Page History

...
Code Block
<?php

include 'grouper.php';

session_start();

//get this from SSO
$username = $_SERVER['REMOTE_USER'];

//not sure why this wouldnt be there
if (empty($username)) {
    echo "username not detected";
  exit( 1 );
}

//only allow backdoor for certain people, allow backdoor of ?backdoorUser=netid, TODO remove this when tested :)
if ($username == 'abc1' || $username == 'abc2' || $username == 'abc3') {
    
    if (!empty($_GET["backdoorUser"])) {
        
        $username = $_GET["backdoorUser"];
        
    }
    
}

//there is nothing emploitable in this comment, though in prod it should be removed since less information is more secure
echo "<!-- \n";

//cache this in session so we dont hammer ldap
if (!isset($_SESSION['username']) || ($_SESSION['username'] != $username)  ) {
    
    echo "checking grouper...\n";
  $_SESSION['username'] = $username;
  $_SESSION['facultyOrStaff'] = ldapGroupHasMember("site:apps:secureWebApp:facultyStaff", $username);
  $_SESSION['facultyOrStaffOrStudent'] = ldapGroupHasMember("site:apps:secureWebApp:facultyStaffStudents", $username);
  $_SESSION['orgOrAdHoc'] = ldapGroupHasMember("site:apps:secureWebApp:orgAndAdHoc", $username);
  $_SESSION['username'] = $username;

   
} else {
    
    echo "not checking grouper, using cache...\n";
    
}

echo "username: " . substr($username, 0, 1) . "...\n";
echo "facultyOrStaff: " . $_SESSION['facultyOrStaff'] . "\n";
echo "facultyOrStaffOrStudent: " . $_SESSION['facultyOrStaffOrStudent'] . "\n";
echo "orgOrAdHoc: " . $_SESSION['orgOrAdHoc'] . "\n";

echo "-->";
?>
...
Page tree

Versions Compared

Old Version 3

New Version 4

Key
