summaryrefslogtreecommitdiffstats
path: root/php
diff options
context:
space:
mode:
authorChristophe Nowicki <cnowicki@easter-eggs.com>2004-09-15 08:25:45 +0000
committerChristophe Nowicki <cnowicki@easter-eggs.com>2004-09-15 08:25:45 +0000
commit881bb4d750dbb07cae3d4f8836a6c06ba465272e (patch)
tree12e1c5bd6450f9836b4a08bc0c3e684d423d6f25 /php
parent5ee3977db17a14a3ac81bfa7fb6266f342c50ac7 (diff)
downloadlasso-881bb4d750dbb07cae3d4f8836a6c06ba465272e.tar.gz
lasso-881bb4d750dbb07cae3d4f8836a6c06ba465272e.tar.xz
lasso-881bb4d750dbb07cae3d4f8836a6c06ba465272e.zip
New logging system based on Pear::Log package.
Every actions on the idp, sp will be logged inside the database, syslog a file.
Diffstat (limited to 'php')
-rw-r--r--php/Attic/examples/sample-idp/admin_user.php2
-rw-r--r--php/Attic/examples/sample-idp/login.php147
-rw-r--r--php/Attic/examples/sample-idp/setup.php43
-rw-r--r--php/Attic/examples/sample-idp/singleSignOn.php88
-rw-r--r--php/Attic/examples/sample-idp/soapEndpoint.php129
-rw-r--r--php/Attic/examples/sample-sp/admin_user.php4
-rw-r--r--php/Attic/examples/sample-sp/assertionConsumer.php2
-rw-r--r--php/Attic/examples/sample-sp/logout.php4
8 files changed, 332 insertions, 87 deletions
diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php
index b93237ee..99d97457 100644
--- a/php/Attic/examples/sample-idp/admin_user.php
+++ b/php/Attic/examples/sample-idp/admin_user.php
@@ -228,7 +228,7 @@
?>
<td rowspan="2">
<a href="<?php echo $PHP_SELF . '?del=' . $row[0]; ?>">delete</a>
- <a href="<?php echo $PHP_SELF . '?edit=' . $row[0]; ?>">edit</a>
+ <a href="javascript:openpopup('user_edit.php?user_id=<?php echo ?>')">edit</a>
</td>
</tr>
<tr>
diff --git a/php/Attic/examples/sample-idp/login.php b/php/Attic/examples/sample-idp/login.php
index 64fea1ad..33bd4120 100644
--- a/php/Attic/examples/sample-idp/login.php
+++ b/php/Attic/examples/sample-idp/login.php
@@ -24,8 +24,116 @@
$config = unserialize(file_get_contents('config.inc'));
require_once 'HTML/QuickForm.php';
+ require_once 'Log.php';
require_once 'DB.php';
+ // create logger
+ $logger = &Log::factory($config['log_handler'], '', $config['log_name']."::".$_SERVER['PHP_SELF']);
+
+ /*
+ *
+ */
+ function sendHTTPBasicAuth()
+ {
+ global $logger;
+
+ header('WWW-Authenticate: Basic realm="Lasso Identity Provider One"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo "Acces Denied";
+ $logger->log("User from '" . $_SERVER['REMOTE_ADDR'] . "' pressed the cancel button during HTTP basic authentication request", PEAR_LOG_NOTICE);
+ }
+
+
+ /*
+ * This function authentificate the user against the Users Database
+ */
+ function authentificateUser($db, $username, $password)
+ {
+ global $logger;
+
+ $query = "SELECT user_id FROM users WHERE username=".$db->quoteSmart($username);
+ $query .= " AND password=".$db->quoteSmart($password);
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ {
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ die("Internal Server Error");
+ }
+
+ if ($res->numRows())
+ {
+ $row = $res->fetchRow();
+ return ($row[0]);
+ }
+ return (0);
+ }
+
+ $db = &DB::connect($config['dsn']);
+
+ if (DB::isError($db))
+ {
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_ALERT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ die("Could not connect to the database");
+ }
+
+ if ($config['auth_type'] == 'auth_basic')
+ {
+ if (!isset($_SERVER['PHP_AUTH_USER']))
+ {
+ sendHTTPBasicAuth();
+ $db->disconnect();
+ exit;
+ }
+ else
+ {
+ // Check Login and Password
+ if (!($user_id = authentificateUser($db, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])))
+ {
+ $logger->log("Authentication failure with login '".$form->exportValue('username')." password '". $form->exportValue('password') ."' IP '" . $_SERVER['REMOTE_ADDR']."'", PEAR_LOG_WARNING);
+ sendHTTPBasicAuth();
+ $db->disconnect();
+ exit;
+ }
+ else
+ {
