云华统一认证对接

    /**
     * 登录
     * $_GET['ticket']  CAS登录方式
     * $_GET['token']  客户端传递参数直接登录
     * ParamsService::get('ldaphost') LDAP登录
     * ParamsService::get('radiusopen') RADIUS登录
     */
    function login()
    {    
        if (Input::has('ret')) {
            Session::put('ret_url', trim(Input::get('ret')));
        }
        if (Input::has('id') && Input::has('name')) {
            $products = Config::get('products');
            $id = Input::get('id');
            $name = Input::get('name');
            $url = $products[$name]['links'][$id];
            if ($url){
                Session::put('down_url', $url);
            }   
        }

        $logintype = Input::get('logintype');
        if ($logintype == 2) {
            Session::set('logintype', $logintype);
        } else {
            Session::set('logintype', 1);
        }
        
        if (App::make('customer')->alias == 'cqyz' && Request::getMethod() == 'GET' && $logintype == '') {
            //CAS Server的登陆URL
            $loginServer = "https://i.cqyz.edu.cn/unified_identity_logon/#/login?applicationCode=Y4Cj74";
            
            //CAS Server的验证URL
            $validateServer = "https://i.cqyz.edu.cn/uapservice/application/roam/check";


            //$myurl = "https://ms.cqyz.edu.cn/login";
  
            if ($type = Input::get('type')) {
                Session::flash('type', 'client');
            }
            
            //判断是否已经登录
            if (Input::has('ticket')) {
                //获取登录后的返回信息
                try {
                    $validateurl = $validateServer . "?ticket=" . $_REQUEST["ticket"];
                    header("Content-Type:text/html;charset=utf-8");
  
                    $token_redis = Redis::get('token');//dd($token_redis);

                    $token_timestamp = Redis::get('token_timestamp') ? Redis::get('token_timestamp') : 0;//dd($token_redis);
                    $expire = time() - $token_timestamp;
                    if($expire > 36000){
                        $expire = false;
                    }else{
                        $expire = true;
                    }
                    if(!empty($token_redis) && $expire){
                        
                        $p = 1;
                        $ret = $this->https_request($validateurl,$p,array('Content-type: application/json;charset=UTF-8',"token:$token_redis"));
                        $ret = json_decode($ret,true);
                        dd($ret);

                    }else{        
                        $token_url = "https://i.cqyz.edu.cn/uapservice/open/token/apply";
                        
                        $p['grantType'] = "CLIENT_CREDENTIALS";
                        
                        $ret = $this->https_request($token_url,$p,array('Content-type: application/json;charset=UTF-8','appKey:16fde478640a4473b0151bb550fe2ac3','appSecret:5ced13ce5edc44bd9a6851eae589a839'));
                        $ret = json_decode($ret,true);
                        
                        if($ret['code']== '40001'){
                            //dd($ret['content']);
                            Redis::set('token',$ret['content']['token']);
                            Redis::set('token_timestamp',time());
                            
                        }else{
                            dd($ret);
                        }
            
                    }
  
                    

   
              
                    dd(44);

                    if (!empty($successnode)) {

                        $username = $successnode->user;
                        $user = UserService::get_user_by_username($username);

                        //通过中间表获取用户信息
                        // $userdata = DB::table('userdata')->where('username', $username)->first();
                        // if (empty($userdata)) {
                        //     echo $username . '该用户不存在中间表，请联系管理员';
                        //     exit;
                        // }
                        //获取用户账户
                        $name = $successnode->attributes->cn;
                        $email = $username . '@' . app()->env;
                        $password = md5($username);

/* 
                        //用户类型
                        $type = explode(',',$successnode->attributes->containerId);
                        $type=$type[1];
                        
                        //教师
                        if($type == 'ou=jzg'){
                            $type=3;
                                
                        }else if($type == 'ou=bks'){
                            $type=2;
                                
                        }else if($type == 'ou=YJS'){
                            $type=4;
                                
