1<?php
2/**
3 * Federated Login for DokuWiki - cookie manipulation class
4 *
5 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
6 * @link       http://www.dokuwiki.org/plugin:fedauth
7 * @author     Aoi Karasu <aoikarasu@gmail.com>
8 */
9
10// Requires fedauth cookie definition
11if (!defined('FEDAUTH_COOKIE')) die();
12
13/**
14 * Federated login cookie manipulation class. Gets the user-bound authorization
15 * service data from the cookie or sets it as well as with session data.
16 *
17 * Based on functions in '/inc/auth.php' by Andreas Gohr <andi@splitbrain.org>
18 *
19 * @author     Aoi Karasu <aoikarasu@gmail.com>
20 */
21class fa_cookie {
22
23    /**
24     * Removes the federated login cookie and all related session data.
25     */
26    function clean() {
27        global $USERINFO;
28
29        // make sure the session is writable (it usually is)
30        @session_start();
31
32        // clear the session
33        if (isset($_SESSION[DOKU_COOKIE]['fedauth']['user']))
34            unset($_SESSION[DOKU_COOKIE]['fedauth']['user']);
35        if (isset($_SESSION[DOKU_COOKIE]['fedauth']['prid']))
36            unset($_SESSION[DOKU_COOKIE]['fedauth']['prid']);
37        if (isset($_SESSION[DOKU_COOKIE]['fedauth']['svcd']))
38            unset($_SESSION[DOKU_COOKIE]['fedauth']['svcd']);
39        if (isset($_SESSION[DOKU_COOKIE]['fedauth']['stok']))
40            unset($_SESSION[DOKU_COOKIE]['fedauth']['stok']);
41        if (isset($_SESSION[DOKU_COOKIE]['fedauth']['info']))
42            unset($_SESSION[DOKU_COOKIE]['fedauth']['info']);
43        if (isset($_SESSION[DOKU_COOKIE]['fedauth']['sgin']))
44            unset($_SESSION[DOKU_COOKIE]['fedauth']['sgin']);
45        if (isset($_SESSION[DOKU_COOKIE]['bc']))
46            unset($_SESSION[DOKU_COOKIE]['bc']);
47        if (isset($_SERVER['REMOTE_USER']))
48            unset($_SERVER['REMOTE_USER']);
49        $USERINFO = null;
50
51        // clear the cookie
52        $this->_updateCookie('', time() - 600000);
53    }
54
55    /**
56     * Gets the user-bound authorization service data from the cookie.
57     *
58     * Return array information: key - value meaning
59     * user   - local username
60     * sticky - timeout: true - 1 year, false - use $conf['auth_security_timeout'] value
61     *          FIXME reimplement to timeout value
62     * prid   - auth provider identifier
63     * svcd   - user-bound auth service data
64     * stok   - security token
65     *
66     * @return mixed array with data or false on failure
67     */
68    function get() {
69        if (!isset($_COOKIE[FEDAUTH_COOKIE])) {
70            return false;
71        }
72
73        list($user, $sticky, $provid, $svcdata, $sectok) = explode('|', $_COOKIE[FEDAUTH_COOKIE], 5);
74        $user = base64_decode($user);
75        $sticky = (bool) $sticky;
76        $provid = base64_decode($provid);
77        $svcdata = base64_decode($svcdata);
78        $sectok = base64_decode($sectok);
79
80        return array('user' => $user, 'sticky' => $sticky, 'prid' => $provid, 'svcd' => $svcdata, 'stok' => $sectok);
81    }
82
83    /**
84     * Sets the authorization cookie and adds the user-bound authorization service data to the session.
85     *
86     * @param string $user username
87     * @param string $provid authorization provider identifier
88     * @param string $svcdata user-bound authorization service data
89     * @param bool $sticky whether or not the cookie will last beyond the session
90     */
91    function set($user, $provid, $svcdata, $sticky) {
92        global $auth, $USERINFO;
93
94        if(!$auth) return false;
95
96        // update vars required for Dokuwiki to acknowledge the logged-in user
97        $USERINFO = $auth->getUserData($user);
98        $_SERVER['REMOTE_USER'] = $user;
99
100        // prepare fedauth data
101        $sectok = sha1(getSecurityToken());
102        $cookie = base64_encode($user)    . '|'
103                . ((int) $sticky)         . '|' // FIXME reimplement to timeout value
104                . base64_encode($provid)  . '|'
105                . base64_encode($svcdata) . '|'
106                . base64_encode($sectok);
107        $time = $sticky ? (time() + 60 * 60 * 24 * 365) : 0; //one year
108
109        // set the cookie
110        $this->_updateCookie($cookie, $time);
111
112        // set the session
113        $_SESSION[DOKU_COOKIE]['fedauth']['user'] = $user;     // local username
114        $_SESSION[DOKU_COOKIE]['fedauth']['prid'] = $provid;   // provider identifier
115        $_SESSION[DOKU_COOKIE]['fedauth']['svcd'] = $svcdata;  // auth service data
116        $_SESSION[DOKU_COOKIE]['fedauth']['stok'] = $sectok;   // security token
117        $_SESSION[DOKU_COOKIE]['fedauth']['info'] = $USERINFO; // local user information
118        $_SESSION[DOKU_COOKIE]['fedauth']['buid'] = auth_browseruid();
119        $_SESSION[DOKU_COOKIE]['fedauth']['time'] = time();    // current time
120        $_SESSION[DOKU_COOKIE]['fedauth']['sgin'] = 1;         // signed-in marker, should be cleared once read
121        $_SESSION[DOKU_COOKIE]['fedauth']['rq'] = $_REQUEST;   // temp, DELETEME
122    }
123
124    /**
125     * Updates the authorization cookie.
126     *
127     * @param string $value new cookie value
128     * @param int $time cookie expire timestamp
129     */
130    function _updateCookie($value, $time) {
131        global $conf;
132
133        $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
134        if (version_compare(PHP_VERSION, '5.2.0', '>')) {
135            setcookie(FEDAUTH_COOKIE, $value, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true);
136        } else {
137            setcookie(FEDAUTH_COOKIE, $value, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()));
138        }
139    }
140
141} /* fa_cookie */
142
143/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
144