+ $_SESSION['user_id'] = $user_id;
+ $_SESSION['username'] = $_SERVER['PHP_AUTH_USER'];
+
+ $logger->log("User '".$_SERVER['PHP_AUTH_USER']."'($user_id) authenticated, local session started", PEAR_LOG_NOTICE);
+
+
+ /* TODO : load identity and session dump
+ $query = "SELECT identity_dump,session_dump FROM users WHERE identity_dump";
+ $query .= " IS NOT NULL AND session_dump IS NOT NULL AND user_id='$user_id'";
+
+ $res =& $db->query($query);
+
+ if (DB::isError($res))
+ die($res->getMessage());
+
+ if ($res->numRows())
+ {
+ $row = $res->fetchRow();
+
+ $_SESSION['identity_dump'] = $row[0];
+ $_SESSION['session_dump'] = $row[1];
+ } */
+
+ $db->disconnect();
+
+ $url = 'index.php';
+ header("Request-URI: $url");
+ header("Content-Location: $url");
+ header("Location: $url\r\n\r\n");
+ exit;
+ }
+ }
+ }
+ else if ($config['auth_type'] == 'auth_form')
+ {
$form = new HTML_QuickForm('frm');
@@ -40,35 +148,24 @@
if ($form->validate())
{
- $config = unserialize(file_get_contents('config.inc'));
-
- $db = &DB::connect($config['dsn']);
-
- if (DB::isError($db))
- die($db->getMessage());
-
- $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
- $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
-
- $res =& $db->query($query);
- if (DB::isError($res))
- die($res->getMessage());
-
- $db->disconnect();
-
- if ($res->numRows())
- {
- $row = $res->fetchRow();
+ if (($user_id = authentificateUser($db, $form->exportValue('username'), $form->exportValue('password'))))
+ {
session_start();
- $_SESSION['user_id'] = $row[0];
+ $_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $form->exportValue('username');
+ $logger->log("User '".$form->exportValue('username')."'($user_id) authenticated, local session started", PEAR_LOG_NOTICE);
+
$url = 'index.php';
header("Request-URI: $url");
header("Content-Location: $url");
header("Location: $url\r\n\r\n");
- exit;
+ $db->disconnect();
+ exit;
}
+ else
+ $logger->log("Authentication failure with login '".$form->exportValue('username')." password '". $form->exportValue('password') ."' IP '" . $_SERVER['REMOTE_ADDR']."'", PEAR_LOG_WARNING);
+ $db->disconnect();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
@@ -80,3 +177,11 @@
?>
</body>
</html>
+<?php
+ }
+ else
+ {
+ $logger->log("Unknown authentification type '". $config['auth_type'] ."', check IdP setup", PEAR_LOG_ALERT);
+ die('Unknown authentification type');
+ }
+?>
diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php
index 9403f7d9..3a7d35fd 100644
--- a/php/Attic/examples/sample-idp/setup.php
+++ b/php/Attic/examples/sample-idp/setup.php
@@ -78,6 +78,9 @@
$config = array(
'dsn' => "pgsql://idp:idp@localhost/idp",
'server_dump_filename' => "lasso_server_dump.xml",
+ 'log_name' => $_SERVER['SERVER_NAME'],
+ 'log_handler' => 'syslog',
+ 'auth_type' => 'auth_form',
'idp-metadata' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/metadata.xml",
'idp-public_key' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/public-key.pem",
'idp-private_key' => "/home/cnowicki/mcvs/lasso/tests/data/idp1-la/private-key-raw.pem",
@@ -371,26 +374,44 @@
<form name='frm' action='<?php echo $PHP_SELF ?>' method='POST'>
<p align='center'>Lasso Identity Provider Setup</p>
-<br>
<hr>
<p>
<table>
-<caption>Database Configuration</caption>
<tr>
- <td>DSN (Data Source Name) :</td><td><input type='text' name='dsn' size='50' value='<?php echo $config['dsn']; ?>' maxlength='100'></td><td><a href='http://pear.php.net/manual/en/package.database.db.intro-dsn.php' target='_new'>Help</a></td>
+ <td colspan='3' align='center'>Database</td>
</tr>
-</table>
-</p>
-<hr>
-<p>
-<table>
-<caption>Authentification Configuration</caption>
+<tr>
+ <td>DSN (Data Source Name) :</td>
+ <td><input type='text' name='dsn' size='50' value='<?php echo $config['dsn']; ?>' maxlength='100'></td>
+ <td><a href='http://pear.php.net/manual/en/package.database.db.intro-dsn.php' target='_new'>Help</a></td>