                        }else{
                            $type=1;
                        }
*/
                        
                        //部门名称
                        $departname = $successnode->attributes->eduPersonOrgDN;
                        if(!empty($departname)){
                  
                            $departments = DB::table('department')->select('departmentid')->where('name', $departname)->first();

                            if (empty($departments)) {

                                $data = [
                                    'parentid' => 1,
                                    'name' => $departname,
                                ];
                                $departmentid = DB::table('department')->insertGetId($data);

                                //部门预先分配5000个激活次数
                                //windows 7/8
                                $data1 = [
                                    'departmentid' => $departmentid,
                                    'keyid' => 3,
                                    'count' => 10000,
                                    'status' => 1
                                ];
                                // office
                                $data2 = [
                                    'departmentid' => $departmentid,
                                    'keyid' => 4,
                                    'count' => 10000,
                                    'status' => 1
                                ];
                                // Windows 10/11
                                $data3 = [
                                    'departmentid' => $departmentid,
                                    'keyid' => 5,
                                    'count' => 10000,
                                    'status' => 1
                                ];
                                //WINSERVER2012R2
                                $data4 = [
                                    'departmentid' => $departmentid,
                                    'keyid' => 9,
                                    'count' => 10000,
                                    'status' => 1
                                ];
                                // visio
                                $data5 = [
                                    'departmentid' => $departmentid,
                                    'keyid' => 10,
                                    'count' => 10000,
                                    'status' => 1
                                ];
                                // WINSERVER2016
                                $data6 = [
                                    'departmentid' => $departmentid,
                                    'keyid' => 12,
                                    'count' => 10000,
                                    'status' => 1
                                ];
                                // WINSERVER2019
                                $data7 = [
                                    'departmentid' => $departmentid,
                                    'keyid' => 14,
                                    'count' => 10000,
                                    'status' => 1
                                ];
                                // WINSERVER2022
                                $data8 = [
                                    'departmentid' => $departmentid,
                                    'keyid' => 15,
                                    'count' => 10000,
                                    'status' => 1
                                ];
                                // Project 
                                $data9 = [
                                    'departmentid' => $departmentid,
                                    'keyid' => 16,
                                    'count' => 10000,
                                    'status' => 1
                                ];
                                DB::table('department__key')->insert([$data1,$data2,$data3,$data4,$data5,$data6,$data7,$data8,$data9]);
                            } else {
                                $departmentid = $departments->departmentid;
                                if ($departmentid == 1) {
                                    $departmentid = 2;
                                }
                            }
                        }else{//部门名称为空，归属学校
                            $departmentid = 2;
                        }
                        if (!$user) {
                            
                            
                            
                            // 获取userid, 并且保存用户信息
                            $userId = UserService::add_user($email, $password, $username, $name, $departmentid, 1, str_random(32), $type);
                            // 自动分配密钥
                            $reason = 'CAS登录自动分配密钥';
                            $managers = ManagerService::managers();
                            KeyService::auto_assign($userId, $managers[0]->managerid, $reason);
                        } else {
                            $userId = $user->userid;
                            //更新
                            //DB::table('user')->where('userid',$userId)->update(['name'=>$name,'type'=>$type]);

                        }
                        Session::set('user.provider', 'user');
                        Auth::loginUsingId($userId);
                        \Ca\Logger::getInstance()->UserAccessLog();
                        if (Session::get('ret_url') && (Session::get('ret_url') !='https://ms.' . App::make('customer')->alias . '.edu.cn?download=1')) {
                            return Redirect::to(Session::get('ret_url'));
                        }
                        if (Session::get('type')) {
                            return Redirect::to('https://ms.' . App::make('customer')->alias . '.edu.cn/?type=client');
                        }
                        return Redirect::to('/');
                    } else {
                        //重定向浏览器
                        header("Location: " . $loginServer . "?service=" . $myurl);
                        
                        //确保重定向后，后续代码不会被执行
                        exit;
                    }
                } catch (Exception $e) {

