adminnasl/register
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial import

Browse Source
This commit is contained in:
Admin Nasledstvo
2026-05-01 20:52:04 +03:00
commit ac168868ee
10028 changed files with 2337954 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
marko_unpacked/marko/cms/services/openid/IdServer.php
+20
View File
@@ -0,0 +1,20 @@
<?php
namespace app\services\openid;
class IdServer extends IdServerBase
{
public function __construct()
{
$this->auth();
}
public function customGetRequest($req)
{
return $this->secureGetRequest($req);
}
public function customPostRequest($req, $data = [])
{
return $this->securePostRequest($req, $data);
}
}
marko_unpacked/marko/cms/services/openid/IdServerBase.php
+87
View File
@@ -0,0 +1,87 @@
<?php
namespace app\services\openid;
class IdServerBase
{
public $accessToken;
protected function securePostRequest($path, $data)
{
if ($this->accessToken) {
$root = \Yii::$app->params['id_server']."/admin/realms/nasledstvo.bg";
$url = $root . $path;
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$headers = array(
"content-type: application/json",
"Authorization: bearer $this->accessToken",
);
$data = json_encode($data);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$resp = curl_exec($curl);
curl_close($curl);
return json_decode($resp);
}
}
protected function secureGetRequest($path)
{
if ($this->accessToken) {
$root = \Yii::$app->params['id_server']."/admin/realms/nasledstvo.bg";
$url = $root . $path;
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$headers = array(
"Authorization: bearer $this->accessToken",
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$resp = curl_exec($curl);
curl_close($curl);
return json_decode($resp);
}
}
protected function auth()
{
$url = \Yii::$app->params['id_server']."/realms/nasledstvo.bg/protocol/openid-connect/token";
$clint_id = \Yii::$app->params['id_server_client_id'];
$clint_secret = \Yii::$app->params['id_server_client_secret'];
$username = \Yii::$app->params['id_server_admin_user'];
$password = \Yii::$app->params['id_server_admin_password'];
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$headers = array(
"Content-Type: application/x-www-form-urlencoded",
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$data = "client_id=$clint_id&client_secret=$clint_secret&username=$username&password=$password&grant_type=password";
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$resp = curl_exec($curl);
curl_close($curl);
$respData = json_decode($resp);
if (!empty($respData->access_token))
$this->accessToken = $respData->access_token;
}
}
marko_unpacked/marko/cms/services/openid/OpenIdService.php
+154
View File
@@ -0,0 +1,154 @@
<?php
namespace app\services\openid;
use app\models\CmsRoles;
use app\models\UserAdminGlobal;
use app\models\UserPartner;
use app\models\UserSession;
use app\services\Auth;
class OpenIdService
{
private $client_id;
private $client_secret;
private $redirect_uri;
private $metadata_url;
private $locale_from_portal;
public function __construct()
{
$this->locale_from_portal = !empty($_GET['lg']) ? '?lg=' . $_GET['lg'] : '' ;
$this->redirect_uri = \Yii::$app->params['cms'] . '/partner-register-login/'.$this->locale_from_portal;
$this->metadata_url = \Yii::$app->params['id_server'] . '/realms/nasledstvo.bg/.well-known/openid-configuration';
$this->client_id = \Yii::$app->params['id_server_client_id'];
$this->client_secret = \Yii::$app->params['id_server_client_secret'];
}
public function authenticationServerCheckout($isAdmin = false)
{
if ($isAdmin) {
$this->redirect_uri = \Yii::$app->params['cms'] . '/admin-register-login/'.$this->locale_from_portal;
}
$metadata = $this->http($this->metadata_url);
if (!isset($_GET['code'])) {
$_SESSION['state'] = bin2hex(random_bytes(5));
$_SESSION['code_verifier'] = bin2hex(random_bytes(50));
$code_challenge = $this->base64_urlencode(hash('sha256', $_SESSION['code_verifier'], true));
$authorize_url = $metadata->authorization_endpoint . '?' . http_build_query([
'response_type' => 'code',
'client_id' => $this->client_id,
'redirect_uri' => $this->redirect_uri,
'state' => $_SESSION['state'],
'scope' => 'openid profile',
'code_challenge' => $code_challenge,
'code_challenge_method' => 'S256',
]);
header("Location: $authorize_url");
exit;
} else {
if ($_SESSION['state'] != $_GET['state']) {
die('Authorization server returned an invalid state parameter');
}
if (isset($_GET['error'])) {