+</tr>
+<tr>
+ <td colspan='3' align='center'>Authentification</td>
+</tr>
+<td>
<tr>
<td>Authentification type :</td>
<td>
<select name='auth_type'>
- <option value="auth_form" <?php if ($config['auth_type'] == 'auth_form') echo 'selected' ?>>HTML Login/Password Form</option>
- <option value="auth_basic" <?php if ($config['auth_type'] == 'auth_basic') echo 'selected' ?>>HTTP Auth Basic</option>
+ <option value="auth_form" <?php if ($config['auth_type'] == 'auth_form') echo 'selected="selected"'; ?>>HTML Login/Password Form</option>
+ <option value="auth_basic" <?php if ($config['auth_type'] == 'auth_basic') echo 'selected="selected"'; ?>>HTTP Auth Basic</option>
+ </select>
+ </td><td>&nbsp;</td>
+</tr>
+<tr>
+ <td colspan='3' align='center'>Logging</td>
+</tr>
+<tr>
+ <td>Name :</td>
+ <td><input type='text' name='log_name' size='50' value='<?php echo $config['log_name']; ?>' maxlength='100'></td>
+ <td>&nbsp;</td>
+</tr>
+<tr>
+ <td>Handler :</td>
+ <td>
+ <select name='log_handler'>
+ <option value="null" <?php if ($config['log_handler'] == 'null') echo 'selected="selected"'; ?>>NULL (disabled)</option>
+ <option value="syslog" <?php if ($config['log_handler'] == 'syslog') echo 'selected="selected"'; ?>>Syslog</option>
</select>
</td><td>&nbsp;</td>
</tr>
diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php
index 5f664d92..45970fd2 100644
--- a/php/Attic/examples/sample-idp/singleSignOn.php
+++ b/php/Attic/examples/sample-idp/singleSignOn.php
@@ -27,6 +27,9 @@
$config = unserialize(file_get_contents('config.inc'));
+ // create logger
+ $logger = &Log::factory($config['log_handler'], '', $config['log_name']."::".$_SERVER['PHP_SELF']);
+
session_start();
lasso_init();
@@ -41,6 +44,7 @@
if (!isset($_SERVER['PHP_AUTH_USER']))
{
sendHTTPBasicAuth();
+ $db->disconnect();
exit;
}
else
@@ -54,7 +58,12 @@
// connect to the data base
$db = &DB::connect($config['dsn']);
if (DB::isError($db))
- die($db->getMessage());
+ {
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_ALERT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ die("Could not connect to the database");
+ }
+
// User must *NOT* Authenticate with the IdP
if (!$login->mustAuthenticate())
@@ -118,9 +127,12 @@
*/
function sendHTTPBasicAuth()
{
+ global $logger;
+
header('WWW-Authenticate: Basic realm="Lasso Identity Provider One"');
header('HTTP/1.0 401 Unauthorized');
echo "Acces Denied";
+ $logger->log("User from '" . $_SERVER['REMOTE_ADDR'] . "' pressed the cancel button during HTTP basic authentication request", PEAR_LOG_NOTICE);
}
/*
@@ -128,12 +140,18 @@
*/
function updateIdentityDump($db, $user_id, $identity_dump)
{
+ global $logger;
+
$query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump);
$query .= " WHERE user_id='$user_id'";
$res =& $db->query($query);
if (DB::isError($res))
- die($res->getMessage());
+ {
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ die("Internal Server Error");
+ }
}
/*
@@ -141,12 +159,19 @@
*/
function updateSessionDump($db, $user_id, $session_dump)
{
+ global $logger;
+
$query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump);
$query .= " WHERE user_id='$user_id'";
$res =& $db->query($query);
- if (DB::isError($res))
- die($res->getMessage());
+ if (DB::isError($res))
+ {
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ die("Internal Server Error");
+ }
+
}
/*
@@ -154,18 +179,27 @@
*/
function saveAssertionArtifact($db, $artifact, $assertion)
{
+ global $logger;
+
$assertion_dump = $assertion->dump();
if (empty($assertion_dump))
+ {
+ $logger->log("assertion dump is empty", PEAR_LOG_ALERT);
die("assertion dump is empty");
-
+ }
+
// Save assertion
$query = "INSERT INTO assertions (assertion, response_dump, created) VALUES ";
$query .= "('".$artifact."',".$db->quoteSmart($assertion_dump).", NOW())";
$res =& $db->query($query);
