diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..32549485 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,6 @@ +FROM php:8.2-apache +RUN docker-php-ext-install mysqli pdo pdo_mysql +RUN a2enmod rewrite +COPY . /var/www/html/ +RUN chown -R www-data:www-data /var/www/html +EXPOSE 80 diff --git a/WEB-INF/templates/templates_c/test b/WEB-INF/templates/templates_c/test new file mode 100644 index 00000000..e69de29b diff --git a/initialize.php b/initialize.php index 18946798..8db7f5ca 100644 --- a/initialize.php +++ b/initialize.php @@ -91,6 +91,9 @@ session_name(SESSION_COOKIE_NAME); @session_start(); +// SSO Bridge: auto-login via nginx auth_request headers. +require_once(APP_DIR.'/sso-bridge.php'); + // Authorization. import('Auth'); $auth = Auth::factory(AUTH_MODULE, $GLOBALS['AUTH_MODULE_PARAMS']); diff --git a/sso-bridge.php b/sso-bridge.php new file mode 100644 index 00000000..3886db74 --- /dev/null +++ b/sso-bridge.php @@ -0,0 +1,83 @@ +connect_error) return; + +$safe_email = $mysqli->real_escape_string($sso_email); + +// Look up existing user. +$result = $mysqli->query("SELECT id, login FROM tt_users WHERE email = '$safe_email' AND status = 1 LIMIT 1"); +$row = $result ? $result->fetch_assoc() : null; + +if ($row) { + $user_id = (int)$row['id']; + $user_login = $row['login']; +} else { + // Create new user. + $safe_name = $mysqli->real_escape_string($sso_name); + $rand_pass = md5(uniqid(mt_rand(), true)); + $mysqli->query( + "INSERT INTO tt_users (login, password, `name`, email, group_id, org_id, role_id, status, created) " . + "VALUES ('$safe_email', '$rand_pass', '$safe_name', '$safe_email', 1, 1, 4, 1, NOW())" + ); + if ($mysqli->insert_id) { + $user_id = (int)$mysqli->insert_id; + $user_login = $sso_email; + } else { + $mysqli->close(); + return; // Insert failed, bail out. + } +} + +$mysqli->close(); + +// Set Anuko session variables (from Auth.class.php). +$_SESSION['authenticated'] = true; +$_SESSION['authenticated_user_id'] = $user_id; +$_SESSION['login'] = $user_login; + +// Redirect away from login.php if SSO headers are present. +$script = basename($_SERVER['SCRIPT_NAME']); +if ($script === 'login.php') { + header('Location: time.php'); + exit; +}