                    // echo $e-> getMessage();
                    Log::info($e);
                    exit;
                }
            }else {
                //重定向浏览器
                header("Location: " . $loginServer);
                //确保重定向后，后续代码不会被执行
                exit;
            }
        }

        if (!Auth::guest()) {
            if (Input::get('ret')) {
                return Redirect::to(Input::get('ret'));
            }
            return Redirect::to("/profile");
        }
        $input = null;
        $errors = new MessageBag;
        $rules = array(
            'username' => 'required',
            'password' => 'required|min:3',
            'captcha' => 'captcha|required'
        );
        $messages = array(
            'captcha' => '验证码错误',
            'username.required' => '用户名不能为空',
            'password.required' => '密码不能为空',
            'password.min' => '密码长度不能小于6位',
            'captcha.required' => '验证码不能为空'
        );
        if (Request::getMethod() == 'POST') {
            $input = Input::all();
            $validation = Validator::make($input, $rules, $messages);
            if (!$validation->fails()) {
                $login = $input["username"];
                $password = $input["password"];
                $remember = (bool)Input::get("remember");
                $credentials = array('username' => $login, 'password' => $password, 'provider' => 'user');
                $loginError = false;
                $loginMethod = 'common';
                //Log::info('user login: username: ' . $login . ' password: ' . $password);


                //普通方式登录
                if (($loginMethod != 'common' && !$loginError) || Auth::attempt($credentials, $remember)) {
                    if ($loginMethod != 'common' && !$loginError) {
                        Auth::attempt($credentials, $remember);
                        Log::info('login success');
                    }
                    // UserService::save_password(Auth::user()->userid, $password);
                    if (Auth::user()->status == UserStatus::normal) {
//                        $date = DB::raw('NOW()');
//                        $user_id = Auth::user()->userid;
                        \Ca\Logger::getInstance()->UserAccessLog();
//                        UserService::add_useraccesslog($user_id, $date);
                        $ret_url = Session::get('ret_url');
                        if (!empty($ret_url)) {
                            Session::forget('ret_url');
                            return Redirect::to($ret_url);
                        } else return Redirect::to('/');
                    }
                    Auth::logout();
                    $validation->messages()->add('username', '帐号未激活');
                } else {
                    Log::info('login fail');
                    $validation->messages()->add('username', '帐号或密码错误');
                }
            }
            $errors = $validation->messages();
        }

        $this->layout->title = '用户登录';
        $this->layout->content = View::make('user.home.login')->with('errors', $errors)->with('input', $input);
        return;
    }
    
    
    function https_request($url, $data = null, $header = null)
    {
        $curl = curl_init();//初始化
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_TIMEOUT, 30);//允许 cURL 函数执行的最长秒数。
        /*if (!empty($port)) {
            curl_setopt($curl, CURLOPT_PORT, $port);//可选的用来指定连接端口，默认80端口可不写
        }*/
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
        curl_setopt($curl, CURLOPT_HTTPHEADER, $header);//设置请求目标url头部信息
        if (!empty($data)) {
            //$data不为空，发送post请求
            curl_setopt($curl, CURLOPT_POST, 1);
            curl_setopt($curl, CURLOPT_POSTFIELDS, $data); //$data：数组
        }
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        $output = curl_exec($curl);//执行命令
        $error = curl_error($curl);//错误信息
        if ($error || $output == FALSE) {
            //报错信息
            return 'ERROR ' . curl_error($curl);
        }
        curl_close($curl);
        return $output;
    }
posted @ 2023-10-12 19:20 WilliamShaw 阅读(35) 评论(0) 收藏举报
刷新页面返回顶部
William Shaw技术博客

PHP、MySQL、Linux、Apache、Nginx、JS、JQuery、HTML5、BootStrap、Nodejs、Vue、小程序

云华统一认证对接

公告

William Shaw技术博客

PHP、MySQL、Linux、Apache、Nginx、JS、JQuery、HTML5、BootStrap、Nodejs、Vue、小程序

云华 统一认证 对接

公告

云华统一认证对接
