2016-11-08 08:54:59 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace api\core;
|
|
|
|
|
|
|
|
use \database\core\Repo;
|
|
|
|
use \error\core\Error;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Authentification{
|
|
|
|
|
|
|
|
// Contiendra les erreurs
|
|
|
|
public $error;
|
|
|
|
|
|
|
|
|
|
|
|
/*************************/
|
|
|
|
/* SECURE SHA1 ALGORITHM */
|
|
|
|
/*************************/
|
|
|
|
public static function secure_hash($data, $depth=1){
|
|
|
|
/* [1] On hash @depth times
|
|
|
|
=========================================================*/
|
|
|
|
$hash = $data;
|
|
|
|
$c = 0;
|
|
|
|
|
|
|
|
for( $h = 0 ; $h < $depth ; $h++ ){
|
|
|
|
$hash = hash('sha256', '">\[..|{@#))'.hash('sha256', $hash.'_)Q@#((%*_$%(@#') );
|
|
|
|
$c++;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* [2] Return result
|
|
|
|
=========================================================*/
|
|
|
|
return $hash;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* INITIALISATION DU SYSTEME ET MISE A JOUR CONSTANTES D'AUTHENTIFICATION
|
|
|
|
*
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function check(){
|
2016-11-08 09:14:31 +00:00
|
|
|
/* (1) Initialisation des variables
|
|
|
|
---------------------------------------------------------*/
|
|
|
|
/* (1) Token de header */
|
|
|
|
if( !isset($GLOBALS['TOKEN']) )
|
|
|
|
$GLOBALS['TOKEN'] = null;
|
|
|
|
|
|
|
|
/* (1) Liste des permissions */
|
2016-11-08 09:05:08 +00:00
|
|
|
if( !isset($GLOBALS['PERM']) )
|
|
|
|
$GLOBALS['PERM'] = [];
|
|
|
|
|
|
|
|
|
2016-11-08 09:14:31 +00:00
|
|
|
/* (2) Gestion de AUTH (authentification) dans HEADER
|
2016-11-08 08:54:59 +00:00
|
|
|
---------------------------------------------------------*/
|
2016-11-08 09:14:31 +00:00
|
|
|
$GLOBALS['TOKEN'] = isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '';
|
2016-11-08 08:54:59 +00:00
|
|
|
|
2016-11-08 09:14:31 +00:00
|
|
|
/* (3) Gestion de AUTH en fonction du token
|
2016-11-08 08:54:59 +00:00
|
|
|
---------------------------------------------------------*/
|
2016-11-08 09:38:23 +00:00
|
|
|
if( preg_match('/^[a-f0-9]{64}$/', $GLOBALS['TOKEN'], $match) )
|
|
|
|
$GLOBALS['TOKEN'] = $match[0];
|
|
|
|
else
|
|
|
|
$GLOBALS['TOKEN'] = null;
|
2016-11-08 08:54:59 +00:00
|
|
|
|
2016-11-08 09:14:31 +00:00
|
|
|
/* (4) On vérifie l'authentification par BDD
|
2016-11-08 08:54:59 +00:00
|
|
|
---------------------------------------------------------*/
|
|
|
|
if( !self::deepCheck() )
|
2016-11-08 09:14:31 +00:00
|
|
|
$GLOBALS['TOKEN'] = null;
|
2016-11-08 08:54:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* VERIFICATION DE L'AUTHENTIFICATION
|
|
|
|
*
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function deepCheck(){
|
|
|
|
/* [1] Si aucune authentification
|
|
|
|
=========================================================*/
|
|
|
|
if( self::auth() == 0 )
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
|
|
/* [2] Vérification de l'authentification
|
|
|
|
=========================================================*/
|
2016-11-08 09:14:31 +00:00
|
|
|
/* (1) Fetch cyclic-hashing-system -> check file */
|
|
|
|
$fn = __BUILD__.'/api/chs/hash';
|
2016-11-08 08:54:59 +00:00
|
|
|
|
2016-11-08 09:14:31 +00:00
|
|
|
if( !is_file($fn) )
|