- if (DB::isError($res))
- die($res->getMessage());
+ if (DB::isError($res))
+ {
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ die("Internal Server Error");
+ }
}
/*
@@ -331,13 +365,13 @@
header("Request-URI: $url");
header("Content-Location: $url");
- header("Location: $url\r\n\r\n");
+ header("Location: $url\n\n");
lasso_shutdown();
exit;
case lassoLoginProtocolProfileBrwsPost:
- die("TODO : lassoLoginProtocolProfileBrwsPost");
- break;
+ // TODO : lassoLoginProtocolProfileBrwsPost
default:
+ $logger->log("Unknown Login Protocol Profile :" . $db->getMessage(), PEAR_LOG_CRIT);
die("Unknown Login Protocol Profile");
}
}
@@ -346,12 +380,20 @@
if ($form->validate())
{
if (empty($_SESSION['login_dump']))
- die("Login dump is not registred");
+ {
+ $logger->log("Login dump is not registred in the session", PEAR_LOG_ERR);
+ die("Login dump is not registred");
+ }
// connect to the data base
$db = &DB::connect($config['dsn']);
- if (DB::isError($db))
- die($db->getMessage());
+
+ if (DB::isError($db))
+ {
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_ALERT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ die("Could not connect to the database");
+ }
$login = LassoLogin::newFromDump($server, $_SESSION['login_dump']);
@@ -360,17 +402,22 @@
{
$array = getIdentityDumpAndSessionDumpFromUserID($db, $user_id);
$is_first_sso = (empty($array) ? TRUE : FALSE);
-
+
if (!$is_first_sso)
{
$login->setIdentityFromDump($array['identity_dump']);
$login->setSessionFromDump($array['session_dump']);
}
+ else
+ $logger->log("First SingleSignOn for user '$user_id'", PEAR_LOG_INFO);
doneSingleSignOn($db, $login, $user_id, $is_first_sso);
$db->disconnect();
exit;
}
+ else
+ $logger->log("Authentication failure with login '".$form->exportValue('username')." password '". $form->exportValue('password') ."' IP '" . $_SERVER['REMOTE_ADDR']."'", PEAR_LOG_WARNING);
+
}
else
{
@@ -386,12 +433,19 @@
// conect to the data base
$db = &DB::connect($config['dsn']);
if (DB::isError($db))
- die($db->getMessage());
-
+ {
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_ALERT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ die("Could not connect to the database");
+ }
+
$user_id = getUserIDFromNameIdentifier($db, $login->nameIdentifier);
if (!$user_id)
- die("Unknown User");
+ {
+ $logger->log("Could not get UserID from Name Identifier '" . $login->nameIdentifier . "'", PEAR_LOG_ERR);
+ die("Internal Server Error");
+ }
doneSingleSignOn($db, $login, $user_id);
$db->disconnect();
diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php
index f45c12de..7a7f8f09 100644
--- a/php/Attic/examples/sample-idp/soapEndpoint.php
+++ b/php/Attic/examples/sample-idp/soapEndpoint.php
@@ -23,11 +23,18 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
require_once 'DB.php';
+ require_once 'Log.php';
header("Content-Type: text/xml\r\n");
+ // create logger
+ $logger = &Log::factory($config['log_handler'], '', $config['log_name']."::".$_SERVER['PHP_SELF']);
+
if (empty($HTTP_RAW_POST_DATA))
+ {
+ $logger->log("HTTP_RAW_POST_DATA is empty", PEAR_LOG_WARNING);
die("HTTP_RAW_POST_DATA is empty!");
+ }
$config = unserialize(file_get_contents('config.inc'));
@@ -36,29 +43,37 @@
lasso_init();
$requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA);
- $server = LassoServer::newfromdump($server_dump);
+ $server = LassoServer::newFromDump($server_dump);
$db = &DB::connect($config['dsn']);
if (DB::isError($db))
- die($db->getMessage());
-
+ {
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_ALERT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ die("Could not connect to the database");
+ }
+
switch ($requestype)
{
// Login
case lassoRequestTypeLogin:
+ $logger->log("SOAP Login Request from " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO);
+
$login = new LassoLogin($server);
$login->processRequestMsg($HTTP_RAW_POST_DATA);
