3 // TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
6 // get out master library for ga4php
7 require_once("../lib/lib.php");
11 // first we want to fork into the background like all good daemons should
12 //$pid = pcntl_fork();
18 // i am the parent, i shall leave
19 echo "i am a parent, i leave\n";
22 global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
24 $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
25 $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
32 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
34 case MSG_GET_RADIUS_CLIENTS:
35 $sql = "select * from radclients";
37 $res = $dbo->query($sql);
40 foreach($res as $row) {
41 // $sql = 'CREATE TABLE "radclients" ("rad_id" INTEGER PRIMARY KEY AUTOINCREMENT,"rad_name" TEXT, "rad_ip" TEXT, "rad_secret" TEXT, "rad_desc" TEXT);';
42 $clients[$i]["name"] = $row["rad_name"];
43 $clients[$i]["ip"] = $row["rad_ip"];
44 $clients[$i]["secret"] = $row["rad_secret"];
45 $clients[$i]["desc"] = $row["rad_desc"];
47 msg_send($cl_queue, MSG_GET_RADIUS_CLIENTS, $clients);
49 case MSG_REMOVE_RADIUS_CLIENT:
50 // it should send us a client by rad_name - doesnt work yet
51 $client = $msg["clientname"];
52 $sql = "delete from radclients where rad_name='$client'";
53 $res = $dbo->query($sql);
55 msg_send($cl_queue, MSG_REMOVE_RADIUS_CLIENT, true);
57 case MSG_ADD_RADIUS_CLIENT:
58 $client = $msg["clientname"];
59 $clientsecret = $msg["clientsecret"];
60 $clientip = $msg["clientip"];
61 $clientdesc = $msg["clientdescription"];
62 $sql = "insert into radclients values (NULL, '$client', '$clientip', '$clientsecret', '$clientdesc')";
64 msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, true);
66 case MSG_DELETE_USER_TOKEN:
67 $username = $msg["username"];
69 $sql = "select users_otk from users where users_username='$username'";
71 $res = $dbo->query($sql);
73 foreach($res as $row) {
74 $otkid = $row["users_otk"];
78 unlink("$BASE_DIR/authserver/authd/otks/$otkid.png");
81 $sql = "update users set users_tokendata='',users_otk='' where users_username='$username'";
83 $res = $dbo->query($sql);
85 msg_send($cl_queue, MSG_DELETE_USER_TOKEN, true);
87 case MSG_AUTH_USER_TOKEN:
88 echo "Call to auth user token\n";
89 // minimal checking, we leav it up to authenticateUser to do the real
91 if(!isset($msg["username"])) $msg["username"] = "";
92 if(!isset($msg["passcode"])) $msg["passcode"] = "";
93 $username = $msg["username"];
94 $passcode = $msg["passcode"];
96 $authval = $myga->authenticateUser($username, $passcode);
97 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
100 if(!isset($msg["username"])) {
101 msg_send($cl_queue, MSG_GET_OTK_ID, false);
103 $username = $msg["username"];
104 $sql = "select users_otk from users where users_username='$username'";
105 $dbo = getDatabase();
106 $res = $dbo->query($sql);
108 foreach($res as $row) {
109 $otkid = $row["users_otk"];
113 msg_send($cl_queue, MSG_GET_OTK_ID, false);
115 msg_send($cl_queue, MSG_GET_OTK_ID, $otkid);
119 case MSG_GET_OTK_PNG:
120 if(!isset($msg["otk"])) {
121 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
124 $sql = "select users_username from users where users_otk='$otk'";
125 $dbo = getDatabase();
126 $res = $dbo->query($sql);
128 foreach($res as $row) {
129 $username = $row["users_username"];
132 if($username == "") {
133 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
134 } else if($username != $msg["username"]) {
135 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
138 $hand = fopen("$BASE_DIR/authserver/authd/otks/$otk.png", "rb");
139 $data = fread($hand, filesize("$BASE_DIR/authserver/authd/otks/$otk.png"));
141 unlink("$BASE_DIR/authserver/authd/otks/$otk.png");
142 $sql = "update users set users_otk='' where users_username='$username'";
144 error_log("senting otk, fsize: ".filesize("$BASE_DIR/authserver/authd/otks/$otk.png")." $otk ");
145 msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
151 if(!isset($msg["username"])) {
152 msg_send($cl_queue, MSG_SYNC_TOKEN, false);
154 $tokenone = $msg["tokenone"];
155 $tokentwo = $msg["tokentwo"];
157 msg_send($cl_queue, MSG_SYNC_TOKEN, $myga->resyncCode($msg["username"], $tokenone, $tokentwo));
161 case MSG_GET_TOKEN_TYPE:
162 if(!isset($msg["username"])) {
163 msg_send($cl_queue, MSG_GET_TOKEN_TYPE, false);
165 msg_send($cl_queue, MSG_GET_TOKEN_TYPE, $myga->getTokenType($msg["username"]));
168 case MSG_ADD_USER_TOKEN:
169 echo "Call to add user token\n";
170 if(!isset($msg["username"])) {
171 msg_send($cl_queue, MSG_ADD_USER_TOKEN, false);
174 $username = $msg["username"];
176 if(isset($msg["tokentype"])) {
177 $tokentype=$msg["tokentype"];
180 if(isset($msg["hexkey"])) {
