	$host = gethostname();
	$localhost = false;
	if($host == "WolverinDEV")
		$localhost = true;


	/*
	openssl genrsa -des3 -out forum_private.pem 2048
	openssl rsa -in forum_private.pem -outform PEM -pubout -out forum_public.pem
	openssl rsa -in forum_private.pem -out private_unencrypted.pem -outform PEM    #Export the private key as unencripted
	 */
	function authPath() {
		if (file_exists("auth")) {
			return "auth/";
		} else return "";
	}

	function mainPath()
	{
		global $localhost;
		if ($localhost) {
			return "../";
		} else return "";
	}

	function remoteAddress()
	{
		if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
			$ip = $_SERVER['HTTP_CLIENT_IP'];
		} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
			$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
		} else {
			$ip = $_SERVER['REMOTE_ADDR'];
		}
		return $ip;
	}

	/** @return \XF\App */
	function getXF()
	{
		if (isset($GLOBALS["XF_APP"])) return $GLOBALS["XF_APP"];

		if (file_exists("/var/www/forum.teaspeak"))
			$dir = "/var/www/forum.teaspeak";
		else if (file_exists(__DIR__ . "/xf"))
			$dir = __DIR__ . "/xf";
		else if (file_exists(__DIR__ . "/auth/xf"))
			$dir = __DIR__ . "/auth/xf";
		else
			return null;

		require($dir . '/src/XF.php');

		XF::start($dir);
		return ($GLOBALS["XF_APP"] = XF::setupApp('XF\Pub\App'));
	}

	function milliseconds()
	{
		$mt = explode(' ', microtime());
		return ((int)$mt[1]) * 1000 + ((int)round($mt[0] * 1000));
	}

	/**
	 * @param $user \XF\Entity\User
	 * @return array
	 */
	function generateUserData($user)
	{
		$user_data = array();

		$user_data["user_id"] = $user->user_id;
		$user_data["user_name"] = $user->username;
		$user_data["user_group"] = $user->user_group_id;
		$user_data["user_groups"] = $user->secondary_group_ids;

		$user_data["trophy_points"] = $user->trophy_points;
		$user_data["register_date"] = $user->register_date;
		$user_data["is_staff"] = $user->is_staff;
		$user_data["is_admin"] = $user->is_admin;
		$user_data["is_super_admin"] = $user->is_super_admin;
		$user_data["is_banned"] = $user->is_banned;

		$user_data["data_age"] = milliseconds();

		$data = json_encode($user_data);


		$file = realpath("./certs/private_unencrypted.pem");
		$pkeyid = openssl_pkey_get_private("file://" . $file);
		if (!$pkeyid) die("Could not open private key! Message: " . openssl_error_string() . " (" . $file . ")");
		if (!openssl_sign($data, $signature, $pkeyid, OPENSSL_ALGO_SHA256)) die("Could not sign user data");
		openssl_free_key($pkeyid);

		return ["data" => $data, "sign" => base64_encode($signature)];
	}

	/**
	 * @param $username
	 * @param $password
	 * @return array
	 */
	function checkLogin($username, $password) {
		$allowedXFGroups = [
			3, //Administrator
			6, //Web tester
			5  //Premium
		];
		$app = getXF();

		$response = [];
		$response["success"] = false;
		if(!$app) goto _return;

		if (!isset($username) || !isset($password)) {
			$response["msg"] = "missing credentials";
			goto _return;
		}

		/** @var \XF\Service\User\Login $loginService */
		$loginService = $app->service('XF:User\Login', $username, "");
		if (!$loginService->isLoginLimited()) {
			$error = "";
			$user = $loginService->validate($password, $error);
			if ($user) {
				$response["success"] = true;
				$allowed = true;
				foreach ($allowedXFGroups as $id) {
					foreach ($user->secondary_group_ids as $assigned)
						if ($assigned == $id) {
							$allowed = true;
							break;
						}
					$allowed |= $user->user_group_id == $id;
					if ($allowed) break;
				}
				if ($allowed) {
					$response["allowed"] = true;

					try {
						/** @var  $session XF\Session\Session */
						$session = $app->session();
						if (!$session->exists()) {
							$session->expunge();
							if (!$session->start(remoteAddress())) {
								$response["success"] = false;
								$response["msg"] = "could not create session";
								goto _return;
							}
						}
						$session->changeUser($user);
						$session->save();
						$response["sessionName"] = $session->getCookieName();
						$response["sessionId"] = $session->getSessionId();
						$response["user_name"] = $user->username;

