home
/
plugin.image.photostation
ウォッチ 1
お気に入りに登録 0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
Play images and video from Synology PhotoStation server
27 コミット
1 ブランチ
ブランチ: master
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'master' から
${ noResults }
plugin.image.photostation/PhotoStation API/webapi/authutil.php

authutil.php 8.4KB
パーマリンク 履歴 Raw形式

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229 
  1. <?php

  2. 

  3. require_once('auth.inc.php');

  4. 

  5. class AuthAPIUtil {

  6. 

  7.     static function SYNOPHOTO_LOGIN_USERDATA_PARSER($pUser)

  8.     {

  9.         global $SYNOPHOTO_DSM_USER_INFO;

  10.         $result = array();

  11.         if (!is_array($pUser)) {

  12.             return null;

  13.         }

  14.         $i = 0;

  15. 		$groups = array();

  16.         foreach ($pUser as $item) {

  17. 			if (preg_match('/\((\d+)\)/', $item, $match)) {

  18. 				$groups[] = $match[1];

  19. 			}

  20. 

  21.             if (!preg_match('/(^\w+\s?\w+)\s*\:/', $item, $match) || !preg_match('/\[(.*)\]/', $item, $match_val)) {

  22.                 continue;

  23.             }

  24. 

  25.             if (false !== $index = array_search($match[1], $SYNOPHOTO_DSM_USER_INFO)) { // $key = 2;

  26.                 $result[$index] = $match_val[1];

  27.                 $result[$SYNOPHOTO_DSM_USER_INFO[$index]] = $match_val[1];

  28.             }

  29.         }

  30. 		$result['groups'] = implode(',', $groups);

  31.         return $result;

  32.     }

  33. 

  34.     static function SYNOPHOTO_LOGIN_AddLog($username, $success)

  35.     {

  36.         $ip = $_SERVER['REMOTE_ADDR'];

  37.         $conf = csSYNOPhotoMisc::GetConfigFile(SYNO_CNF_FILE, 'enable_demomode');

  38.         if ('yes' == $conf['enable_demomode']) {

  39.             $ip = 'xxx.xxx.xxx.xxx';

  40.         }

  41. 

  42.         if ($success) {

  43.             PhotoLog::Add($username." logged in from "."[".$ip."].", true, strtolower($username));

  44.             return;

  45.         }

  46.         PhotoLog::Add($username." failed to log in from "."[".$ip."].", false, strtolower($username));

  47.     }

  48. 

  49.     /*

  50.      *  return

  51.      *    1 - success

  52.      *    0 - fail

  53.      */

  54.     static function SYNOPHOTO_LOGIN_ValidateAdmin()

  55.     {

  56.         $user = ('root' == SYNOPHOTO_ADMIN_USER)? 'admin':SYNOPHOTO_ADMIN_NAME;

  57.         $command = "/usr/syno/bin/synoauth ".escapeshellarg($user)." ".escapeshellarg($_REQUEST['password']);

  58.         @exec($command, $pAuth, $retval);

  59. 

  60.         if (0 == $retval) {

  61.             unset($_SESSION[SYNOPHOTO_ADMIN_USER]);

  62. 			csSYNOPhotoMisc::PhotoSessionStart();

  63. 

  64.             csSYNOPhotoDB::GetDBInstance()->SetSessionSystemConfigsFromFile();

  65.             $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;

  66.             self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], true);

  67.             return 1;

  68.         }

  69.         self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);

  70.         return 0;

  71.     }

  72. 

  73.     /*

  74.      *  return

  75.      *    1 - success

  76.      *    0 - fail

  77.      *   -1 - disable user (Photo Station Account System)

  78.      *   -2 - not photo station user (Photo Station Account System)

  79.      *   -3 - guest account is not allowed to login (DSM Account System)

  80.      */

  81.     static function SYNOPHOTO_LOGIN_ValidateDsmUser()

  82.     {

  83.         if (!strcasecmp($_REQUEST['username'], 'guest')) {

  84.             return -3;

  85.         }

  86.         $command = "/usr/syno/bin/synophoto_dsm_user --auth ".escapeshellarg($_REQUEST['username'])." ".escapeshellarg($_REQUEST['password']);

  87.         @exec($command, $pAuth, $auth_retval);

  88. 

  89.         $user_info = array();

  90.         if (0 == $auth_retval) {

  91.             $command = "/usr/syno/bin/synophoto_dsm_user --getinfo ".escapeshellarg($_REQUEST['username']);

  92.             @exec($command, $pUser, $retval);

  93.             $user_info = self::SYNOPHOTO_LOGIN_USERDATA_PARSER($pUser);

  94.         } else {

  95.             self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);

  96.             return 0;

  97.         }

  98. 

  99.         if ($user_info) {

  100.             unset($_SESSION[SYNOPHOTO_ADMIN_USER]);

  101. 			csSYNOPhotoMisc::PhotoSessionStart();

  102. 

  103.             csSYNOPhotoDB::GetDBInstance()->SetSessionSystemConfigsFromFile();

  104.             $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid'] = $user_info[2];

  105.             $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'] = $user_info[0];

  106.             $_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account'] = true;

  107. 			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = $user_info['groups'];

  108. 

  109.             if ($user_info[10]) {

  110.                 $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;

  111.             }

  112.             self::SYNOPHOTO_LOGIN_AddLog($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'], true);

  113.             return 1;

  114.         }

  115.         self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);

  116.         return 0;

  117.     }

  118. 

