3 // TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
6 // get out master library for ga4php
7 require_once("../lib/lib.php");
11 // first we want to fork into the background like all good daemons should
12 //$pid = pcntl_fork();
18 // i am the parent, i shall leave
19 echo "i am a parent, i leave\n";
22 global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
24 $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
25 $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
32 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
34 case MSG_DELETE_USER_TOKEN:
35 $username = $msg["username"];
37 $sql = "select users_otk from users where users_username='$username'";
39 $res = $dbo->query($sql);
41 foreach($res as $row) {
42 $otkid = $row["users_otk"];
46 unlink("$BASE_DIR/authserver/authd/otks/$otkid.png");
49 $sql = "update users set users_tokendata='',users_otk='' where users_username='$username'";
51 $res = $dbo->query($sql);
53 msg_send($cl_queue, MSG_DELETE_USER_TOKEN, true);
55 case MSG_AUTH_USER_TOKEN:
56 echo "Call to auth user token\n";
57 // minimal checking, we leav it up to authenticateUser to do the real
59 if(!isset($msg["username"])) $msg["username"] = "";
60 if(!isset($msg["passcode"])) $msg["passcode"] = "";
61 $username = $msg["username"];
62 $passcode = $msg["passcode"];
64 $authval = $myga->authenticateUser($username, $passcode);
65 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
68 if(!isset($msg["username"])) {
69 msg_send($cl_queue, MSG_GET_OTK_ID, false);
71 $username = $msg["username"];
72 $sql = "select users_otk from users where users_username='$username'";
74 $res = $dbo->query($sql);
76 foreach($res as $row) {
77 $otkid = $row["users_otk"];
81 msg_send($cl_queue, MSG_GET_OTK_ID, false);
83 msg_send($cl_queue, MSG_GET_OTK_ID, $otkid);
88 if(!isset($msg["otk"])) {
89 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
92 $sql = "select users_username from users where users_otk='$otk'";
94 $res = $dbo->query($sql);
96 foreach($res as $row) {
97 $username = $row["users_username"];
100 if($username == "") {
101 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
102 } else if($username != $msg["username"]) {
103 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
106 $hand = fopen("$BASE_DIR/authserver/authd/otks/$otk.png", "rb");
107 $data = fread($hand, filesize("$BASE_DIR/authserver/authd/otks/$otk.png"));
109 unlink("$BASE_DIR/authserver/authd/otks/$otk.png");
110 $sql = "update users set users_otk='' where users_username='$username'";
112 error_log("senting otk, fsize: ".filesize("$BASE_DIR/authserver/authd/otks/$otk.png")." $otk ");
113 msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
119 if(!isset($msg["username"])) {
120 msg_send($cl_queue, MSG_SYNC_TOKEN, false);
122 $tokenone = $msg["tokenone"];
123 $tokentwo = $msg["tokentwo"];
125 msg_send($cl_queue, MSG_SYNC_TOKEN, $myga->resyncCode($msg["username"], $tokenone, $tokentwo));
129 case MSG_GET_TOKEN_TYPE:
130 if(!isset($msg["username"])) {
131 msg_send($cl_queue, MSG_GET_TOKEN_TYPE, false);
133 msg_send($cl_queue, MSG_GET_TOKEN_TYPE, $myga->getTokenType($msg["username"]));
136 case MSG_ADD_USER_TOKEN:
137 echo "Call to add user token\n";
138 if(!isset($msg["username"])) {
139 msg_send($cl_queue, MSG_ADD_USER_TOKEN, false);
142 $username = $msg["username"];
144 if(isset($msg["tokentype"])) {
145 $tokentype=$msg["tokentype"];
148 if(isset($msg["hexkey"])) {
149 $hexkey = $msg["hexkey"];
152 $myga->setUser($username, $tokentype, "", $hexkey);
154 $url = $myga->createUrl($username);
155 if(!file_exists("$BASE_DIR/authserver/authd/otks")) mkdir("$BASE_DIR/authserver/authd/otks");
156 $otk = generateRandomString();
157 system("qrencode -o $BASE_DIR/authserver/authd/otks/$otk.png $url");
159 $sql = "update users set users_otk='$otk' where users_username='$username'";
160 $dbo = getDatabase();
161 $res = $dbo->query($sql);
163 msg_send($cl_queue, MSG_ADD_USER_TOKEN, true);
166 case MSG_DELETE_USER:
167 echo "Call to del user\n";
168 if(!isset($msg["username"])) {