						$user_data = generateUserData($user);
						$response["cookie_name_data"] = $GLOBALS["COOKIE_NAME_USER_DATA"];
						$response["cookie_name_sign"] = $GLOBALS["COOKIE_NAME_USER_SIGN"];
						$response["user_data"] = $user_data["data"];
						$response["user_sign"] = $user_data["sign"];
					} catch (Exception $error) {
						$response["success"] = false;
						$response["msg"] = $error->getMessage();
					}
					goto _return;
				} else {
					$response["allowed"] = false;
				}
			} else {
				$response["msg"] = $error;
			}
		} else {
			$response["msg"] = "Too many login's!";
		}

		_return:
		return $response;
	}

	function logged_in() {
		return test_session() == 0;
	}

	function logout()
	{
		$app = getXF();
		if(!$app) return false;

		$session = $app->session();
		$session->expunge();

		return true;
	}

	/**
	 * @return int 0 = Success | 1 = Invalid coocie | 2 = invalid session
	 */
	function test_session($sessionId = null)
	{
		$app = getXF();
		if(!$app) return -1;

		if(!isset($sessionId)) {
			if (!isset($_COOKIE[$app->session()->getCookieName()]))
				return 1;
			$sessionId = $_COOKIE[$app->session()->getCookieName()];
		}
		$app->session()->expunge();
		if (!$app->session()->start(remoteAddress(), $sessionId) || !$app->session()->exists())
			return 2;
		return 0;
	}

	function redirectOnInvalidSession()
	{
		$app = getXF();
		if(!$app) return;

		$status = test_session();
		if ($status != 0) {
			$type = "undefined";
			switch ($status) {
				case 1:
					$type = "nocookie";
					break;
				case 2:
					$type = "expired";
					break;
				default:
					$type = "unknown";
					break;
			}
			header('Location: ' . authPath() . 'login.php?error=' . $type);
			setcookie($app->session()->getCookieName(), "", 1);
			die();
		}
	}

	function setup_forum_auth() {
		getXF(); /* Initialize XF */
	}

	if(!$_INCLIDE_ONLY) {
		$app = getXF();
		if(!$app) return;

		if (isset($_GET["type"])) {
			error_log("Got authX request!");
			if ($_GET["type"] == "login") {
				die(json_encode(checkLogin($_POST["user"], $_POST["pass"])));
			} else if ($_GET["type"] == "logout") {
				logout();
				global $localhost;
				if($localhost)
					header("Location: login.php");
				else
					header("Location: https://web.teaspeak.de/");

				$session = $app->session();
				setcookie($session->getCookieName(), '', time() - 3600, '/');
				setcookie("session", '', time() - 3600, '/');
				setcookie("user_data", '', time() - 3600, '/');
				setcookie("user_sign", '', time() - 3600, '/');
			} else die("unknown type!");
		} else if(isset($_POST["action"])) {
			error_log("Got auth post request!");
			if($_POST["action"] === "login") {
				die(json_encode(checkLogin($_POST["user"], $_POST["pass"])));
			} else if ($_POST["action"] === "logout") {
				logout();
				die(json_encode([
					"success" => true
				]));
			} else if($_POST["action"] === "validate") {
				$app = getXF();
				if(test_session($_POST["token"]) === 0)
					die(json_encode([
						"success" => true,
						"token" => $app->session()->getSessionId()
					]));
				else
					die(json_encode([
						"success" => false
					]));
			} else
				die(json_encode([
					"success" => false,
					"msg" => "Invalid action"
				]));
		}
	}
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`<?php`

			`$GLOBALS["COOKIE_NAME_USER_DATA"] = "user_data";`
			`$GLOBALS["COOKIE_NAME_USER_SIGN"] = "user_sign";`

			`$host = gethostname();`
			`$localhost = false;`
			`if($host == "WolverinDEV")`
			`$localhost = true;`


			`/*`
			`openssl genrsa -des3 -out forum_private.pem 2048`
			`openssl rsa -in forum_private.pem -outform PEM -pubout -out forum_public.pem`
			`openssl rsa -in forum_private.pem -out private_unencrypted.pem -outform PEM #Export the private key as unencripted`
			`*/`
Fixed warnings according to wrong xf include and excluded auth files 2018-12-26 14:54:47 +00:00			`function authPath() {`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`if (file_exists("auth")) {`
			`return "auth/";`
			`} else return "";`
			`}`