  119.     /*

  120.      * return 

  121.      *   1 - success

  122.      *   0 - fail

  123.      *  -1 - disable user (Photo Station Account System)

  124.      *  -2 - not photo station user (Photo Station Account System)

  125.      *  -3 - guest account is not allowed to login (DSM Account System)

  126.      */

  127.     static function SYNOPHOTO_LOGIN_ValidateUser()

  128.     {

  129.         $escape = PHOTO_DB_GetEscape();

  130.         $query_usr = "Select count(*) from photo_user where lower(username) like ? $escape";

  131.         $sqlParam = array(PHOTO_DB_EscapForLike(strtolower($_REQUEST['username'])));

  132.         $count = PHOTO_DB_QueryCount($GLOBALS['dbconn_photo'], $query_usr, $sqlParam);

  133. 

  134.         if ($count == 0) {

  135.             // user is not photo station user

  136.             return -2;

  137.         }

  138. 

  139.         $query = "Select * from photo_user where lower(username) like ? $escape and password = '".md5($_REQUEST['password'])."'";

  140.         $sqlParam = array(PHOTO_DB_EscapForLike(strtolower($_REQUEST['username'])));

  141.         $result = PHOTO_DB_Query($query, $sqlParam);

  142. 

  143.         $user_info = PHOTO_DB_FetchRow($result);

  144.         if ($user_info) {

  145.             if(PHOTO_DB_ConvertBool($user_info[4]) == 't') {

  146.                 //disabled

  147.                 return -1;

  148.             }

  149. 

  150.             unset($_SESSION[SYNOPHOTO_ADMIN_USER]);

  151. 			csSYNOPhotoMisc::PhotoSessionStart();

  152. 

  153.             csSYNOPhotoDB::GetDBInstance()->SetSessionSystemConfigsFromFile();

  154.             $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_userid'] = $user_info[0];

  155.             $_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'] = $user_info[1];

  156.             $_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account'] = false;

  157. 

  158. 			/* set user's belonging groups */

  159. 			$query = "SELECT groupid FROM " . PHOTO_USER_GROUP_TABLE . " WHERE userid = $user_info[0]";

  160. 			$db_result = PHOTO_DB_Query($query);

  161. 			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = '';

  162. 			$groups = array();

  163. 			while ($row = PHOTO_DB_FetchRow($db_result)) {

  164. 				$groups[] = $row['groupid'];

  165. 			}

  166. 			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = implode(',', $groups);

  167. 

  168.             if (PHOTO_DB_ConvertBool($user_info[6]) == 't') {

  169.                 $_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;

  170.             }

  171.             self::SYNOPHOTO_LOGIN_AddLog($_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_user'], true);

  172.             return 1;

  173.         }

  174.         self::SYNOPHOTO_LOGIN_AddLog($_REQUEST['username'], false);

  175.         return 0;

  176.     }

  177. 

  178. 	static function SYNOPHOTO_LOGIN_UpdateUserSession($username) {

  179. 		if (null == $username) {

  180. 			return;

  181. 		}

  182. 		// PhotoStation User

  183. 		if ("0" == $_SESSION[SYNOPHOTO_ADMIN_USER]['photo_config']['global']['account_system'] || 'root' != SYNOPHOTO_ADMIN_USER){

  184. 			$isAdmin = 'f';

  185. 			$query = "SELECT userid, admin, disabled FROM photo_user WHERE username = ?";

  186. 			$db_result = PHOTO_DB_Query($query, array($username));

  187. 			while ($row = PHOTO_DB_FetchRow($db_result)) {

  188. 				if (PHOTO_DB_IsTrue($row['disabled'])) {

  189. 					unset($_SESSION[SYNOPHOTO_ADMIN_USER]);

  190. 					return false;

  191. 				}

  192. 				$userid = $row['userid'];

  193. 				$isAdmin = $row['admin'];

  194. 			}

  195. 			if('t' === PHOTO_DB_ConvertBool($isAdmin) || (('root' === SYNOPHOTO_ADMIN_USER) ? 'admin' : substr(SYNOPHOTO_ADMIN_USER, 1)) === $username) {

  196. 				$_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;

  197. 			} else {

  198. 				unset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);

  199. 			}

  200. 

  201. 			$query = "SELECT groupid FROM photo_user_group WHERE userid = ?";

  202. 			$db_result = PHOTO_DB_Query($query, array($userid));

  203. 			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = '';

  204. 			$groups = array();

  205. 			while ($row = PHOTO_DB_FetchRow($db_result)) {

  206. 				$groups[] = $row['groupid'];

  207. 			}

  208. 			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = implode(',', $groups);

  209. 		// DSM User

  210. 		} else {

  211. 			$command = "/usr/syno/bin/synophoto_dsm_user --getinfo ".escapeshellarg($username);

  212. 			@exec($command, $pUser, $retval);

  213. 			$user_info = self::SYNOPHOTO_LOGIN_USERDATA_PARSER($pUser);

  214. 			if (!$user_info || $user_info['Expired'] !== "false") {

  215. 				unset($_SESSION[SYNOPHOTO_ADMIN_USER]);

  216. 				return false;

  217. 			}

  218. 			$_SESSION[SYNOPHOTO_ADMIN_USER]['reg_syno_groupid'] = $user_info['groups'];

  219. 			if ($user_info[10]) {

  220. 				$_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user'] = SYNOPHOTO_ADMIN_PASS;

  221. 			} else {

  222. 				unset($_SESSION[SYNOPHOTO_ADMIN_USER]['admin_syno_user']);

  223. 			}

  224. 		}

  225. 	}

  226. }

  227. 

  228. ?>