toArray(); $username = strtoupper($a['preferred_username']); $username_lower = strtolower($a['preferred_username']); if($type=='staff'){ return in_array($username_lower, array('swc', 'vansindata1','ben')); } $check = ''; if($type=='mgr'){$check='M'; }elseif($type=='tech'){$check='T';} if(!$check){return null;} if(substr($username,1,1)===$check){ return true; } return false; } function is_mgr_student($KEYCLOAK_USER){ return is_keycloak_what_type_user($KEYCLOAK_USER, 'mgr'); } function is_tech_student($KEYCLOAK_USER){ return is_keycloak_what_type_user($KEYCLOAK_USER, 'tech'); } function is_internal_staff($KEYCLOAK_USER){ return is_keycloak_what_type_user($KEYCLOAK_USER, 'staff'); } function is_login_from_v2_student_site(){ return isset($_GET['dest_url']); } function is_login_from_v2_student_site_before_seconds(){ return isset($_SESSION['tmp_frontend_dest_url']); } function get_frontend_dest_url($flag){ $dest_url = isset($_GET['dest_url']) ? urldecode($_GET['dest_url']) : ''; $append_flag = $flag ? (strpos($dest_url, '?')!==false ? '&' : '?').$flag : ''; return !$dest_url ? '' : $dest_url.$append_flag; } function consider_frontend_dest_url_for_redirection($flag){ $dest_url = isset($_GET['dest_url']) ? urldecode($_GET['dest_url']) : ''; if($dest_url){ header('location:'.get_frontend_dest_url($flag)); exit(); } } /* if(isset($_GET['test_vuejs_base64token'])){ $token_value = decode_frontend_keycloak_token_value($_GET['test_vuejs_base64token']); die($token_value); }*/ /* https://id.testing.aiacademy.tw/auth/realms/aiacademy/protocol/openid-connect/auth?state=c11e6839d9fd0420d3fe443b53bd6f4e&scope=name%2Cemail&response_type=code&approval_prompt=auto&redirect_uri=http%3A%2F%2Ftestteststudents.aiacademy.tw%2Ftest_oauth2%2F1220%2F1.php&client_id=wordpress https://id.testing.aiacademy.tw/auth/realms/aiacademy/protocol/openid-connect/auth https://id.aiacademy.tw/auth/realms/aiacademy/.well-known/openid-configuration */ $URL_AFTER_LOGINED_OPENID = '/'; $ID_SERVER_DOMAIN = 'id.aiacademy.tw'; if($_SERVER['SERVER_NAME']=='class.aiacademy.tw'){ $KEYCLOAK_CLIENT_ID = 'wordpress'; $KEYCLOAK_CLIENT_SECRET = '64a67a14-e2a8-4b5e-b8a1-200f4bd87bb7'; }elseif($_SERVER['SERVER_NAME']=='classbeta.aiacademy.tw'){ $KEYCLOAK_CLIENT_ID = 'classbeta_aiacademy_tw'; $KEYCLOAK_CLIENT_SECRET = 'f040bfdc-e8a5-4d32-a1f9-3fcd33220a29'; } else{ $KEYCLOAK_CLIENT_ID = 'class0_aiacademy_tw'; $KEYCLOAK_CLIENT_SECRET = '42dbd353-994f-4672-978f-8a6a664f667c'; } $KEYCLOAK_PROTOCOL = 'http'; $provider = new Stevenmaguire\OAuth2\Client\Provider\Keycloak([ #'authServerUrl' => 'https://id.testing.aiacademy.tw/auth/realms/aiacademy/account', #'authServerUrl' => 'https://'.$ID_SERVER_DOMAIN.'/auth', 'authServerUrl' => $KEYCLOAK_PROTOCOL . '://'.$ID_SERVER_DOMAIN.'/auth', 'realm' => 'aiacademy', 'clientId' => $KEYCLOAK_CLIENT_ID, #'clientSecret' => '8117f3e6-8ff8-4ccb-8fe4-03c32cdac02a', 'clientSecret' => $KEYCLOAK_CLIENT_SECRET, #'redirectUri' => 'http://class.aiacademy.tw/', #<--- need ? ]); #print_r($_SESSION); echo'

'; if(isset($_GET['student_logout'])){ unset($_SESSION['keycloak_user']); if(defined('KEYCLOAK_COOKIE_KEY') and isset($_COOKIE[KEYCLOAK_COOKIE_KEY])){ unset($_COOKIE[KEYCLOAK_COOKIE_KEY]); setcookie(KEYCLOAK_COOKIE_KEY, null, -1, '/'); header('location:https://id.aiacademy.tw/auth/realms/aiacademy/protocol/openid-connect/logout?redirect_uri=https://class.aiacademy.tw'); exit(); } } if(isset($_GET['student_login'])){ if(!is_login_from_v2_student_site() and isset($_SESSION['keycloak_user']) and $_SESSION['keycloak_user']){ $user = unserialize($_SESSION['keycloak_user']); $flag = 'logined_before'; if($user){ $a = $user->toArray(); if(is_student_keycloak_user($a['groups'])){ $recent_school_no = get_recent_school_no_from_keycloak_groups($a['groups']); $URL_AFTER_LOGINED_OPENID = get_calendar_url($recent_school_no); } header('location:'.$URL_AFTER_LOGINED_OPENID.'?'.$flag); exit(); } } if(is_login_from_v2_student_site()){ $_SESSION['tmp_frontend_dest_url'] = get_frontend_dest_url(''); } if(!$user){ header('location: '.$KEYCLOAK_PROTOCOL.'://'.$ID_SERVER_DOMAIN.'/auth/realms/aiacademy/protocol/openid-connect/auth?client_id='.$KEYCLOAK_CLIENT_ID.'&response_type=code&aia_debug=1'); exit(); } } $GET_scope = isset($_GET['scope']) ? $_GET['scope'] : ''; $IS_NOT_GOOGLEAPI = strpos($GET_scope,'www.googleapis.com/auth/')===false; if(isset($_GET['code']) and $IS_NOT_GOOGLEAPI){ # fail debug code file_put_contents(__DIR__.'/test_code.txt', "\nrefer: ".$_SERVER['HTTP_REFERER']."\ncode: ". $_GET['code']."\n\n", FILE_APPEND|LOCK_EX); $keycloak_code = isset($_GET['code'])&&$_GET['code'] ? $_GET['code'] : ''; if(!$keycloak_code){ header('location: '.$KEYCLOAK_PROTOCOL.'://'.$ID_SERVER_DOMAIN.'/auth/realms/aiacademy/protocol/openid-connect/auth?client_id='.$KEYCLOAK_CLIENT_ID.'&response_type=code&aia_debug=2'); exit(); } try { $token = $provider->getAccessToken('authorization_code', [ 'code' => $keycloak_code ]); $user = $provider->getResourceOwner($token); } catch (Exception $e) { //pass if($_SERVER['REMOTE_ADDR']=='xxxx'){ echo'