			`function mainPath()`
			`{`
			`global $localhost;`
			`if ($localhost) {`
			`return "../";`
			`} else return "";`
			`}`

			`function remoteAddress()`
			`{`
			`if (!empty($_SERVER['HTTP_CLIENT_IP'])) {`
			`$ip = $_SERVER['HTTP_CLIENT_IP'];`
			`} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {`
			`$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];`
			`} else {`
			`$ip = $_SERVER['REMOTE_ADDR'];`
			`}`
			`return $ip;`
			`}`

			`/** @return \XF\App */`
			`function getXF()`
			`{`
			`if (isset($GLOBALS["XF_APP"])) return $GLOBALS["XF_APP"];`

			`if (file_exists("/var/www/forum.teaspeak"))`
			`$dir = "/var/www/forum.teaspeak";`
			`else if (file_exists(__DIR__ . "/xf"))`
			`$dir = __DIR__ . "/xf";`
			`else if (file_exists(__DIR__ . "/auth/xf"))`
			`$dir = __DIR__ . "/auth/xf";`
			`else`
Fixed warnings according to wrong xf include and excluded auth files 2018-12-26 14:54:47 +00:00			`return null;`

Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`require($dir . '/src/XF.php');`

			`XF::start($dir);`
			`return ($GLOBALS["XF_APP"] = XF::setupApp('XF\Pub\App'));`
			`}`

			`function milliseconds()`
			`{`
			`$mt = explode(' ', microtime());`
			`return ((int)$mt[1]) * 1000 + ((int)round($mt[0] * 1000));`
			`}`

			`/**`
			`* @param $user \XF\Entity\User`
			`* @return array`
			`*/`
			`function generateUserData($user)`
			`{`
			`$user_data = array();`

			`$user_data["user_id"] = $user->user_id;`
			`$user_data["user_name"] = $user->username;`
			`$user_data["user_group"] = $user->user_group_id;`
			`$user_data["user_groups"] = $user->secondary_group_ids;`

			`$user_data["trophy_points"] = $user->trophy_points;`
			`$user_data["register_date"] = $user->register_date;`
			`$user_data["is_staff"] = $user->is_staff;`
			`$user_data["is_admin"] = $user->is_admin;`
			`$user_data["is_super_admin"] = $user->is_super_admin;`
			`$user_data["is_banned"] = $user->is_banned;`

			`$user_data["data_age"] = milliseconds();`

			`$data = json_encode($user_data);`


			`$file = realpath("./certs/private_unencrypted.pem");`
			`$pkeyid = openssl_pkey_get_private("file://" . $file);`
			`if (!$pkeyid) die("Could not open private key! Message: " . openssl_error_string() . " (" . $file . ")");`
			`if (!openssl_sign($data, $signature, $pkeyid, OPENSSL_ALGO_SHA256)) die("Could not sign user data");`
			`openssl_free_key($pkeyid);`

			`return ["data" => $data, "sign" => base64_encode($signature)];`
			`}`

			`/**`
			`* @param $username`
			`* @param $password`
Some memory updates 2018-10-07 16:21:28 +00:00			`* @return array`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`*/`
Some memory updates 2018-10-07 16:21:28 +00:00			`function checkLogin($username, $password) {`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`$allowedXFGroups = [`
			`3, //Administrator`
			`6, //Web tester`
			`5 //Premium`
			`];`
			`$app = getXF();`

			`$response = [];`
			`$response["success"] = false;`
Fixed warnings according to wrong xf include and excluded auth files 2018-12-26 14:54:47 +00:00			`if(!$app) goto _return;`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00
			`if (!isset($username) \|\| !isset($password)) {`
Some memory updates 2018-10-07 16:21:28 +00:00			`$response["msg"] = "missing credentials";`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`goto _return;`
			`}`

