mirror of
https://github.com/wavelog/wavelog.git
synced 2026-03-22 10:24:14 +00:00
147 lines
5.8 KiB
PHP
147 lines
5.8 KiB
PHP
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
|
|
|
|
/*
|
|
|
|
Handles header based authentication
|
|
|
|
*/
|
|
class Header_auth extends CI_Controller
|
|
{
|
|
|
|
public function __construct()
|
|
{
|
|
parent::__construct();
|
|
$this->load->model('user_model');
|
|
$this->load->library('session');
|
|
$this->load->helper('url');
|
|
}
|
|
|
|
/**
|
|
* Authenticate using a trusted request header.
|
|
* Expected to be called from a login-screen button.
|
|
*/
|
|
public function login()
|
|
{
|
|
// Guard: feature must be enabled
|
|
if (!$this->config->item('auth_header_enable')) {
|
|
$this->session->set_flashdata('error', __('Header authentication is disabled.'));
|
|
redirect('user/login');
|
|
}
|
|
|
|
|
|
// Get username from header
|
|
$headerUsername = $this->config->item('auth_headers_username') ?: '';
|
|
if (empty($headerUsername)) {
|
|
$this->session->set_flashdata('error', __('Missing header setting.'));
|
|
redirect('user/login');
|
|
}
|
|
$username = $this->input->server($headerUsername, true);
|
|
|
|
if (empty($username)) {
|
|
$this->session->set_flashdata('error', __('Missing username header.'));
|
|
redirect('user/login');
|
|
}
|
|
|
|
// Look up user by the header value
|
|
$query = $this->user_model->get($username);
|
|
if (!$query || $query->num_rows() !== 1) {
|
|
|
|
// Config check if create user
|
|
if ($this->config->item('auth_header_create')) {
|
|
$this->load->model('user_model');
|
|
$firstnameHeader = $this->config->item('auth_headers_firstname') ?: '';
|
|
if (!empty($firstnameHeader)) {
|
|
$firstname = $this->input->server($firstnameHeader, true);
|
|
}
|
|
$lastnameHeader = $this->config->item('auth_headers_lastname') ?: '';
|
|
if (!empty($lastnameHeader)) {
|
|
$lastname = $this->input->server($lastnameHeader, true);
|
|
}
|
|
$callsignHeader = $this->config->item('auth_headers_callsign') ?: '';
|
|
if (!empty($callsignHeader)) {
|
|
$callsign = $this->input->server($callsignHeader, true);
|
|
}
|
|
$emailHeader = $this->config->item('auth_headers_email') ?: '';
|
|
if (!empty($emailHeader)) {
|
|
$email = $this->input->server($emailHeader, true);
|
|
}
|
|
|
|
$club_id = $this->config->item('auth_header_club_id') ?: '';
|
|
|
|
$result = $this->user_model->add_minimal($username, $firstname, $lastname, $callsign, $email, $club_id);
|
|
|
|
switch ($result) {
|
|
case EUSERNAMEEXISTS:
|
|
$data['username_error'] = sprintf(__("Username %s already in use!"), '<b>' . $this->input->post('user_name') . '</b>');
|
|
break;
|
|
case EEMAILEXISTS:
|
|
$data['email_error'] = sprintf(__("E-mail %s already in use!"), '<b>' . $this->input->post('user_email') . '</b>');
|
|
break;
|
|
case EPASSWORDINVALID:
|
|
$data['password_error'] = __("Invalid Password!");
|
|
break;
|
|
case OK:
|
|
redirect('header_auth/login');
|
|
return;
|
|
}
|
|
} else {
|
|
$this->session->set_flashdata('error', __('User not found.'));
|
|
redirect('user/login');
|
|
}
|
|
}
|
|
|
|
|
|
$user = $query->row();
|
|
|
|
// Prevent clubstation direct login via header (mirrors User::login)
|
|
if (!empty($user->clubstation) && $user->clubstation == 1) {
|
|
$this->session->set_flashdata('error', __("You can't login to a clubstation directly. Use your personal account instead."));
|
|
redirect('user/login');
|
|
}
|
|
|
|
// Maintenance mode check (admin only allowed)
|
|
if (ENVIRONMENT === 'maintenance' && (int)$user->user_type !== 99) {
|
|
$this->session->set_flashdata('error', __("Sorry. This instance is currently in maintenance mode. Only administrators are currently allowed to log in."));
|
|
redirect('user/login');
|
|
}
|
|
|
|
// Establish session
|
|
$this->user_model->update_session($user->user_id);
|
|
$this->user_model->set_last_seen($user->user_id);
|
|
|
|
// Set language cookie (mirrors User::login)
|
|
$cookie = [
|
|
'name' => $this->config->item('gettext_cookie', 'gettext'),
|
|
'value' => $user->user_language,
|
|
'expire' => 1000,
|
|
'secure' => false,
|
|
];
|
|
$this->input->set_cookie($cookie);
|
|
|
|
$this->load->model('user_model');
|
|
// Get full user record
|
|
$user = $this->user_model->get($username)->row();
|
|
|
|
// Critical: Update session data
|
|
$this->user_model->update_session($user->user_id);
|
|
$this->user_model->set_last_seen($user->user_id);
|
|
|
|
// Set essential session data
|
|
$this->session->set_userdata(array(
|
|
'user_id' => $user->user_id,
|
|
'user_name' => $user->user_name,
|
|
'user_type' => $user->user_type,
|
|
'user_stylesheet' => $user->user_stylesheet ?? 'bootstrap',
|
|
'user_column1' => $user->user_column1 ?? 'Mode',
|
|
'user_column2' => $user->user_column2 ?? 'RSTS',
|
|
'user_column3' => $user->user_column3 ?? 'RSTR',
|
|
'user_column4' => $user->user_column4 ?? 'Band',
|
|
'user_column5' => $user->user_column5 ?? 'Country',
|
|
// Add other preferences as needed
|
|
));
|
|
|
|
log_message('info', "User ID [{$user->user_id}] logged in via header auth.");
|
|
redirect('dashboard');
|
|
}
|
|
}
|