$artifact = $login->assertionArtifact;
- $query = "SELECT response_dump FROM assertions WHERE assertion='";
- $query .= $artifact ."'";
+ $query = "SELECT response_dump FROM assertions WHERE assertion='" . $artifact . "'";
$res =& $db->query($query);
if (DB::isError($res))
{
header("HTTP/1.0 500 Internal Server Error");
- die($res->getMessage());
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ exit;
+
}
// Good Artifact, send reponse_dump
@@ -67,64 +82,89 @@
$row = $res->fetchRow();
$query = "DELETE FROM assertions WHERE assertion='" . $artifact . "'";
-
$res =& $db->query($query);
+
if (DB::isError($res))
{
- header("HTTP/1.0 500 Internal Server Error");
- die($res->getMessage());
+ header("HTTP/1.0 500 Internal Server Error");
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ exit;
}
+ $logger->log("Delete assertion '$artifact'", PEAR_LOG_DEBUG);
+
$login->setAssertionFromDump($row[0]);
$login->buildResponseMsg();
header("Content-Length: " . strlen($login->msgBody) . "\r\n");
echo $login->msgBody;
+ exit;
}
else
{
// Wrong Artifact
header("HTTP/1.0 403 Forbidden");
header("Content-Length: 0\r\n");
+ $logger->log("Wrong artifact send by " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_WARNING);
exit;
}
break;
case lassoRequestTypeLogout:
+ $logger->log("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO);
+
// Logout
$logout = new LassoLogout($server, lassoProviderTypeIdp);
$logout->processRequestMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap);
$nameIdentifier = $logout->nameIdentifier;
-
+
+
// name identifier is empty, wrong request
if (empty($nameIdentifier))
{
header("HTTP/1.0 500 Internal Server Error");
+ $logger->log("Name Identifier is empty", PEAR_LOG_ERR);
exit;
}
+
+ $logger->log("Name Identifier '$nameIdentifier'", PEAR_LOG_DEBUG);
- $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='";
- $query .= $nameIdentifier . "'";
+ $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'";
$res =& $db->query($query);
if (DB::isError($res))
- die($res->getMessage());
+ {
+ header("HTTP/1.0 500 Internal Server Error");
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ exit;
+ }
if (!$res->numRows())
{
header("HTTP/1.0 500 Internal Server Error");
+ $logger->log("Could not find user_id matching nameidentifier '$nameIdentifier'", PEAR_LOG_ERR);
exit;
}
$row = $res->fetchRow();
$user_id = $row[0];
+ $logger->log("'$nameIdentifier' match UserID '$user_id'", PEAR_LOG_DEBUG);
+
$query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'";
$res =& $db->query($query);
if (DB::isError($res))
- die($res->getMessage());
+ {
+ header("HTTP/1.0 500 Internal Server Error");
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ exit;
+ }
if (!$res->numRows())
{
header("HTTP/1.0 500 Internal Server Error");
+ $logger->log("Could not fetch identity and session dump for user '$user_id'", PEAR_LOG_ERR);
exit;
}
@@ -135,24 +175,43 @@
$logout->setSessionFromDump($session_dump);
$logout->setIdentityFromDump($user_dump);
- // TODO : handle exception
- if ($logout->validateRequest())
- {
- // validate request failed
- header("HTTP/1.0 500 Internal Server Error");
- exit;
- }
+ // TODO : handle bad validate request
+ $logout->validateRequest();
if ($logout->isIdentityDirty)
{
$identity = $logout->identity;
$query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity->dump());
- $query .= " WHERE identity_id='$user_id'";
+ $query .= " WHERE user_id='$user_id'";
$res =& $db->query($query);
if (DB::isError($res))
- die($res->getMessage());
+ {
+ header("HTTP/1.0 500 Internal Server Error");
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ exit;
+ }
+ $logger->log("Update identity dump for user '$user_id'", PEAR_LOG_DEBUG);
+ }
+
+ if ($logout->isSessionDirty)
+ {
+ $identity = $logout->session;
+ $query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump());
+ $query .= " WHERE user_id='$user_id'";