			`/** @var \XF\Service\User\Login $loginService */`
			`$loginService = $app->service('XF:User\Login', $username, "");`
			`if (!$loginService->isLoginLimited()) {`
			`$error = "";`
			`$user = $loginService->validate($password, $error);`
			`if ($user) {`
			`$response["success"] = true;`
			`$allowed = true;`
			`foreach ($allowedXFGroups as $id) {`
			`foreach ($user->secondary_group_ids as $assigned)`
			`if ($assigned == $id) {`
			`$allowed = true;`
			`break;`
			`}`
			`$allowed \|= $user->user_group_id == $id;`
			`if ($allowed) break;`
			`}`
			`if ($allowed) {`
			`$response["allowed"] = true;`

			`try {`
			`/** @var $session XF\Session\Session */`
			`$session = $app->session();`
			`if (!$session->exists()) {`
			`$session->expunge();`
			`if (!$session->start(remoteAddress())) {`
			`$response["success"] = false;`
			`$response["msg"] = "could not create session";`
			`goto _return;`
			`}`
			`}`
			`$session->changeUser($user);`
			`$session->save();`
			`$response["sessionName"] = $session->getCookieName();`
			`$response["sessionId"] = $session->getSessionId();`
			`$response["user_name"] = $user->username;`

			`$user_data = generateUserData($user);`
			`$response["cookie_name_data"] = $GLOBALS["COOKIE_NAME_USER_DATA"];`
			`$response["cookie_name_sign"] = $GLOBALS["COOKIE_NAME_USER_SIGN"];`
			`$response["user_data"] = $user_data["data"];`
			`$response["user_sign"] = $user_data["sign"];`
			`} catch (Exception $error) {`
Some memory updates 2018-10-07 16:21:28 +00:00			`$response["success"] = false;`
			`$response["msg"] = $error->getMessage();`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`}`
			`goto _return;`
			`} else {`
			`$response["allowed"] = false;`
			`}`
			`} else {`
			`$response["msg"] = $error;`
			`}`
			`} else {`
Some memory updates 2018-10-07 16:21:28 +00:00			`$response["msg"] = "Too many login's!";`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`}`

			`_return:`
Some memory updates 2018-10-07 16:21:28 +00:00			`return $response;`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`}`

Some opus improvements and removed the required login 2018-06-27 13:53:03 +00:00			`function logged_in() {`
Some memory updates 2018-10-07 16:21:28 +00:00			`return test_session() == 0;`
Some opus improvements and removed the required login 2018-06-27 13:53:03 +00:00			`}`

Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`function logout()`
			`{`
			`$app = getXF();`
Fixed warnings according to wrong xf include and excluded auth files 2018-12-26 14:54:47 +00:00			`if(!$app) return false;`

Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`$session = $app->session();`
			`$session->expunge();`

Some memory updates 2018-10-07 16:21:28 +00:00			`return true;`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`}`

			`/**`
			`* @return int 0 = Success \| 1 = Invalid coocie \| 2 = invalid session`
			`*/`
Some memory updates 2018-10-07 16:21:28 +00:00			`function test_session($sessionId = null)`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`{`
			`$app = getXF();`
Fixed warnings according to wrong xf include and excluded auth files 2018-12-26 14:54:47 +00:00			`if(!$app) return -1;`

Some memory updates 2018-10-07 16:21:28 +00:00			`if(!isset($sessionId)) {`
			`if (!isset($_COOKIE[$app->session()->getCookieName()]))`
			`return 1;`
			`$sessionId = $_COOKIE[$app->session()->getCookieName()];`
			`}`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`$app->session()->expunge();`
			`if (!$app->session()->start(remoteAddress(), $sessionId) \|\| !$app->session()->exists())`
			`return 2;`
			`return 0;`
			`}`

			`function redirectOnInvalidSession()`
			`{`
			`$app = getXF();`
Fixed warnings according to wrong xf include and excluded auth files 2018-12-26 14:54:47 +00:00			`if(!$app) return;`

Some memory updates 2018-10-07 16:21:28 +00:00			`$status = test_session();`
Updated responsetory structure and some more features 2018-05-05 12:58:30 +00:00			`if ($status != 0) {`
			`$type = "undefined";`
			`switch ($status) {`
			`case 1:`
			`$type = "nocookie";`
			`break;`
			`case 2:`
			`$type = "expired";`
			`break;`
			`default:`
			`$type = "unknown";`
			`break;`
			`}`
			`header('Location: ' . authPath() . 'login.php?error=' . $type);`
			`setcookie($app->session()->getCookieName(), "", 1);`
			`die();`
			`}`
			`}`

