3 // TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
6 // get out master library for ga4php
7 require_once("../lib/lib.php");
11 // first we want to fork into the background like all good daemons should
12 //$pid = pcntl_fork();
18 // i am the parent, i shall leave
19 echo "i am a parent, i leave\n";
22 global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
24 $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
25 $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
32 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
33 echo "got message of type $msg_type\n";
35 case MSG_GET_RADIUS_CLIENTS:
36 $sql = "select * from radclients";
38 $res = $dbo->query($sql);
41 foreach($res as $row) {
42 // $sql = 'CREATE TABLE "radclients" ("rad_id" INTEGER PRIMARY KEY AUTOINCREMENT,"rad_name" TEXT, "rad_ip" TEXT, "rad_secret" TEXT, "rad_desc" TEXT);';
43 $clients[$i]["name"] = $row["rad_name"];
44 $clients[$i]["ip"] = $row["rad_ip"];
45 $clients[$i]["secret"] = $row["rad_secret"];
46 $clients[$i]["desc"] = $row["rad_desc"];
48 msg_send($cl_queue, MSG_GET_RADIUS_CLIENTS, $clients);
50 case MSG_REMOVE_RADIUS_CLIENT:
51 // it should send us a client by rad_name - doesnt work yet
52 $client = $msg["clientname"];
53 $sql = "delete from radclients where rad_name='$client'";
55 $res = $dbo->query($sql);
57 msg_send($cl_queue, MSG_REMOVE_RADIUS_CLIENT, true);
59 case MSG_ADD_RADIUS_CLIENT:
60 echo "in addradclient\n";
61 $client = $msg["clientname"];
62 $clientsecret = $msg["clientsecret"];
63 $clientip = $msg["clientip"];
64 $clientdesc = $msg["clientdescription"];
65 $sql = "insert into radclients values (NULL, '$client', '$clientip', '$clientsecret', '$clientdesc')";
67 $res = $dbo->query($sql);
69 msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, true);
71 case MSG_DELETE_USER_TOKEN:
72 $username = $msg["username"];
74 $sql = "select users_otk from users where users_username='$username'";
76 $res = $dbo->query($sql);
78 foreach($res as $row) {
79 $otkid = $row["users_otk"];
83 unlink("$BASE_DIR/authserver/authd/otks/$otkid.png");
86 $sql = "update users set users_tokendata='',users_otk='' where users_username='$username'";
88 $res = $dbo->query($sql);
90 msg_send($cl_queue, MSG_DELETE_USER_TOKEN, true);
92 case MSG_AUTH_USER_TOKEN:
93 echo "Call to auth user token\n";
94 // minimal checking, we leav it up to authenticateUser to do the real
96 if(!isset($msg["username"])) $msg["username"] = "";
97 if(!isset($msg["passcode"])) $msg["passcode"] = "";
98 $username = $msg["username"];
99 $passcode = $msg["passcode"];
101 $authval = $myga->authenticateUser($username, $passcode);
102 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
105 if(!isset($msg["username"])) {
106 msg_send($cl_queue, MSG_GET_OTK_ID, false);
108 $username = $msg["username"];
109 $sql = "select users_otk from users where users_username='$username'";
110 $dbo = getDatabase();
111 $res = $dbo->query($sql);
113 foreach($res as $row) {
114 $otkid = $row["users_otk"];
118 msg_send($cl_queue, MSG_GET_OTK_ID, false);
120 msg_send($cl_queue, MSG_GET_OTK_ID, $otkid);
124 case MSG_GET_OTK_PNG:
125 if(!isset($msg["otk"])) {
126 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
129 $sql = "select users_username from users where users_otk='$otk'";
130 $dbo = getDatabase();
131 $res = $dbo->query($sql);
133 foreach($res as $row) {
134 $username = $row["users_username"];
137 if($username == "") {
138 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
139 } else if($username != $msg["username"]) {
140 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
143 $hand = fopen("$BASE_DIR/authserver/authd/otks/$otk.png", "rb");
144 $data = fread($hand, filesize("$BASE_DIR/authserver/authd/otks/$otk.png"));
146 unlink("$BASE_DIR/authserver/authd/otks/$otk.png");
147 $sql = "update users set users_otk='' where users_username='$username'";
149 error_log("senting otk, fsize: ".filesize("$BASE_DIR/authserver/authd/otks/$otk.png")." $otk ");
150 msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
156 if(!isset($msg["username"])) {
157 msg_send($cl_queue, MSG_SYNC_TOKEN, false);
159 $tokenone = $msg["tokenone"];
160 $tokentwo = $msg["tokentwo"];
162 msg_send($cl_queue, MSG_SYNC_TOKEN, $myga->resyncCode($msg["username"], $tokenone, $tokentwo));
166 case MSG_GET_TOKEN_TYPE:
167 if(!isset($msg["username"])) {
168 msg_send($cl_queue, MSG_GET_TOKEN_TYPE, false);
170 msg_send($cl_queue, MSG_GET_TOKEN_TYPE, $myga->getTokenType($msg["username"]));
173 case MSG_ADD_USER_TOKEN:
174 echo "Call to add user token\n";
175 if(!isset($msg["username"])) {
176 msg_send($cl_queue, MSG_ADD_USER_TOKEN, false);
179 $username = $msg["username"];
181 if(isset($msg["tokentype"])) {
182 $tokentype=$msg["tokentype"];
