Current File : /home/tjamichg/cursos.tjamich.gob.mx/main/auth/hmac/login.php
<?php
use ChamiloSession as Session;
/**
* This file contains the necessary elements to allow a Single Sign On
* based on a validation of a hmac computed hash.
*
* To allow the SSO access /main/auth/hmac/login.php must receive as
* query string parameters the following parameters:
*
* 'email': user email.
*
* 'time': time of the request, as HH:mm.
*
* 'system': System name, a control value.
*
* 'Token': a HMAC computed SHA256 algorithm based on the concatenation of
* the 'time' and 'email' value.
*
* Example:
*
* https://campus.chamilo/main/auth/hmac/login.php?email=user@domain.com&time=10:48&system=SystemName&Token=XYZ
*
* Also a settings.php file must be configured the set the following values:
*
* 'secret': secret key used to generate a HMAC computed hash to validate the
* received 'Token' parameter on the query string.
*
* 'secret': secret key used to generate a HMAC computed hash to validate the 'Token' parameter on the query string.
*
* 'expiration_time': integer value, maximum time in minutes of the request lifetime.
*/
require_once '../../../main/inc/global.inc.php';
// Create a settings.dist.php
if (file_exists('settings.php')) {
require_once 'settings.php';
} else {
$message = '';
if (api_is_platform_admin()) {
$message = 'Create a settings.php';
}
api_not_allowed(true, $message);
}
// Check if we have all the parameters from the query string
if (isset($_GET['email']) && isset($_GET['time']) && isset($_GET['system']) && isset($_GET['Token'])) {
$email = $_GET['email'];
$time = $_GET['time'];
$system = $_GET['system'];
$token = $_GET['Token'];
// Generate the token
$validToken = hash_hmac('sha256', $time.$email, $settingsInfo['secret'], false);
// Compare the received token & the valid token
if ($token !== $validToken) {
Display::addFlash(Display::return_message('Incorrect token', 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}
// Check the system is correct
if ($settingsInfo['system'] !== $system) {
Display::addFlash(Display::return_message('Incorrect client', 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}
// Check if the request expired with a diff between the query string parameter & the actual time
if ($settingsInfo['expiration_time'] && $settingsInfo['expiration_time'] > 0) {
$tokenTime = strtotime($time);
$diff = abs($tokenTime - time()) / 60;
if ($diff > $settingsInfo['expiration_time']) {
Display::addFlash(Display::return_message('Token expired', 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}
}
// Get the user info
$userInfo = api_get_user_info_from_email($email);
// Log-in user if exists or a show error message
if (!empty($userInfo)) {
Session::write('_user', $userInfo);
Session::write('is_platformAdmin', false);
Session::write('is_allowedCreateCourse', false);
Event::eventLogin($userInfo['user_id']);
Session::write('flash_messages', '');
} else {
Display::addFlash(Display::return_message(get_lang('UserNotFound'), 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}
header('Location: '.api_get_path(WEB_PATH).'user_portal.php');
exit;
} else {
Display::addFlash(Display::return_message('Invalid request', 'error'));
header('Location: '.api_get_path(WEB_PATH));
exit;
}
Mini Shell