Implemented the Material Design and fixed some bugs (#33) * cleaned up some files * Fundamental style update * Redesigned some style * fixed hostbanner popup * Removed old identity stuff * fixed close listener * Fixed changelog date * fixed release chat icons * fixed url * Fixed hostbanner * Uploaded missing images * Improved update handling * Improved script files * Fixed loading error and icon error * fixed Yes/No modal * Fixed loader issues with MS Edge * fixed modal style bug * Fixed control bar overflow for small devices * Improved error handling on identity creation * Logging generate error to terminal * fixed possible php error * fixed some possible loading errors when other files have'nt been already loaded. * removed debug message * Changed emsrcypten flags * Improved codec error handling * removed webassembly as required dependency * Improved and fixed channel tree issues * Improved the sliders * Removed unneeded files * fixed loader versions cache * second slight performance improved (dont animate elements anymore if they are not shown) * Fixed query visibility setting * not showing useless client infos for query clients * Added an auto reconnect system * Added a canceled message and increased reconnect interval * removed implemented todo * fixed repetitive channel names * Reworked the channel tree selected lines * Fixed channel tree names * Fixed name alignment * fixed the native client * added min width to the server select groups to avoid a disappearing effect on shrink * fixed bugged downloaded icons 2019-02-17 15:08:10 +00:00			`function setup_forum_auth() {`
			`getXF(); /* Initialize XF */`
			`}`

Updated the project structure, for the upcoming client (Still needs some work) 2018-10-03 20:04:29 +00:00			`if(!$_INCLIDE_ONLY) {`
Added forum account UI and fixed firefox not working issue 2019-01-28 19:36:11 +00:00			`$app = getXF();`
			`if(!$app) return;`

Updated the project structure, for the upcoming client (Still needs some work) 2018-10-03 20:04:29 +00:00			`if (isset($_GET["type"])) {`
			`error_log("Got authX request!");`
			`if ($_GET["type"] == "login") {`
Changed some stuff 2018-10-13 16:44:54 +00:00			`die(json_encode(checkLogin($_POST["user"], $_POST["pass"])));`
Updated the project structure, for the upcoming client (Still needs some work) 2018-10-03 20:04:29 +00:00			`} else if ($_GET["type"] == "logout") {`
			`logout();`
Some memory updates 2018-10-07 16:21:28 +00:00			`global $localhost;`
			`if($localhost)`
			`header("Location: login.php");`
			`else`
			`header("Location: https://web.teaspeak.de/");`
Added forum account UI and fixed firefox not working issue 2019-01-28 19:36:11 +00:00
			`$session = $app->session();`
Some memory updates 2018-10-07 16:21:28 +00:00			`setcookie($session->getCookieName(), '', time() - 3600, '/');`
			`setcookie("session", '', time() - 3600, '/');`
Added forum account UI and fixed firefox not working issue 2019-01-28 19:36:11 +00:00			`setcookie("user_data", '', time() - 3600, '/');`
			`setcookie("user_sign", '', time() - 3600, '/');`
Updated the project structure, for the upcoming client (Still needs some work) 2018-10-03 20:04:29 +00:00			`} else die("unknown type!");`
Changed some stuff 2018-10-13 16:44:54 +00:00			`} else if(isset($_POST["action"])) {`
Some memory updates 2018-10-07 16:21:28 +00:00			`error_log("Got auth post request!");`
			`if($_POST["action"] === "login") {`
			`die(json_encode(checkLogin($_POST["user"], $_POST["pass"])));`
			`} else if ($_POST["action"] === "logout") {`
			`logout();`
			`die(json_encode([`
			`"success" => true`
			`]));`
			`} else if($_POST["action"] === "validate") {`
			`$app = getXF();`
			`if(test_session($_POST["token"]) === 0)`
			`die(json_encode([`
			`"success" => true,`
			`"token" => $app->session()->getSessionId()`
			`]));`
			`else`
			`die(json_encode([`
			`"success" => false`
			`]));`
			`} else`
			`die(json_encode([`
			`"success" => false,`
			`"msg" => "Invalid action"`
			`]));`
Updated the project structure, for the upcoming client (Still needs some work) 2018-10-03 20:04:29 +00:00			`}`
Some opus improvements and removed the required login 2018-06-27 13:53:03 +00:00			`}`