185 if(isset($msg["hexkey"])) {
186 $hexkey = $msg["hexkey"];
189 $myga->setUser($username, $tokentype, "", $hexkey);
191 $url = $myga->createUrl($username);
192 if(!file_exists("$BASE_DIR/authserver/authd/otks")) mkdir("$BASE_DIR/authserver/authd/otks");
193 $otk = generateRandomString();
194 system("qrencode -o $BASE_DIR/authserver/authd/otks/$otk.png $url");
196 $sql = "update users set users_otk='$otk' where users_username='$username'";
197 $dbo = getDatabase();
198 $res = $dbo->query($sql);
200 msg_send($cl_queue, MSG_ADD_USER_TOKEN, true);
203 case MSG_DELETE_USER:
204 echo "Call to del user\n";
205 if(!isset($msg["username"])) {
206 msg_send($cl_queue, MSG_DELETE_USER, false);
208 $username = $msg["username"];
211 $sql = "select users_otk from users where users_username='$username'";
212 $dbo = getDatabase();
213 $res = $dbo->query($sql);
215 foreach($res as $row) {
216 $otkid = $row["users_otk"];
219 unlink("otks/$otkid.png");
223 $sql = "delete from users where users_username='$username'";
224 $dbo = getDatabase();
227 msg_send($cl_queue, MSG_DELETE_USER, true);
230 case MSG_AUTH_USER_PASSWORD:
232 echo "Call to auth user pass\n";
233 if(!isset($msg["username"])) {
234 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
237 if(!isset($msg["password"])) {
238 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
242 $username = $msg["username"];
243 $password = $msg["password"];
244 $sql = "select users_password from users where users_username='$username'";
245 $dbo = getDatabase();
246 $res = $dbo->query($sql);
248 foreach($res as $row) {
249 $pass = $row["users_password"];
253 $ourpass = hash('sha512', $password);
254 echo "ourpass: $ourpass\nourhash: $pass\n";
255 if($ourpass == $pass) {
256 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
259 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
264 case MSG_SET_USER_PASSWORD:
265 echo "how on earth is that happening Call to set user pass, wtf?\n";
268 if(!isset($msg["username"])) {
269 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
273 if(!isset($msg["password"])) {
274 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
279 $username = $msg["username"];
280 $password = $msg["password"];
282 echo "would set pass for $username, to $password\n";
283 if($password == "") $pass = "";
284 else $pass = hash('sha512', $password);
286 $dbo = getDatabase();
287 echo "in set user pass for $username, $pass\n";
288 $sql = "update users set users_password='$pass' where users_username='$username'";
292 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
295 // these are irrelavent yet
298 case MSG_SET_USER_REALNAME:
299 echo "Call to set user realname\n";
301 if(!isset($msg["username"])) {
302 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
305 if(!isset($msg["realname"])) {
306 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
310 $username = $msg["username"];
311 $realname = $msg["realname"];
312 $sql = "update users set users_realname='$realname' where users_username='$username'";
313 $dbo = getDatabase();
317 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
319 // TODO now set real name
321 case MSG_SET_USER_TOKEN:
323 echo "Call to set user token\n";
324 if(!isset($msg["username"])) {
325 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
328 if(!isset($msg["tokenstring"])) {
329 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
334 $username = $msg["username"];
335 $token = $msg["tokenstring"];
336 $return = $myga->setUserKey($username, $token);
337 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
339 // TODO now set token
341 case MSG_SET_USER_TOKEN_TYPE:
343 echo "Call to set user token type\n";
344 if(!isset($msg["username"])) {
345 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
348 if(!isset($msg["tokentype"])) {
349 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
353 $username = $msg["username"];
354 $tokentype = $msg["tokentype"];
356 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
358 // TODO now set token
361 // TODO this needs to be better
362 $sql = "select * from users";
364 $dbo = getDatabase();
365 $res = $dbo->query($sql);
369 foreach($res as $row) {
370 $users[$i]["username"] = $row["users_username"];
371 $users[$i]["realname"] = $row["users_realname"];
372 if($row["users_password"]!="") {
373 $users[$i]["haspass"] = true;
375 $users[$i]["haspass"] = false;
377 echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
378 if($row["users_tokendata"]!="") {
379 $users[$i]["hastoken"] = true;
381 $users[$i]["hastoken"] = false;
384 if($row["users_otk"]!="") {
385 $users[$i]["otk"] = $row["users_otk"];
387 $users[$i]["otk"] = "";
391 msg_send($cl_queue, MSG_GET_USERS, $users);
393 // TODO now set token