where('username', $username)
->where('pass', $pass_hash)
->find_one();
if ($user) {
if (session_status() != PHP_SESSION_ACTIVE)
session_start();
session_regenerate_id(true);
$_SESSION["owner"] = $username;
$_SESSION["pass_hash"] = sha1($user->pass);
$_SESSION["csrf_token"] = bin2hex(random_bytes(16));
header("Location: index.php");
exit;
} else {
$login_notice = "Incorrect username or password";
}
} else if ($op == "perform-oidc-login") {
$oidc = new OpenIDConnectClient(Config::get(Config::OIDC_URL),
Config::get(Config::OIDC_CLIENT_ID),
Config::get(Config::OIDC_CLIENT_SECRET));
$oidc->setRedirectURL(Config::make_self_url() . "/login.php");
$oidc->addScope(['openid', 'profile', 'email']);
$oidc->authenticate();
exit;
} else if ($_REQUEST['code'] ?? false) {
$oidc = new OpenIDConnectClient(Config::get(Config::OIDC_URL),
Config::get(Config::OIDC_CLIENT_ID),
Config::get(Config::OIDC_CLIENT_SECRET));
try {
$oidc->setRedirectURL(Config::make_self_url() . "/login.php");
$oidc->addScope(['openid', 'profile', 'email']);
$oidc->authenticate();
$username = trim(mb_strtolower($oidc->requestUserInfo("preferred_username")));
if ($username) {
$user = ORM::for_table('epube_users')
->where('username', $username)
->find_one();
if ($user) {
if (session_status() != PHP_SESSION_ACTIVE)
session_start();
session_regenerate_id(true);
$_SESSION["refresh_token"] = $oidc->getRefreshToken();
$_SESSION["refresh_token_last_check"] = time();
$_SESSION["owner"] = $username;
$_SESSION["pass_hash"] = sha1($user->pass);
$_SESSION["csrf_token"] = bin2hex(random_bytes(16));
header("Location: index.php");
exit;
}
}
} catch (Exception $e) {
$login_notice = 'OIDC Error: ' . $e->getMessage();
}
logout_user();
} else {
logout_user();
}
?>
The Epube