User1/synologySsoClientExamplePage
1
0
Fork 0
mirror of https://github.com/pgmr3/synologySsoClientExamplePage.git synced 2025-12-12 21:15:48 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
main
synologySsoClientExamplePage/check_accesstoken.php
pgmr3 dde03b1d27 first commit
2023-12-22 17:21:31 +01:00

74 lines
2.6 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
// ------------------------------------------------------------------------------
//
// © Copyright (с) 2023 License: GPLv3 https://www.gnu.org/licenses/gpl-3.0.txt
// Author: https://github.com/pgmr3
// ------------------------------------------------------------------------------
include_once('config.php');
// checks the access token stored in the cookie (session) against the SSO server
// if the answer is negative, the access token in the session is deleted, corresponds to a forced logout by the SSO sever, for example user was deleted
// the timing of the session is also checked
function CheckAccesstoken () {
if(session_status() !== PHP_SESSION_ACTIVE) $name_vorher = session_name (SESSION_NAME); //"ServerTools");
session_start();//wiederholter Start ohne Änderung der Parameter
function httpGetCheckAccesstoken ($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);//for testing ignore checking CA
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$output=curl_exec($ch);
curl_close($ch);
//Evaluation answer, write session variables
$json_resp = json_decode($output, true);
if($json_resp['success'] == true){
$_SESSION['user_name'] = $json_resp["data"]["user_name"];
$_SESSION['user_id'] = $json_resp["data"]["user_id"];
$_SESSION['lifetime'] = $_SESSION['endTime'] - time();//Remaining time
if ($_SESSION['lifetime'] <= 0) {
sessionEnds();
return false;
}
return true;
}
else {
sessionEnds();
return false;
}
}
if(isset($_SESSION['sso_accesstoken'])) {
$accesstoken = $_SESSION['sso_accesstoken']; // Repeated checking of the access status, with the access_token is in the cookie (session)
}
else {
//cookie had already expired earlier
return false;
}
$url_str = SSO_HOST.'/webman/sso/SSOAccessToken.cgi?action=exchange&access_token='.$accesstoken;//.'&app_id='.APP_ID);
$_SESSION['url_str_check'] = $url_str;//test
return httpGetCheckAccesstoken($url_str);
exit();
}
function sessionEnds() {
// Destroy cookie & session
$_SESSION = array(); // Delete all session variables.
// Since the session should be deleted, we also delete the session cookie.
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - SESSION_COOKIE_LIFETIME, $params["path"], // The time when cookies expire should be in the past
$params["domain"], $params["secure"], $params["httponly"]
);
$_SESSION['lifetime'] = 0;
}
session_destroy();
}
?>
Reference in New Issue View Git Blame Copy Permalink