summaryrefslogtreecommitdiff
path: root/database.php
diff options
context:
space:
mode:
authorcommunity.cacert.org <community.cacert.org@d4452222-2f33-11de-9270-010000000000>2009-05-29 03:43:21 +0000
committercommunity.cacert.org <community.cacert.org@d4452222-2f33-11de-9270-010000000000>2009-05-29 03:43:21 +0000
commite122d4337bb02ac572b3abe82d590aeeda5691f5 (patch)
tree898db159e1582a3ae2859c7f19985a9c7434b838 /database.php
parent8094fd2df48244899e0e76fc4cce4c586aa1ce67 (diff)
downloadcacert-boardvoting-e122d4337bb02ac572b3abe82d590aeeda5691f5.tar.gz
cacert-boardvoting-e122d4337bb02ac572b3abe82d590aeeda5691f5.tar.xz
cacert-boardvoting-e122d4337bb02ac572b3abe82d590aeeda5691f5.zip
centralise authentication + more certificate checking
git-svn-id: http://svn.cacert.cl/Software/Voting/vote@44 d4452222-2f33-11de-9270-010000000000
Diffstat (limited to 'database.php')
-rw-r--r--database.php44
1 files changed, 44 insertions, 0 deletions
diff --git a/database.php b/database.php
index 3bba8c3..e51d64a 100644
--- a/database.php
+++ b/database.php
@@ -89,5 +89,49 @@ BODY;
mail($this->board,$subject,$body,"From: Voting System <returns@cacert.org>");
//mail("testsympa@lists.cacert.org",$subject,$body,"From: Voting System <returns@cacert.org>");
}
+ function auth()
+ {
+ $stmt = $this->getStatement("get voter");
+ $stmt->execute(array($_SERVER['REMOTE_USER']));
+ $user = $stmt->fetch();
+ if ($user) return $user;
+ if ($_SERVER['SSL_CLIENT_S_DN_EMAIL']) {
+ $stmt->execute(array($_SERVER['SSL_CLIENT_S_DN_EMAIL']));
+ $user = $stmt->fetch();
+ if ($user) return $user;
+ }
+ $d=0;
+ while ($email=$_SERVER["SSL_CLIENT_S_DN_EMAIL_$d"]) {
+ $stmt->execute(array($email));
+ $user = $stmt->fetch();
+ if ($user) return $user;
+ ++$d;
+ }
+ if (preg_match_all('/\/emailAddress=([^\/]*)/',$dn,$reg,PREG_SET_ORDER)) {
+ foreach ($reg as $emailarr) {
+ $stmt->execute(array($emailarr[1]));
+ $user = $stmt->fetch();
+ if ($user) return $user;
+ }
+ }
+ if ($_SERVER['SSL_CLIENT_CERT']) {
+ # subjectAltName unpresented by Apache http://httpd.apache.org/docs/trunk/mod/mod_ssl.html
+ # subjectAltName http://tools.ietf.org/html/rfc5280#section-4.2.1.6
+ # WARNING WARNING openssl_x509_parse is an unstable PHP API
+ $x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']);
+ $subjectAltName = $x509['extensions']['subjectAltName']; // going off https://foaf.me/testSSL.php
+ #print_r(split("[, ]",$subjectAltName));
+ #print_r($x509);
+ #echo $subjectAltName;
+ if (preg_match_all('/email:([^, ]*)/',$subjectAltName,$reg,PREG_SET_ORDER)) {
+ foreach ($reg as $emailarr) {
+ $stmt->execute(array($emailarr[1]));
+ $user = $stmt->fetch();
+ if ($user) return $user;
+ }
+ }
+ }
+ return FALSE;
+ }
}
?>