die('Authorization server returned an error: ' . htmlspecialchars($_GET['error']));
}
$response = $this->http($metadata->token_endpoint, [
'grant_type' => 'authorization_code',
'code' => $_GET['code'],
'redirect_uri' => $this->redirect_uri,
'client_id' => $this->client_id,
'client_secret' => $this->client_secret,
'code_verifier' => $_SESSION['code_verifier'],
]);
if (!isset($response->access_token)) {
die('Error fetching access token');
}
$userinfo = $this->http($metadata->userinfo_endpoint, [
'access_token' => $response->access_token,
]);
if (!empty($userinfo->groups_user) && in_array('public_user', $userinfo->groups_user)) {
header('Location: ' . \Yii::$app->params['portal'] . '/bg/user/wrong-user/');
exit;
}
if(!empty($_GET['lg'])) {
setcookie('cookie_lg', $_GET['lg'], time() + (86400 * 30), "/");
} else {
if (!empty($userinfo->locale)) {
if ($userinfo->locale == 'bg' || $userinfo->locale == 'en') {
setcookie('cookie_lg', $userinfo->locale, time() + (86400 * 30), "/");
}
} else {
setcookie('cookie_lg', 'bg', time() + (86400 * 30), "/");
}
}
//echo json_encode($userinfo);
// exit;
if (empty($userinfo->sub))
die('sub is empty');
//echo json_encode($response);
//exit;
if (!empty($userinfo->sub)) {
if (!empty($userinfo->realm_access)) {
if (!empty($userinfo->realm_access->roles)) {
if (in_array('cms-partner-admin', $userinfo->realm_access->roles)) {
//exit;
if (empty($userinfo->partner_id))
die('missing parameter: partner_id');
$_SESSION['id_token_hint'] = $response->id_token;
//Login as partner user
UserSession::log('partner-admin', 2, $userinfo->sub);
UserPartner::prepareRegisterUser($userinfo, 1);
} else if (in_array('cms-partner-editor', $userinfo->realm_access->roles)) {
//exit;
if (empty($userinfo->partner_id))
die('missing parameter: partner_id');
$_SESSION['id_token_hint'] = $response->id_token;
//Login as partner user
UserSession::log('partner-editor', 2, $userinfo->sub);
UserPartner::prepareRegisterUser($userinfo, 2);
} else if (in_array('cms-super-admin', $userinfo->realm_access->roles)) {
$_SESSION['id_token_hint'] = $response->id_token;
//Login as global administrator
UserSession::log('admin', 2, $userinfo->sub);
UserAdminGlobal::prepareRegisterUser($userinfo);
} else {
require_once __DIR__ . '/access_denied_page.php';
exit;
}
}
}
}
echo 'Error: Some parameters are missing';
exit;
}
}
private function http($url, $params = false)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if ($params)
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
return json_decode(curl_exec($ch));
}
private function base64_urlencode($string)
{
return rtrim(strtr(base64_encode($string), '+/', '-_'), '=');
}
}
marko_unpacked/marko/cms/services/openid/access_denied_page.php
+93
View File
@@ -0,0 +1,93 @@
<?php
/**
* @var $userinfo ;
*/
$lg = !empty($userinfo->locale) && $userinfo->locale == 'en' ? 'en' : 'bg';
$message = [
'bg' => 'Нямате права да влизате в този модул. За да получите достъп, моля свържете се със системния си администратор. Все още сте влезли в профила си в Nasledstvo.bg',
'en' => 'You do not have permission to enter this module. To gain access, please contact your system administrator. You are still logged in to your Nasledstvo.bg account'
];
$profile_button = [
'bg' => 'Към Вашия профил в Nasledstvo.bg',
'en' => 'To your profile at Nasledstvo.bg',
]
//die('Access denied. for user '. $userinfo->email);
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<link rel="stylesheet" href="/_public/assets/css/cms.css">
<title>CMS</title>
</head>
<style>
body {
background: #847650;
padding: 0;
margin: 0;
}
.panel {
width: 100%;
max-width: 500px;
background: #FFFFFF;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.4);
border-radius: 20px;
margin: 100px auto 0;
padding-top: 20px;
}
.header {
height: 40px;
}
.body {
padding: 50px;
}
.message {
text-align: center;
}
.logo-header {
height: 100%;
display: block;
margin: 0 auto;
}
.link {
text-align: center;
margin-top: 30px;
}
.link a {
display: inline-block;
padding: 10px 20px;
background: #847650;
color: #FFFFFF;
border-radius: 10px;
text-decoration: none;
}
</style>
<body>
<div class="panel">
<div class="header">
<img alt="cms" class="logo-header" src="/_public/assets/images/header-logo-<?= $lg ?>.png">
</div>
<div class="body">
<div class="message"><?= $message[$lg] ?></div>
<div class="link">
<a href="https://id.nasledstvo.bg/" class="profile-button"><?= $profile_button[$lg] ?></a>
</div>
</div>
</div>
</body>
</html>