2016-11-08 08:54:59 +00:00
|
|
|
return false;
|
|
|
|
|
2016-11-08 09:14:31 +00:00
|
|
|
/* (2) Read file -> check content */
|
|
|
|
$fc = file_get_contents($fn);
|
2016-11-08 08:54:59 +00:00
|
|
|
|
2016-11-08 09:14:31 +00:00
|
|
|
if( strlen($fc) !== 64 )
|
2016-11-08 08:54:59 +00:00
|
|
|
return false;
|
|
|
|
|
2016-11-08 09:05:08 +00:00
|
|
|
/* (3) Compares content */
|
2016-11-08 09:41:27 +00:00
|
|
|
$hashed = self::secure_hash($GLOBALS['TOKEN']);
|
2016-11-08 09:14:31 +00:00
|
|
|
|
2016-11-08 09:41:27 +00:00
|
|
|
if( strlen($hashed) !== 64 || $fc !== $hashed )
|
2016-11-08 09:05:08 +00:00
|
|
|
return false;
|
|
|
|
|
|
|
|
/* (4) Stores new content */
|
2016-11-08 09:14:31 +00:00
|
|
|
file_put_contents($fn, $GLOBALS['TOKEN']);
|
2016-11-08 08:54:59 +00:00
|
|
|
|
2016-11-08 09:05:08 +00:00
|
|
|
/* (5) Stores permission */
|
2016-11-08 09:37:29 +00:00
|
|
|
if( !in_array('cyclic-hash', $GLOBALS['PERM']) )
|
|
|
|
$GLOBALS['PERM'][] = 'cyclic-hash';
|
2016-11-08 08:54:59 +00:00
|
|
|
|
|
|
|
|
2016-11-08 09:05:08 +00:00
|
|
|
/* [3] Returns true if no error
|
2016-11-08 08:54:59 +00:00
|
|
|
=========================================================*/
|
|
|
|
return true;
|
2016-11-08 09:05:08 +00:00
|
|
|
|
2016-11-08 08:54:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
|
|
|
|
*
|
|
|
|
* @module<String> Module concerné
|
|
|
|
* @expected<array> Liste des permissions attendues
|
|
|
|
*
|
|
|
|
* @return status<Boolean> Si FALSE, pas la permission, sinon si
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function permission($module, $expected){
|
2016-11-08 09:37:29 +00:00
|
|
|
/* [1] Setup
|
2016-11-08 08:54:59 +00:00
|
|
|
=========================================================*/
|
2016-11-08 09:37:29 +00:00
|
|
|
/* (1) If no expected, return true */
|
|
|
|
if( !is_array($expected) || count($expected) === 0 )
|
|
|
|
return true;
|
|
|
|
|
|
|
|
/* (2) Mise à jour de l'authentification */
|
2016-11-08 09:05:08 +00:00
|
|
|
self::check();
|
2016-11-08 08:54:59 +00:00
|
|
|
|
|
|
|
|
2016-11-08 09:39:11 +00:00
|
|
|
var_dump('expected');
|
|
|
|
var_dump($expected);
|
|
|
|
var_dump('yours');
|
|
|
|
var_dump($GLOBALS['PERM']);
|
|
|
|
|
2016-11-08 08:54:59 +00:00
|
|
|
/* [2] Gestion des permissions
|
|
|
|
=========================================================*/
|
|
|
|
/* (1) Vérification de toutes les permissions requises */
|
|
|
|
foreach($expected as $permission)
|
|
|
|
// Si il manque au minimum une permission, on retourne FALSE
|
2016-11-08 09:05:08 +00:00
|
|
|
if( !in_array($permission, $GLOBALS['PERM']) )
|
2016-11-08 08:54:59 +00:00
|
|
|
return Error::PermissionError;
|
|
|
|
|
|
|
|
|
2016-11-08 09:05:08 +00:00
|
|
|
/* [3] Si on a toutes les permissions requises
|
2016-11-08 08:54:59 +00:00
|
|
|
=========================================================*/
|
|
|
|
return Error::Success;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* RENVOIE LE NIVEAU D'AUTHENTIFICATION
|
|
|
|
*
|
|
|
|
* @return auth<int> Niveau d'authentification (0 à 2)
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function auth(){
|
2016-11-08 09:14:31 +00:00
|
|
|
return is_null($GLOBALS['TOKEN']) ? 0 : 1;
|
2016-11-08 08:54:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
?>
|