projects / ga4php.git / blob
? search:


bd102671f08be372522e883e8dc04d7f7de3a6c3
[ga4php.git] / authserver / authd / authd.php
1 <?php
2
3 if(file_exists("config.php")) {
4         require_once("config.php");
5 } else {
6         // config file doesnt exist, we must abort sensibly
7 }
8
9 // get out master library for ga4php
10 require_once("../lib/lib.php");
11
12         
13 //exit(0);
14 // first we want to fork into the background like all good daemons should
15 //$pid = pcntl_fork();
16 $pid = 0;
17
18 if($pid == -1) {
19         
20 } else if($pid) {
21         // i am the parent, i shall leave
22         echo "i am a parent, i leave\n";
23         exit(0);
24 } else {
25         global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
26         
27         $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
28         $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
29
30         $myga = new gaasGA();
31         global $myga;
32         
33         
34         print_r($myga);
35         
36         while(true) {
37                 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
38                 print_r($msg);
39                 switch($msg_type) {
40                         case MSG_AUTH_USER_TOKEN:
41                                 echo "Call to auth user token\n";
42                                 // minimal checking, we leav it up to authenticateUser to do the real
43                                 // checking
44                                 if(!isset($msg["username"])) $msg["username"] = "";
45                                 if(!isset($msg["passcode"])) $msg["passcode"] = "";
46                                 $username = $msg["username"];
47                                 $passcode = $msg["passcode"];
48                                 global $myga;
49                                 $authval = $myga->authenticateUser($username, $passcode);
50                                 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
51                                 break;
52                                 
53                         case MSG_GET_OTK_PNG:
54                                 if(!isset($msg["username"])) {
55                                         msg_send($cl_queue, MSG_GET_OTK_PNG, false);
56                                 } else {
57                                         $username = $msg["username"];
58                                         $sql = "select users_otk from users where users_username='$username'";
59                                         $dbo = getDatabase();
60                                         $res = $dbo->query($sql);
61                                         $otk = "";
62                                         foreach($res as $row) {
63                                                 $otk = $row["users_otk"];
64                                         }
65                                         
66                                         if($otk == "") {
67                                                 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
68                                         } else {
69                                                 $hand = fopen("otks/$otk.png", "rb");
70                                                 $data = fread($hand, filesize("otks/$otk.png"));
71                                                 fclose($hand);
72                                                 msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
73                                                 unlink("otks/$otk.png");
74                                                 $sql = "update users set users_otk='' where users_username='$username'";
75                                                 $dbo->query($sql);
76                                         }
77                                 }
78                                 
79                                 break;
80                         case MSG_ADD_USER_TOKEN:
81                                 echo "Call to add user token\n";
82                                 if(!isset($msg["username"])) {
83                                         msg_send($cl_queue, MSG_ADD_USER_TOKEN, false); 
84                                 } else {
85                                         $username = $msg["username"];
86                                         $tokentype="HOTP";
87                                         if(isset($msg["tokentype"])) {
88                                                 $tokentype="HOTP";
89                                         }
90                                         $hexkey = "";
91                                         if(isset($msg["hexkey"])) {
92                                                 $hexkey = $msg["hexkey"];
93                                         }
94                                         global $myga;
95                                         $myga->setUser($username, $tokentype, "", $hexkey);
96                                         
97                                         $url = $myga->createUrl($username);
98                                         mkdir("otks");
99                                         $otk = generateRandomString();
100                                         system("qrencode -o otks/$otk.png $url");
101                                         
102                                         $sql = "update users set users_otk='$otk' where users_username='$username'";
103                                         $dbo = getDatabase();
104                                         $res = $dbo->query($sql);
105                                         
106                                         msg_send($cl_queue, MSG_ADD_USER_TOKEN, true);
107                                 }
108                                 break;
109                         case MSG_DELETE_USER:
110                                 echo "Call to del user\n";
111                                 if(!isset($msg["username"])) {
112                                         msg_send($cl_queue, MSG_DELETE_USER, false);    
113                                 } else {
114                                         $username = $msg["username"];                           
115                                         global $myga;
116                                         $sql = "delete from users where users_username='$username'";
117                                         $dbo = getDatabase();
118                                         $dbo->query($sql);
119
120                                         msg_send($cl_queue, MSG_DELETE_USER, true);
121                                 }
122                                 break;
123                         case MSG_AUTH_USER_PASSWORD:
124                                 // TODO
125                                 echo "Call to auth user pass\n";
126                                 if(!isset($msg["username"])) {
127                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
128                                         break;
129                                 }
130                                 if(!isset($msg["password"])) {
131                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
132                                         break;
133                                 }
134                                 
135                                 $username = $msg["username"];
136                                 $password = $msg["password"];
137                                 $sql = "select users_password from users where users_username='$username'";
138                                 $dbo = getDatabase();
139                                 $res = $dbo->query($sql);
140                                 $pass = "";
141                                 foreach($res as $row) {
142                                         $pass = $row["users_password"];
143                                 }
144                                 
145                                 // TODO now do auth
146                                 $ourpass = hash('sha512', $password);
147                                 echo "ourpass: $ourpass\nourhash: $pass\n";
148                                 if($ourpass == $pass) {
149                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
150                                         
151                                 } else {
152                                         msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
153                                         
154                                 }
155                                 
156                                 break;
157                         case MSG_SET_USER_PASSWORD:
158                                 echo "Call to set user pass\n";
159                                 // TODO
160                                 if(!isset($msg["username"])) {
161                                         msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
162                                         break;
163                                 }
164                                 if(!isset($msg["password"])) {
165                                         msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
166                                         break;
167                                 }
168                                 
169                                 $username = $msg["username"];
170                                 $password = $msg["password"];
171                                 
172                                 $pass = hash('sha512', $password);
173                                 
174                                 $dbo = getDatabase();
175                                 $sql = "update users set users_password='$pass' where users_username='$username'";
176                                 
177                                 $dbo->query($sql);
178
179                                 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
180                                 
181                                 
182                                 // these are irrelavent yet
183                                 // TODO now set pass
184                                 break;
185                         case MSG_SET_USER_REALNAME:
186                                 echo "Call to set user realname\n";
187                                 // TODO
188                                 if(!isset($msg["username"])) {
189                                         msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
190                                         break;
191                                 }
192                                 if(!isset($msg["realname"])) {
193                                         msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
194                                         break;
195                                 }
196                                 
197                                 $username = $msg["username"];
198                                 $realname = $msg["realname"];
199                                 $sql = "update users set users_realname='$realname' where users_username='$username'";
200                                 $dbo = getDatabase();
201                                 
202                                 $dbo->query($sql);
203
204                                 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
205                                 
206                                 // TODO now set real name
207                                 break;
208                         case MSG_SET_USER_TOKEN:
209                                 // TODO
210                                 echo "Call to set user token\n";
211                                 if(!isset($msg["username"])) {
212                                         msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
213                                         break;
214                                 }
215                                 if(!isset($msg["tokenstring"])) {
216                                         msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
217                                         break;
218                                 }
219                                 
220                                 global $myga;
221                                 $username = $msg["username"];
222                                 $token = $msg["tokenstring"];
223                                 $return = $myga->setUserKey($username, $token);
224                                 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
225                                 
226                                 // TODO now set token 
227                                 break;                  
228                         case MSG_SET_USER_TOKEN_TYPE:
229                                 // TODO
230                                 echo "Call to set user token type\n";
231                                 if(!isset($msg["username"])) {
232                                         msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
233                                         break;
234                                 }
235                                 if(!isset($msg["tokentype"])) {
236                                         msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
237                                         break;
238                                 }
239                                 
240                                 $username = $msg["username"];
241                                 $tokentype = $msg["tokentype"];
242                                 global $myga;
243                                 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
244                                 
245                                 // TODO now set token 
246                                 break;
247                         case MSG_GET_USERS:
248                                 // TODO this needs to be better
249                                 $sql = "select * from users";
250                                 
251                                 $dbo = getDatabase();
252                                 $res = $dbo->query($sql);
253                                 
254                                 $users = "";
255                                 $i = 0;
256                                 foreach($res as $row) {
257                                         $users[$i]["username"] = $row["users_username"];
258                                         $users[$i]["realname"] = $row["users_realname"];
259                                         if($row["users_password"]!="") {
260                                                 $users[$i]["haspass"] = true;
261                                         } else {
262                                                 $users[$i]["haspass"] = false;
263                                         }
264                                         echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
265                                         if($row["users_tokendata"]!="") {
266                                                 $users[$i]["hastoken"] = true;
267                                         } else {
268                                                 $users[$i]["hastoken"] = false;
269                                         }
270                                         $i++; 
271                                 }
272                                 msg_send($cl_queue, MSG_GET_USERS, $users);
273                                 
274                                 // TODO now set token 
275                                 break;
276                                 
277                 }               
278         }       
279 }
280
281 ?>
Unnamed repository; edit this file 'description' to name the repository.