3 // TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
5 if(file_exists("config.php")) {
6 require_once("config.php");
8 // config file doesnt exist, we must abort sensibly
11 // get out master library for ga4php
12 require_once("../lib/lib.php");
16 // first we want to fork into the background like all good daemons should
17 //$pid = pcntl_fork();
23 // i am the parent, i shall leave
24 echo "i am a parent, i leave\n";
27 global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
29 $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
30 $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
37 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
39 case MSG_AUTH_USER_TOKEN:
40 echo "Call to auth user token\n";
41 // minimal checking, we leav it up to authenticateUser to do the real
43 if(!isset($msg["username"])) $msg["username"] = "";
44 if(!isset($msg["passcode"])) $msg["passcode"] = "";
45 $username = $msg["username"];
46 $passcode = $msg["passcode"];
48 $authval = $myga->authenticateUser($username, $passcode);
49 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
53 if(!isset($msg["username"])) {
54 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
56 $username = $msg["username"];
57 $sql = "select users_otk from users where users_username='$username'";
59 $res = $dbo->query($sql);
61 foreach($res as $row) {
62 $otk = $row["users_otk"];
66 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
68 $hand = fopen("otks/$otk.png", "rb");
69 $data = fread($hand, filesize("otks/$otk.png"));
71 unlink("otks/$otk.png");
72 $sql = "update users set users_otk='' where users_username='$username'";
74 msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
79 case MSG_ADD_USER_TOKEN:
80 echo "Call to add user token\n";
81 if(!isset($msg["username"])) {
82 msg_send($cl_queue, MSG_ADD_USER_TOKEN, false);
84 $username = $msg["username"];
86 if(isset($msg["tokentype"])) {
90 if(isset($msg["hexkey"])) {
91 $hexkey = $msg["hexkey"];
94 $myga->setUser($username, $tokentype, "", $hexkey);
96 $url = $myga->createUrl($username);
98 $otk = generateRandomString();
99 system("qrencode -o otks/$otk.png $url");
101 $sql = "update users set users_otk='$otk' where users_username='$username'";
102 $dbo = getDatabase();
103 $res = $dbo->query($sql);
105 msg_send($cl_queue, MSG_ADD_USER_TOKEN, true);
108 case MSG_DELETE_USER:
109 echo "Call to del user\n";
110 if(!isset($msg["username"])) {
111 msg_send($cl_queue, MSG_DELETE_USER, false);
113 $username = $msg["username"];
115 $sql = "delete from users where users_username='$username'";
116 $dbo = getDatabase();
119 msg_send($cl_queue, MSG_DELETE_USER, true);
122 case MSG_AUTH_USER_PASSWORD:
124 echo "Call to auth user pass\n";
125 if(!isset($msg["username"])) {
126 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
129 if(!isset($msg["password"])) {
130 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
134 $username = $msg["username"];
135 $password = $msg["password"];
136 $sql = "select users_password from users where users_username='$username'";
137 $dbo = getDatabase();
138 $res = $dbo->query($sql);
140 foreach($res as $row) {
141 $pass = $row["users_password"];
145 $ourpass = hash('sha512', $password);
146 echo "ourpass: $ourpass\nourhash: $pass\n";
147 if($ourpass == $pass) {
148 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
151 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
156 case MSG_SET_USER_PASSWORD:
157 echo "how on earth is that happening Call to set user pass, wtf?\n";
160 if(!isset($msg["username"])) {
161 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
165 if(!isset($msg["password"])) {
166 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
171 $username = $msg["username"];
172 $password = $msg["password"];
174 echo "would set pass for $username, to $password\n";
175 if($password == "") $pass = "";
176 else $pass = hash('sha512', $password);
178 $dbo = getDatabase();
179 echo "in set user pass for $username, $pass\n";
180 $sql = "update users set users_password='$pass' where users_username='$username'";
184 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
187 // these are irrelavent yet
190 case MSG_SET_USER_REALNAME:
191 echo "Call to set user realname\n";
193 if(!isset($msg["username"])) {
194 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
197 if(!isset($msg["realname"])) {
198 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
202 $username = $msg["username"];
203 $realname = $msg["realname"];
204 $sql = "update users set users_realname='$realname' where users_username='$username'";
205 $dbo = getDatabase();
209 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
211 // TODO now set real name
213 case MSG_SET_USER_TOKEN:
215 echo "Call to set user token\n";
216 if(!isset($msg["username"])) {
217 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
220 if(!isset($msg["tokenstring"])) {
221 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
226 $username = $msg["username"];
227 $token = $msg["tokenstring"];
228 $return = $myga->setUserKey($username, $token);
229 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
231 // TODO now set token
233 case MSG_SET_USER_TOKEN_TYPE:
235 echo "Call to set user token type\n";
236 if(!isset($msg["username"])) {
237 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
240 if(!isset($msg["tokentype"])) {
241 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
245 $username = $msg["username"];
246 $tokentype = $msg["tokentype"];
248 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
250 // TODO now set token
253 // TODO this needs to be better
254 $sql = "select * from users";
256 $dbo = getDatabase();
257 $res = $dbo->query($sql);
261 foreach($res as $row) {
262 $users[$i]["username"] = $row["users_username"];
263 $users[$i]["realname"] = $row["users_realname"];
264 if($row["users_password"]!="") {
265 $users[$i]["haspass"] = true;
267 $users[$i]["haspass"] = false;
269 echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
270 if($row["users_tokendata"]!="") {
271 $users[$i]["hastoken"] = true;
273 $users[$i]["hastoken"] = false;
276 if($row["users_otk"]!="") {
277 $users[$i]["otk"] = $row["users_otk"];
279 $users[$i]["otk"] = "";
283 msg_send($cl_queue, MSG_GET_USERS, $users);
285 // TODO now set token