+
+ $res =& $db->query($query);
+ if (DB::isError($res))
+ {
+ header("HTTP/1.0 500 Internal Server Error");
+ $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT);
+ $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG);
+ exit;
+ }
+ $logger->log("Update session dump for user '$user_id'", PEAR_LOG_DEBUG);
}
+
// TODO : try multiple sp logout
while(($providerID = $logout->getNextProviderId()))
@@ -161,23 +220,20 @@
$logout->buildRequestMsg();
$url = parse_url($logout->msgUrl);
+ $logger->log("Send SOAP Logout Request to '$providerID' for user '$user_id'", PEAR_LOG_INFO);
+
$soap = sprintf("POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n",
$url['path'], $url['host'], $url['port'], strlen($logout->msgBody), $logout->msgBody);
$fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30);
if (!$fp)
- {
- header("HTTP/1.0 500 Internal Server Error");
- die($errstr ($errno));
- }
+ {
+ $logger->log("Could not send SOAP Logout Request to '$providerID' for user '$user_id' : $errstr ($errno)", PEAR_LOG_WARN);
+ continue;
+ }
fwrite($fp, $soap);
$ret = fgets($fp);
- if (!preg_match("/^HTTP\/1\\.. 200/i", $ret))
- {
- header("HTTP/1.0 500 Internal Server Error");
- die("Logout failed with : " . $providerID);
- }
// header
do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header));
@@ -209,17 +265,24 @@
}
fclose($fp);
+ if (!preg_match("/^HTTP\/1\\.. 200/i", $header))
+ {
+ $logger->log("Logout faild for user '$user_id' on '$providerID'", PEAR_LOG_WARN);
+ continue;
+ }
$logout->processResponseMsg($response, lassoHttpMethodSoap);
}
$logout->buildResponseMsg();
header("Content-Length: " . strlen($logout->msgBody) . "\r\n");
echo $logout->msgBody;
+ $logger->log("User '$user_id' logged out", PEAR_LOG_INFO);
break;
case lassoRequestTypeDefederation:
- break;
+
default:
header("HTTP/1.0 500 Internal Server Error");
+ $logger->log("Unknown or unsupported SOAP request", PEAR_LOG_CRIT);
}
lasso_shutdown();
diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php
index 4c219432..82d828bd 100644
--- a/php/Attic/examples/sample-sp/admin_user.php
+++ b/php/Attic/examples/sample-sp/admin_user.php
@@ -33,7 +33,7 @@
die($db->getMessage());
if (!empty($_GET['dump'])) {
- $query = "SELECT identity_dump FROM users WHERE user_id='".$db->quoteSmart($_GET['dump']);
+ $query = "SELECT identity_dump FROM users WHERE user_id=".$db->quoteSmart($_GET['dump']);
$res =& $db->query($query);
if (DB::isError($res))
print $res->getMessage(). "\n";
@@ -72,7 +72,7 @@
if (DB::isError($res))
die($res->getMessage());
- $query = "DELETE FROM users WHERE user_id='".$db->quoteSmart($_GET['del']);
+ $query = "DELETE FROM users WHERE user_id=".$db->quoteSmart($_GET['del']);
$res =& $db->query($query);
if (DB::isError($res))
die($res->getMessage());
diff --git a/php/Attic/examples/sample-sp/assertionConsumer.php b/php/Attic/examples/sample-sp/assertionConsumer.php
index 5de00e98..7ae2c7a8 100644
--- a/php/Attic/examples/sample-sp/assertionConsumer.php
+++ b/php/Attic/examples/sample-sp/assertionConsumer.php
@@ -181,6 +181,6 @@
header("Request-URI: $url");
header("Content-Location: $url");
- header("Location: $url\r\n\r\n");
+ header("Location: $urln\n\n");
exit();
?>
diff --git a/php/Attic/examples/sample-sp/logout.php b/php/Attic/examples/sample-sp/logout.php
index 82a283f7..81937679 100644
--- a/php/Attic/examples/sample-sp/logout.php
+++ b/php/Attic/examples/sample-sp/logout.php
@@ -69,6 +69,8 @@
$url['path'], $url['host'], $url['port'],
strlen($logout->msgBody), $logout->msgBody);
+ die($soap);
+
# PHP 4.3.0 with OpenSSL support required
$fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno));
@@ -121,6 +123,6 @@
header("Request-URI: $url");
header("Content-Location: $url");
- header("Location: $url\r\n\r\n");
+ header("Location: $url\n\r\n");
exit;
?>
generated by cgit (git 2.34.1) at 2026-02-14 07:55:37 +0000