I cant get this script to work, $users should hold the array data we take out of the database but it doesnt seem to work. Can anyone tell us what we are doing wrong? i posted the script bellow.
added
$users has to stay static becaus it gets used again later on in the script (this is just a small part)
$user1 does get the right data it just doesnt get passed on to $users
added
this is the intire script hope that helps
<?php
class SingleSignOn_Server
{
public $links_path;
protected $started=false;
protected static $brokers = array(
'FGPostbus' => array('secret'=>"FGPostbus123"),
);
protected static $users = array();
public function query_personen(){
mysql_connect('host','user','pass') or die("Kan helaas geen verbinding maken" . mysql_error());
mysql_select_db('db') or die("Kan geen database selecteren");
$sql = mysql_query('select p_gebruikersnaam, p_wachtwoord, p_id, p_md5 FROM personen');
while ($row_user = mysql_fetch_assoc($sql)) {
self::$users[] = $row_user;
}
}
protected $broker = null;
public function __construct()
{
if (!function_exists('symlink')) $this->links_path = sys_get_temp_dir();
}
protected function sessionStart()
{
if ($this->started) return;
$this->started = true;
$matches = null;
if (isset($_REQUEST[session_name()]) && preg_match('/^SSO-(\w*+)-(\w*+)-([a-z0-9]*+)$/', $_REQUEST[session_name()], $matches)) {
$sid = $_REQUEST[session_name()];
if (isset($this->links_path) && file_exists("{$this->links_path}/$sid")) {
session_id(file_get_contents("{$this->links_path}/$sid"));
session_start();
setcookie(session_name(), "", 1);
} else {
session_start();
}
if (!isset($_SESSION['client_addr'])) {
session_destroy();
$this->fail("Not attached");
}
if ($this->generateSessionId($matches[1], $matches[2], $_SESSION['client_addr']) != $sid) {
session_destroy();
$this->fail("Invalid session id");
}
$this->broker = $matches[1];
return;
}
session_start();
if (isset($_SESSION['client_addr']) && $_SESSION['client_addr'] != $_SERVER['REMOTE_ADDR']) session_regenerate_id(true);
if (!isset($_SESSION['client_addr'])) $_SESSION['client_addr'] = $_SERVER['REMOTE_ADDR'];
}
protected function generateSessionId($broker, $token, $client_addr=null)
{
if (!isset(self::$brokers[$broker])) return null;
if (!isset($client_addr)) $client_addr = $_SERVER['REMOTE_ADDR'];
return "SSO-{$broker}-{$token}-" . md5('session' . $token . $client_addr . self::$brokers[$broker]['secret']);
}
protected function generateAttachChecksum($broker, $token)
{
if (!isset(self::$brokers[$broker])) return null;
return md5('attach' . $token . $_SERVER['REMOTE_ADDR'] . self::$brokers[$broker]['secret']);
}
public function login()
{
$this->sessionStart();
if (empty($_POST['p_gebruikersnaam'])) $this->failLogin("No user specified");
if (empty($_POST['p_wachtwoord'])) $this->failLogin("No password specified");
if (!isset(self::$users[$_POST['p_gebruikersnaam']]) || self::$users[$_POST['p_gebruikersnaam']]['p_wachtwoord'] != md5($_POST['p_wachtwoord'])) $this->failLogin("Incorrect credentials");
$_SESSION['user'] = $_POST['p_gebruikersnaam'];
$this->info();
}
public function logout()
{
$this->sessionStart();
unset($_SESSION['user']);
echo 1;
}
public function attach()
{
$this->sessionStart();
if (empty($_REQUEST['broker'])) $this->fail("No broker specified");
if (empty($_REQUEST['token'])) $this->fail("No token specified");
if (empty($_REQUEST['checksum']) || $this->generateAttachChecksum($_REQUEST['broker'], $_REQUEST['token']) != $_REQUEST['checksum']) $this->fail("Invalid checksum");
if (!isset($this->links_path)) {
$link = (session_save_path() ? session_save_path() : sys_get_temp_dir()) . "/sess_" . $this->generateSessionId($_REQUEST['broker'], $_REQUEST['token']);
if (!file_exists($link)) $attached = symlink('sess_' . session_id(), $link);
if (!$attached) trigger_error("Failed to attach; Symlink wasn't created.", E_USER_ERROR);
} else {
$link = "{$this->links_path}/" . $this->generateSessionId($_REQUEST['broker'], $_REQUEST['token']);
if (!file_exists($link)) $attached = file_put_contents($link, session_id());
if (!$attached) trigger_error("Failed to attach; Link file wasn't created.", E_USER_ERROR);
}
if (isset($_REQUEST['redirect'])) {
header("Location: " . $_REQUEST['redirect'], true, 307);
exit;
}
header("Content-Type: image/png");
readfile("empty.png");
}
public function info()
{
$this->sessionStart();
if (!isset($_SESSION['user'])) $this->failLogin("Not logged in");
header('Content-type: text/xml; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8" ?>', "\n";
echo '<user identity="' . htmlspecialchars($_SESSION['user'], ENT_COMPAT, 'UTF-8') . '">';
echo ' <p_id>' . htmlspecialchars(self::$users[$_SESSION['user']]['p_id'], ENT_COMPAT, 'UTF-8') . '</p_id>';
echo ' <p_md5>' . htmlspecialchars(self::$users[$_SESSION['user']]['p_md5'], ENT_COMPAT, 'UTF-8') . '</p_md5>';
echo '</user>';
}
protected function fail($message)
{
header("HTTP/1.1 406 Not Acceptable");
echo $message;
exit;
}
protected function failLogin($message)
{
header("HTTP/1.1 401 Unauthorized");
echo $message;
exit;
}
}
if (realpath($_SERVER["SCRIPT_FILENAME"]) == realpath(__FILE__) && isset($_GET['cmd'])) {
$ctl = new SingleSignOn_Server();
$ctl->$_GET['cmd']();
}
At the very least you probably want to:
Since as is you where replacing the record every time and keeping only one.