<?php //====================================================================================== // // Function: Validate the REEFT 2.0 Access token // // Programmer: AR // Date : 2025-02-07 // // Copyright Reeft A/S (c) - 2025 //====================================================================================== //====================================================================================== // Set session //====================================================================================== if(!isset($_SESSION)) { session_start(); } //WHILE TESTING CALL WITH PARM test if (isset($_GET['test']) && $_GET['test'] === 'Y') { $apiUrl = $rftUrl . '/Authentication/Login/Gps'; $receivedToken = 'eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI5OGQzYWVhYi0zZWRlLTMyNjYtOTEzYi00YTJkMGRiODVhNDMiLCJqdGkiOiIxN2E5N2YxNy1lNTkwLTRmNWYtYjBlMi1iODM0MjlkMjc4MzYiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoic3VwZXJBZG1pbiIsImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd3MvMjAwOC8wNi9pZGVudGl0eS9jbGFpbXMvcm9sZSI6IlN1cGVyQWRtaW4iLCJQZXJtaXNzaW9ucyI6Ikdwc1Rva2VuIiwiUm9sZUlkIjoiMzY2N2E1NGYtYWEyNy00ZTNhLTg3NzgtYWQ3NTgzN2NmZTZhIiwiT3JnYW5pemF0aW9uSWQiOiJkZjkzNjU0ZS1kMWMzLTQ1OGItODAyMC0zNTlmMTlhZDYxY2UiLCJVc2VTaGFyZWREYXRhYmFzZSI6dHJ1ZSwiQ29uc2lkZXJPcmdhbml6YXRpb25IZWFkZXIiOmZhbHNlLCJleHAiOjE3OTI0OTc5NjQsImlzcyI6IlJlZWZ0Lk9yZ2FuaXphdGlvblNlcnZpY2UiLCJhdWQiOiJSZWVmdC5Pcmdhbml6YXRpb25TZXJ2aWNlIn0.J-WFQAeZsM4owbUQaX3QE7Ybe4W90vqyLuiU_QHTwwmlYHzQxmWRbeiT4s1kxSGG'; //super admin //$receivedToken = 'eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI5OGQzYWVhYi0zZWRlLTMyNjYtOTEzYi00YTJkMGRiODVhNDMiLCJqdGkiOiJhMGE2YjVkMi0yNjg3LTQ5YWMtYjg1YS1hYWRiYjNmOTBkOTQiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiKzQ1MzEzMjMzNDAiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJTdXBlckFkbWluIiwiU2NvcGVzIjoiUmVlZkFQSSIsIlJvbGVJZCI6IjM2NjdhNTRmLWFhMjctNGUzYS04Nzc4LWFkNzU4MzdjZmU2YSIsIk9yZ2FuaXphdGlvbklkIjoiZWQxY2RiOTgtZjliZS00ZTlkLTkxODQtNGQxYzcxMzAxZDQ0IiwiVXNlU2hhcmVkRGF0YWJhc2UiOnRydWUsImNvbnNpZGVyT3JnYW5pemF0aW9uSGVhZGVyIjp0cnVlLCJleHAiOjE3MzI3OTk2NTksImlzcyI6IlJlZWZ0Lk9yZ2FuaXphdGlvblNlcnZpY2UiLCJhdWQiOiJSZWVmdC5Pcmdhbml6YXRpb25TZXJ2aWNlIn0.t_zI1z2_4N_wehjixfjfDCmBXzAKrN1YU53AlTjJt9zSGvbV9P5VxwkTERBjfgS5'; //expired //$receivedToken = 'eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMzEzMzg5Yi1kMDNjLTRmNzYtYjRkOC0wOGRjOGJhNDU1MzIiLCJqdGkiOiI3Mzk0ZGU4Yy04ZTZhLTRiZWUtYmZiZi03YmJmNzE5YzdmOWMiLCJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93cy8yMDA4LzA2L2lkZW50aXR5L2NsYWltcy9yb2xlIjoiT3JnYW5pemF0aW9uQWRtaW4iLCJTY29wZXMiOiJSZWVmdCIsIlJvbGVJZCI6Ijk2MmYzNDM2LTNiODUtNGYxMi1hMDdkLTk3N2YzZmQ1ZGNlMiIsIk9yZ2FuaXphdGlvbklkIjoiZWQxY2RiOTgtZjliZS00ZTlkLTkxODQtNGQxYzcxMzAxZDQ0IiwiVXNlU2hhcmVkRGF0YWJhc2UiOnRydWUsIkNvbnNpZGVyT3JnYW5pemF0aW9uSGVhZGVyIjpmYWxzZSwiZXhwIjoxNzkyMzkzNTIyLCJpc3MiOiJSZWVmdC5Pcmdhbml6YXRpb25TZXJ2aWNlIiwiYXVkIjoiUmVlZnQuT3JnYW5pemF0aW9uU2VydmljZSJ9.m-RWjbjJuXNGvoAe5Tb8KvgXD0r0ZUr0X3nqZKul_jE3XuYQTSwLkpps5ygCBguk'; //admin (min service bix) $ConsiderOrganizationHeader = 0; $UseSharedDb = 1; $TargetOrganization = 'DF93654E-D1C3-458B-8020-359F19AD61CE'; authorization($receivedToken, $ConsiderOrganizationHeader, $UseSharedDb, $TargetOrganization, 'da'); } else { // Get token from the request header (not used GPS will receive everything in the body from web, including token, ConsiderOrganizationHeader, TargetOrganization, UseSharedDb and language.) //$headers = getallheaders(); // Read the raw JSON data from the request body - changed so we use a GET //$requestBody = file_get_contents('php://input'); //$requestData = json_decode($requestBody, true); if (isset($_REQUEST['token']) ) { $receivedToken = trim(str_replace('Bearer', '', $_REQUEST['token'])); } else { $receivedToken = null; http_response_code(400); // Bad Request displayError('Bearer token not provided'); exit; } if (isset($_REQUEST['language']) ) { $loginLanguage = $_REQUEST['language']; if (!in_array($loginLanguage, ["en", "de", "da", "no", "sv"])) { http_response_code(400); // Bad Request displayError('Language not allow (allow is ["en", "de", "da", "no", "sv"])'); exit; } } else { http_response_code(400); // Bad Request echo json_encode(['error' => 'Language missing']); displayError('Language missing'); exit; } if (isset($_REQUEST['ConsiderOrganizationHeader']) ) { $ConsiderOrganizationHeader = $_REQUEST['ConsiderOrganizationHeader']; } else { http_response_code(400); // Bad Request displayError('ConsiderOrganizationHeader missing'); exit; } if (isset($_REQUEST['UseSharedDb']) ) { $UseSharedDb = $_REQUEST['UseSharedDb']; } else { http_response_code(400); // Bad Request displayError('UseSharedDb missing'); exit; } if (isset($_REQUEST['TargetOrganization']) ) { $TargetOrganization = $_REQUEST['TargetOrganization']; } else { http_response_code(400); // Bad Request displayError('TargetOrganization missing'); exit; } if (isset($_REQUEST['origin']) ) { $origin = $_REQUEST['origin']; } else { $origin = 'production'; } //if staging or test we have to ensure we uses right url if (isset($_REQUEST['origin']) ) { if ($_REQUEST['origin'] == 'staging') { $rftUrl = 'https://staging-bffweb.reeft.com/api'; // staging url $rftUrlCustomer = 'https://staging-customer.reeft.com/api'; $rftUrlOrganization = 'https://staging-organization.reeft.com/api'; } else if ($_REQUEST['origin'] == 'azdev') { $rftUrl = 'https://azdev-bffweb.reeft.com/api'; // azdev url $rftUrlCustomer = 'https://azdev-customer.reeft.com/api'; $rftUrlOrganization = 'https://azdev-organization.reeft.com/api'; } else if ($_REQUEST['origin'] == 'aztest') { $rftUrl = 'https://aztest-bffweb.reeft.com/api'; // aztest url $rftUrlCustomer = 'https://aztest-customer.reeft.com/api'; $rftUrlOrganization = 'https://aztest-organization.reeft.com/api'; } else if ($_REQUEST['origin'] == 'production') { $rftUrl = 'https://bffweb.reeft.com/api'; // live url $rftUrlCustomer = 'https://customer.reeft.com/api'; $rftUrlOrganization = 'https://organization.reeft.com/api'; } } // Check