181 $hexkey = $msg["hexkey"];
184 $myga->setUser($username, $tokentype, "", $hexkey);
186 $url = $myga->createUrl($username);
187 if(!file_exists("$BASE_DIR/authserver/authd/otks")) mkdir("$BASE_DIR/authserver/authd/otks");
188 $otk = generateRandomString();
189 system("qrencode -o $BASE_DIR/authserver/authd/otks/$otk.png $url");
191 $sql = "update users set users_otk='$otk' where users_username='$username'";
192 $dbo = getDatabase();
193 $res = $dbo->query($sql);
195 msg_send($cl_queue, MSG_ADD_USER_TOKEN, true);
198 case MSG_DELETE_USER:
199 echo "Call to del user\n";
200 if(!isset($msg["username"])) {
201 msg_send($cl_queue, MSG_DELETE_USER, false);
203 $username = $msg["username"];
206 $sql = "select users_otk from users where users_username='$username'";
207 $dbo = getDatabase();
208 $res = $dbo->query($sql);
210 foreach($res as $row) {
211 $otkid = $row["users_otk"];
214 unlink("otks/$otkid.png");
218 $sql = "delete from users where users_username='$username'";
219 $dbo = getDatabase();
222 msg_send($cl_queue, MSG_DELETE_USER, true);
225 case MSG_AUTH_USER_PASSWORD:
227 echo "Call to auth user pass\n";
228 if(!isset($msg["username"])) {
229 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
232 if(!isset($msg["password"])) {
233 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
237 $username = $msg["username"];
238 $password = $msg["password"];
239 $sql = "select users_password from users where users_username='$username'";
240 $dbo = getDatabase();
241 $res = $dbo->query($sql);
243 foreach($res as $row) {
244 $pass = $row["users_password"];
248 $ourpass = hash('sha512', $password);
249 echo "ourpass: $ourpass\nourhash: $pass\n";
250 if($ourpass == $pass) {
251 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
254 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
259 case MSG_SET_USER_PASSWORD:
260 echo "how on earth is that happening Call to set user pass, wtf?\n";
263 if(!isset($msg["username"])) {
264 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
268 if(!isset($msg["password"])) {
269 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
274 $username = $msg["username"];
275 $password = $msg["password"];
277 echo "would set pass for $username, to $password\n";
278 if($password == "") $pass = "";
279 else $pass = hash('sha512', $password);
281 $dbo = getDatabase();
282 echo "in set user pass for $username, $pass\n";
283 $sql = "update users set users_password='$pass' where users_username='$username'";
287 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
290 // these are irrelavent yet
293 case MSG_SET_USER_REALNAME:
294 echo "Call to set user realname\n";
296 if(!isset($msg["username"])) {
297 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
300 if(!isset($msg["realname"])) {
301 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
305 $username = $msg["username"];
306 $realname = $msg["realname"];
307 $sql = "update users set users_realname='$realname' where users_username='$username'";
308 $dbo = getDatabase();
312 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
314 // TODO now set real name
316 case MSG_SET_USER_TOKEN:
318 echo "Call to set user token\n";
319 if(!isset($msg["username"])) {
320 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
323 if(!isset($msg["tokenstring"])) {
324 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
329 $username = $msg["username"];
330 $token = $msg["tokenstring"];
331 $return = $myga->setUserKey($username, $token);
332 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
334 // TODO now set token
336 case MSG_SET_USER_TOKEN_TYPE:
338 echo "Call to set user token type\n";
339 if(!isset($msg["username"])) {
340 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
343 if(!isset($msg["tokentype"])) {
344 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
348 $username = $msg["username"];
349 $tokentype = $msg["tokentype"];
351 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
353 // TODO now set token
356 // TODO this needs to be better
357 $sql = "select * from users";
359 $dbo = getDatabase();
360 $res = $dbo->query($sql);
364 foreach($res as $row) {
365 $users[$i]["username"] = $row["users_username"];
366 $users[$i]["realname"] = $row["users_realname"];
367 if($row["users_password"]!="") {
368 $users[$i]["haspass"] = true;
370 $users[$i]["haspass"] = false;
372 echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
373 if($row["users_tokendata"]!="") {
374 $users[$i]["hastoken"] = true;
376 $users[$i]["hastoken"] = false;
379 if($row["users_otk"]!="") {
380 $users[$i]["otk"] = $row["users_otk"];
382 $users[$i]["otk"] = "";
386 msg_send($cl_queue, MSG_GET_USERS, $users);
388 // TODO now set token