';
    debug_print_backtrace();
    var_dump($e);
    print_r(get_class_methods($e));
    var_dump($e->getTrace());
    var_dump($e->getCode());
    echo'

'; } echo $e->getMessage(); } if(!$token or !$user){ var_dump($token); var_dump($user); #var_dump($keycloak_code); die('something wrong.'); /* header('location: https://'.$ID_SERVER_DOMAIN.'/auth/realms/aiacademy/protocol/openid-connect/auth?client_id='.$KEYCLOAK_CLIENT_ID.'&response_type=code&aia_debug=3'); exit(); */ }else{ $flag = 'logined_just_now'; if(is_login_from_v2_student_site_before_seconds()){ $dest_url = isset($_SESSION['tmp_frontend_dest_url']) ? $_SESSION['tmp_frontend_dest_url'] : ''; #$token_value = $token->getToken(); #var_dump($token); echo'

'; var_dump($token_value); exit; $token_serialize = serialize($token); $token_value = $token->getToken(); $token_passing_to_frontend = encode_frontend_keycloak_token_value($token_value); if(file_exists(__DIR__.'/db_user_pwd.php')){ require_once __DIR__.'/db_user_pwd.php'; } if(isset($db_name) and $db_name and isset($db_pwd) and isset($db_user) and $db_user){ // save token obj into database $conn = new mysqli('127.0.0.1', $db_user, $db_pwd, $db_name); if ($conn->connect_error) { die('AIA connect_error: '.$conn->connect_error); }else{ mysqli_set_charset($conn, 'utf8'); $create_datetime = date('Y-m-d H:i:s'); $string_token_hashed = hash_keycloak_token_string($token_value); $token_string = $token_value; $a = $user->toArray(); $family_name = $a['family_name']; $given_name = $a['given_name']; $full_name = $a['name']; $sql = "INSERT INTO keycloak_accesstoken (string_token_hashed, email, given_name, family_name, full_name, preferred_username, token_string, token_obj_serialized, create_datetime) VALUES ('" .$string_token_hashed."', '".$a['email']."', '".$given_name."', '".$family_name."', '".$full_name."', '".$a['preferred_username']."', '".$token_string."', '".encode_keycloak_token_obj_for_db($token)."', '".$create_datetime."')"; if($conn->query($sql) !== true){ die("AIA Query Error: " . $sql . "
" . $conn->error); } $conn->close(); } }else{ die('AIA Database configure is required.'); } $html = ''; die($html); } // end of if(is_login_from_v2_student_site_before_seconds()){ $_SESSION['keycloak_user'] = serialize($user); $a = $user->toArray(); if(is_student_keycloak_user($a['groups'])){ $recent_school_no = get_recent_school_no_from_keycloak_groups($a['groups']); $URL_AFTER_LOGINED_OPENID = get_calendar_url($recent_school_no); } header('location:'.$URL_AFTER_LOGINED_OPENID.'?'.$flag); exit(); } } $KEYCLOAK_USER = isset($_SESSION['keycloak_user']) && $_SESSION['keycloak_user'] ? unserialize($_SESSION['keycloak_user']) : null; if(0){ echo('the following is modified from github.com/stevenmaguire/oauth2-keycloak/'); if (!isset($_GET['code'])) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $_SESSION['oauth2state'] = $provider->getState(); header('Location: '.$authUrl); exit; /* // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); exit('Invalid state, make sure HTTP sessions are enabled.'); */ } else { // Try to get an access token (using the authorization coe grant) try { $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); } catch (Exception $e) { exit('Failed to get access token: '.$e->getMessage()); } // Optional: Now you have a token you can look up a users profile data try { // We got an access token, let's now get the user's details $user = $provider->getResourceOwner($token); // Use these details to create a new profile printf('Hello %s!', $user->getName()); } catch (Exception $e) { exit('Failed to get resource owner: '.$e->getMessage()); } // Use this to interact with an API on the users behalf $token_value = $token->getToken(); echo '

'.$token_value; if(isset($user)){ echo'

'; echo $user->getId(); echo'

'; echo $user->getEmail(); echo'

'; echo $user->getName(); echo '

'; echo $_SESSION['keycloak_token'] = $token_value; } echo '

'; } }//end of if(0)