intval($currentTime) + 60) { echo ('QISSingleSignOn: Token was created in the future (Check your clocks):'.htmlspecialchars($token)); return null; } if (intval($tokens[1]) + 60 < intval($currentTime)) { echo ('QISSingleSignOn: Token expired:'.htmlspecialchars($token)); return null; } // check service name if ($tokens[2] != $singleSignOnService) { echo ('QISSingleSignOn: Wrong service:'.htmlspecialchars($token)); return null; } // check username name (using Title::newFormText as in User::newFromName) $userinfo = explode('/', urldecode($tokens[3])); // Andere Methode wie bei tokens: find the _last_ '/' to split username and hash as the username may include '/'-chars. // $temp_pos = strrpos($tokens[3], '/'); // $userinfo[1] = substr($tokens[3], $temp_pos + 1); // $userinfo[0] = substr($tokens[3], 0, $temp_pos); // echo ('QISSingleSignOn: userinfo-0:'.$userinfo[0]."\n"); // echo ('QISSingleSignOn: userinfo-1:'.$userinfo[1]."\n"); //$t = Title::newFromText($userinfo[0]); $user = $userinfo[0]; if ($user == null) { echo ('QISSingleSignOn: Invalid character in user name: '.htmlspecialchars($userinfo[0])); return null; } // check hash $toHash = $tokens[0].'/'.$tokens[1].'/'.$tokens[2].'/'.$tokens[3].'/'.$singleSignOnSharedSecret; $hash = md5($toHash); if ($hash != $tokens[4]) { echo ('QISSingleSignOn: Hash verification failed:'.htmlspecialchars($token).' Should be: ' . $hash); return null; } // copy _ridlist to session for WikiRights (if present) if (count($userinfo) > -1) { //session_start(); setUserRightsCas($user, $user); //$_SESSION['_ridlist'] = $userinfo[1]; } // welcome, you passed all tests. return $user; } function setUserRightsCas($user, $role="") { include_once("../config-defaults.php"); //include("../config.php"); //Not needed since config-defaults includes config.php $_SESSION['user'] = $user; $_SESSION['loginID'] = 1; $_SESSION['dateformat'] = 1; $_SESSION['adminlang'] = $defaultlang; $_SESSION['htmleditormode'] = 'default'; $_SESSION['questionselectormode'] = 'default'; $_SESSION['templateeditormode'] = 'default'; $_SESSION['checksessionpost'] = sRandomChars(10); $_SESSION['pw_notify']=false; switch ($role){ case "admin": //echo "hallo"; $_SESSION['USER_RIGHT_CREATE_SURVEY'] = 1; $_SESSION['USER_RIGHT_CONFIGURATOR'] = 1; $_SESSION['USER_RIGHT_CREATE_USER'] = 1; $_SESSION['USER_RIGHT_DELETE_USER'] = 1; $_SESSION['USER_RIGHT_SUPERADMIN'] = 1; $_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = 1; $_SESSION['USER_RIGHT_MANAGE_LABEL'] = 1; break; default: //echo "default"; $_SESSION['USER_RIGHT_CREATE_SURVEY'] = 1; $_SESSION['USER_RIGHT_CONFIGURATOR'] = 1; $_SESSION['USER_RIGHT_CREATE_USER'] = 0; $_SESSION['USER_RIGHT_DELETE_USER'] = 0; $_SESSION['USER_RIGHT_SUPERADMIN'] = 0; $_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = 1; $_SESSION['USER_RIGHT_MANAGE_LABEL'] = 1; break; } } ?>