-
Notifications
You must be signed in to change notification settings - Fork 3
/
cms_login.php.example
33 lines (24 loc) · 1.22 KB
/
cms_login.php.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<?php
// This file should be stored in your CMS's filetree
// When clicking the link to the music page, you should set the URL to this file in the href.
// Require your CMS bootstrap code here
require_once("yourCMSbootstrap.php");
// Bootstrap your CMS and check the session is valid (if not your CMS will fallback the login screen)
checkSession();
// The basic idea being to match the user name in your CMS with the user name in Kotr's DB, you must have 1:1 user name in both
$login = getCurrentUserLogin();
// Should be the same as the one set in .env file in the REMOTE_AUTH_SECRET key
$secret = "<your secret here>";
function isSecure() { return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443; }
$https = isSecure() ? "https://" : "http://";
function makeToken()
{
global $login, $secret;
$rand = mt_rand ( 0, 0xffffffff); // Avoid replay attack at least a little bit
$num = sprintf ( "%08x" , $rand );
$time = time(); // Limit to expire the token
return base64_encode($num.$login." ".$time." ".hash('sha256',$rand.$login.$time.$secret, FALSE));
}
header("Location: ".$https."music.yourserver.net/loginRedir.php?token=".makeToken());
exit(0);
?>