for Authorization header if ($receivedToken) { $auth = authorization($receivedToken, $ConsiderOrganizationHeader, $UseSharedDb, $TargetOrganization, $loginLanguage, $origin); if ($auth == "OK") { http_response_code(200); // OK } } } function authorization($receivedToken, $ConsiderOrganizationHeader, $UseSharedDb, $TargetOrganization , $loginLanguage, $origin) { global $rftUrl; $apiUrl = $rftUrl . '/Authentication/Login/Gps'; // cURL setup $ch = curl_init($apiUrl);; $headers = [ 'accept: text/plain', 'Authorization: Bearer ' . $receivedToken, 'ConsiderOrganizationHeader: ' . $ConsiderOrganizationHeader, 'UseSharedDb: ' . $UseSharedDb, 'TargetOrganization: ' . $TargetOrganization, ]; // cURL options curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_POST, true); // Explicitly set the method to POST curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Execute cURL request $response = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); if (curl_errno($ch)) { $curlError = curl_error($ch); } else { $curlError = false; } // Close cURL resource curl_close($ch); if ($curlError) { http_response_code(400); // Bad Request $errorMessage = 'cURL error calling Authentication/Login/Gps - ' . $curlError; displayError($errorMessage); exit; } if ($httpCode != '200'){ http_response_code(400); // Bad Request $errorMessage = 'httpCode recieved calling Authentication/Login/Gps - ' . $httpCode; displayError($errorMessage); exit; } $data = json_decode($response, true); $token = $data["token"]; $refreshToken = $data["refreshToken"]; $_SESSION['receivedToken'] = $receivedToken; $_SESSION['ConsiderOrganizationHeader'] = $ConsiderOrganizationHeader; $_SESSION['UseSharedDb'] = $UseSharedDb; $_SESSION['TargetOrganization'] = $TargetOrganization; $_SESSION['loginLanguage'] = $loginLanguage; $_SESSION['token'] = $token; $_SESSION['origin'] = $origin; $_SESSION['refreshToken'] = $data["refreshToken"]; $_SESSION['loginOrganizationId'] = $data["organizationId"]; $_SESSION['loginOrganizationName'] = $data["organizationName"]; $_SESSION['loginUserId'] = $data["userId"]; $_SESSION['loginUserName'] = $data["name"]; $_SESSION['loginUserRole'] = $data["role"][0]; $_SESSION['loginDepartmentId'] = $data["departmentId"]; $_SESSION['loginDepartmentName'] = $data["departmentName"]; return "OK"; } // Display an error message to the user in the opened window function displayError($errorMessage) { ?> <!DOCTYPE html> <html> <head> <title>Error</title> <style> body { font-family: Arial, sans-serif; text-align: center; margin-top: 50px; } .error-box { display: inline-block; border: 1px solid red; padding: 20px; background-color: #ffe6e6; color: red; font-weight: bold; border-radius: 10px; } </style> </head> <body> <div class="error-box"> <p>Sorry, you do not have access to this page</p> <p>Please try again from the webplanner or contact support and provide the error message below</p> <p>Error: <?php echo htmlspecialchars($errorMessage); ?></p> </div> </body> </html> <?php } ?>