169 msg_send($cl_queue, MSG_DELETE_USER, false);
171 $username = $msg["username"];
174 $sql = "select users_otk from users where users_username='$username'";
175 $dbo = getDatabase();
176 $res = $dbo->query($sql);
178 foreach($res as $row) {
179 $otkid = $row["users_otk"];
182 unlink("otks/$otkid.png");
186 $sql = "delete from users where users_username='$username'";
187 $dbo = getDatabase();
190 msg_send($cl_queue, MSG_DELETE_USER, true);
193 case MSG_AUTH_USER_PASSWORD:
195 echo "Call to auth user pass\n";
196 if(!isset($msg["username"])) {
197 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
200 if(!isset($msg["password"])) {
201 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
205 $username = $msg["username"];
206 $password = $msg["password"];
207 $sql = "select users_password from users where users_username='$username'";
208 $dbo = getDatabase();
209 $res = $dbo->query($sql);
211 foreach($res as $row) {
212 $pass = $row["users_password"];
216 $ourpass = hash('sha512', $password);
217 echo "ourpass: $ourpass\nourhash: $pass\n";
218 if($ourpass == $pass) {
219 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
222 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
227 case MSG_SET_USER_PASSWORD:
228 echo "how on earth is that happening Call to set user pass, wtf?\n";
231 if(!isset($msg["username"])) {
232 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
236 if(!isset($msg["password"])) {
237 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
242 $username = $msg["username"];
243 $password = $msg["password"];
245 echo "would set pass for $username, to $password\n";
246 if($password == "") $pass = "";
247 else $pass = hash('sha512', $password);
249 $dbo = getDatabase();
250 echo "in set user pass for $username, $pass\n";
251 $sql = "update users set users_password='$pass' where users_username='$username'";
255 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
258 // these are irrelavent yet
261 case MSG_SET_USER_REALNAME:
262 echo "Call to set user realname\n";
264 if(!isset($msg["username"])) {
265 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
268 if(!isset($msg["realname"])) {
269 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
273 $username = $msg["username"];
274 $realname = $msg["realname"];
275 $sql = "update users set users_realname='$realname' where users_username='$username'";
276 $dbo = getDatabase();
280 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
282 // TODO now set real name
284 case MSG_SET_USER_TOKEN:
286 echo "Call to set user token\n";
287 if(!isset($msg["username"])) {
288 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
291 if(!isset($msg["tokenstring"])) {
292 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
297 $username = $msg["username"];
298 $token = $msg["tokenstring"];
299 $return = $myga->setUserKey($username, $token);
300 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
302 // TODO now set token
304 case MSG_SET_USER_TOKEN_TYPE:
306 echo "Call to set user token type\n";
307 if(!isset($msg["username"])) {
308 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
311 if(!isset($msg["tokentype"])) {
312 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
316 $username = $msg["username"];
317 $tokentype = $msg["tokentype"];
319 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
321 // TODO now set token
324 // TODO this needs to be better
325 $sql = "select * from users";
327 $dbo = getDatabase();
328 $res = $dbo->query($sql);
332 foreach($res as $row) {
333 $users[$i]["username"] = $row["users_username"];
334 $users[$i]["realname"] = $row["users_realname"];
335 if($row["users_password"]!="") {
336 $users[$i]["haspass"] = true;
338 $users[$i]["haspass"] = false;
340 echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
341 if($row["users_tokendata"]!="") {
342 $users[$i]["hastoken"] = true;
344 $users[$i]["hastoken"] = false;
347 if($row["users_otk"]!="") {
348 $users[$i]["otk"] = $row["users_otk"];
350 $users[$i]["otk"] = "";
354 msg_send($cl_queue, MSG_GET_USERS, $users);
356 // TODO now set token