Commit 2ad12eda authored by Daniel Carden's avatar Daniel Carden

Update index.php - added Oauth2 authorisation parts

parent f617a52c
Pipeline #529 failed with stage
......@@ -16,8 +16,8 @@ $GLOBALS['server_start_time']=getmicrotime();
$section = @$_REQUEST['section'];
if( !isset($_SESSION['userLoggedIn']) && $section=='authorize' ) {
/*OLD Function
if( !isset($_SESSION['userLoggedIn']) && $section=='authorize' ) {
$authorization=$_REQUEST['state'];
$client_id=$_GET['client_id'];
$client_secret=$_GET['client_secret'];
......@@ -25,25 +25,35 @@ if( !isset($_SESSION['userLoggedIn']) && $section=='authorize' ) {
if($authorization!=""){
die('<script>top.location="index.php?section=login&authorize='.$authorization.'&client_id='.$client_id.'&client_secret='.$client_secret.'"</script>');
}
}
*/
if( !isset($_SESSION['userLoggedIn']) && $section=='authorize' ) {
parse_str($_SERVER['QUERY_STRING'], $datareceived);
echo "authorizing:".$datareceived['client_id'];
if(isset($datareceived['response_type']) && $datareceived['response_type'] =="code"){
$datareceived['section'] = "login";
$datareceived['authorize'] = $datareceived['state'];
die('<script>top.location="index.php?'.http_build_query($datareceived,'','&').'"</script>');
}
}
if(!isset($_SESSION['userLoggedIn']) && $section!='' && $section!='login' && $section!='wizard' && $section!='proxySocket' && $section!='orbitersWin'){
if($section=='createUser'){
$users=getAssocArray('Users','PK_Users','Username',$dbADO);
if(count($users)>0){
unset($_SESSION);
session_destroy();
if($section=='createUser'){
$users=getAssocArray('Users','PK_Users','Username',$dbADO);
if(count($users)>0){
unset($_SESSION);
session_destroy();
die('<script>top.location="index.php?section=login"</script>');
}
}else{
// invalid session, destroy it and send user to login
unset($_SESSION);
session_destroy();
die('<script>top.location="index.php?section=login"</script>');
}
die('<script>top.location="index.php?section=login"</script>');
}
}else{
// invalid session, destroy it and send user to login
unset($_SESSION);
session_destroy();
die('<script>top.location="index.php?section=login"</script>');
}
}
// if installation ID is 1 (offline installation), check if it doesn't changed
validate_installation((int)@$_SESSION['installationID'],$dbADO);
......@@ -1928,11 +1938,11 @@ switch ($section) {
installWizardList($output,$dbADO);
break;
case 'authorizeApp':
$output= new Template($dbADO);
$output->setTemplateFileType('small');
include_once('../api/authorize.php');
doAuth($output,$dbADO );
break;
$output= new Template($dbADO);
$output->setTemplateFileType('small');
include_once('oauth2-authorize.php');
doAuth($output,$dbADO );
break;
case 'cloudServices':
$output= new Template($dbADO);
$output->setTemplateFileType('large');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment