3 // TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
6 // get out master library for ga4php
7 require_once("../lib/lib.php");
11 // first we want to fork into the background like all good daemons should
12 //$pid = pcntl_fork();
18 // i am the parent, i shall leave
19 echo "i am a parent, i leave\n";
22 global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
24 $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
25 $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
32 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
34 case MSG_DELETE_USER_TOKEN:
35 $username = $msg["username"];
37 $sql = "select users_otk from users where users_username='$username'";
39 $res = $dbo->query($sql);
41 foreach($res as $row) {
42 $otkid = $row["users_otk"];
46 unlink("$BASE_DIR/authserver/authd/otks/$otkid.png");
49 $sql = "update users set users_tokendata='',users_otk='' where users_username='$username'";
51 $res = $dbo->query($sql);
53 msg_send($cl_queue, MSG_DELETE_USER_TOKEN, true);
55 case MSG_AUTH_USER_TOKEN:
56 echo "Call to auth user token\n";
57 // minimal checking, we leav it up to authenticateUser to do the real
59 if(!isset($msg["username"])) $msg["username"] = "";
60 if(!isset($msg["passcode"])) $msg["passcode"] = "";
61 $username = $msg["username"];
62 $passcode = $msg["passcode"];
64 $authval = $myga->authenticateUser($username, $passcode);
65 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
68 if(!isset($msg["username"])) {
69 msg_send($cl_queue, MSG_GET_OTK_ID, false);
71 $username = $msg["username"];
72 $sql = "select users_otk from users where users_username='$username'";
74 $res = $dbo->query($sql);
76 foreach($res as $row) {
77 $otkid = $row["users_otk"];
81 msg_send($cl_queue, MSG_GET_OTK_ID, false);
83 msg_send($cl_queue, MSG_GET_OTK_ID, $otkid);
88 if(!isset($msg["otk"])) {
89 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
92 $sql = "select users_username from users where users_otk='$otk'";
94 $res = $dbo->query($sql);
96 foreach($res as $row) {
97 $username = $row["users_username"];
100 if($username == "") {
101 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
102 } else if($username != $msg["username"]) {
103 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
106 $hand = fopen("$BASE_DIR/authserver/authd/otks/$otk.png", "rb");
107 $data = fread($hand, filesize("$BASE_DIR/authserver/authd/otks/$otk.png"));
109 unlink("$BASE_DIR/authserver/authd/otks/$otk.png");
110 $sql = "update users set users_otk='' where users_username='$username'";
112 error_log("senting otk, fsize: ".filesize("$BASE_DIR/authserver/authd/otks/$otk.png")." $otk ");
113 msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
119 if(!isset($msg["username"])) {
120 msg_send($cl_queue, MSG_SYNC_TOKEN, false);
122 $tokenone = $msg["tokenone"];
123 $tokentwo = $msg["tokentwo"];
125 msg_send($cl_queue,MSG_SYNC_TOKEN, $myga->resyncCode($username, $tokenone, $tokentwo));
129 case MSG_ADD_USER_TOKEN:
130 echo "Call to add user token\n";
131 if(!isset($msg["username"])) {
132 msg_send($cl_queue, MSG_ADD_USER_TOKEN, false);
135 $username = $msg["username"];
137 if(isset($msg["tokentype"])) {
138 $tokentype=$msg["tokentype"];
141 if(isset($msg["hexkey"])) {
142 $hexkey = $msg["hexkey"];
145 $myga->setUser($username, $tokentype, "", $hexkey);
147 $url = $myga->createUrl($username);
148 if(!file_exists("$BASE_DIR/authserver/authd/otks")) mkdir("$BASE_DIR/authserver/authd/otks");
149 $otk = generateRandomString();
150 system("qrencode -o $BASE_DIR/authserver/authd/otks/$otk.png $url");
152 $sql = "update users set users_otk='$otk' where users_username='$username'";
153 $dbo = getDatabase();
154 $res = $dbo->query($sql);
156 msg_send($cl_queue, MSG_ADD_USER_TOKEN, true);
159 case MSG_DELETE_USER:
160 echo "Call to del user\n";
161 if(!isset($msg["username"])) {
162 msg_send($cl_queue, MSG_DELETE_USER, false);
164 $username = $msg["username"];
167 $sql = "select users_otk from users where users_username='$username'";
168 $dbo = getDatabase();
169 $res = $dbo->query($sql);
171 foreach($res as $row) {
172 $otkid = $row["users_otk"];
175 unlink("otks/$otkid.png");
179 $sql = "delete from users where users_username='$username'";
180 $dbo = getDatabase();
183 msg_send($cl_queue, MSG_DELETE_USER, true);
186 case MSG_AUTH_USER_PASSWORD:
188 echo "Call to auth user pass\n";
189 if(!isset($msg["username"])) {
190 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
193 if(!isset($msg["password"])) {
194 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
198 $username = $msg["username"];
199 $password = $msg["password"];
200 $sql = "select users_password from users where users_username='$username'";
201 $dbo = getDatabase();
202 $res = $dbo->query($sql);
204 foreach($res as $row) {
205 $pass = $row["users_password"];
209 $ourpass = hash('sha512', $password);
210 echo "ourpass: $ourpass\nourhash: $pass\n";
211 if($ourpass == $pass) {
212 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
215 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
220 case MSG_SET_USER_PASSWORD:
221 echo "how on earth is that happening Call to set user pass, wtf?\n";
224 if(!isset($msg["username"])) {
225 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
229 if(!isset($msg["password"])) {
230 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
235 $username = $msg["username"];
236 $password = $msg["password"];
238 echo "would set pass for $username, to $password\n";
239 if($password == "") $pass = "";
240 else $pass = hash('sha512', $password);
242 $dbo = getDatabase();
243 echo "in set user pass for $username, $pass\n";
244 $sql = "update users set users_password='$pass' where users_username='$username'";
248 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
251 // these are irrelavent yet
254 case MSG_SET_USER_REALNAME:
255 echo "Call to set user realname\n";
257 if(!isset($msg["username"])) {
258 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
261 if(!isset($msg["realname"])) {
262 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
266 $username = $msg["username"];
267 $realname = $msg["realname"];
268 $sql = "update users set users_realname='$realname' where users_username='$username'";
269 $dbo = getDatabase();
273 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
275 // TODO now set real name
277 case MSG_SET_USER_TOKEN:
279 echo "Call to set user token\n";
280 if(!isset($msg["username"])) {
281 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
284 if(!isset($msg["tokenstring"])) {
285 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
290 $username = $msg["username"];
291 $token = $msg["tokenstring"];
292 $return = $myga->setUserKey($username, $token);
293 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
295 // TODO now set token
297 case MSG_SET_USER_TOKEN_TYPE:
299 echo "Call to set user token type\n";
300 if(!isset($msg["username"])) {
301 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
304 if(!isset($msg["tokentype"])) {
305 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
309 $username = $msg["username"];
310 $tokentype = $msg["tokentype"];
312 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
314 // TODO now set token
317 // TODO this needs to be better
318 $sql = "select * from users";
320 $dbo = getDatabase();
321 $res = $dbo->query($sql);
325 foreach($res as $row) {
326 $users[$i]["username"] = $row["users_username"];
327 $users[$i]["realname"] = $row["users_realname"];
328 if($row["users_password"]!="") {
329 $users[$i]["haspass"] = true;
331 $users[$i]["haspass"] = false;
333 echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
334 if($row["users_tokendata"]!="") {
335 $users[$i]["hastoken"] = true;
337 $users[$i]["hastoken"] = false;
340 if($row["users_otk"]!="") {
341 $users[$i]["otk"] = $row["users_otk"];
343 $users[$i]["otk"] = "";
347 msg_send($cl_queue, MSG_GET_USERS, $users);
349 // TODO now set token