3 // TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
5 if(file_exists("config.php")) {
6 require_once("config.php");
8 // config file doesnt exist, we must abort sensibly
11 // get out master library for ga4php
12 require_once("../lib/lib.php");
16 // first we want to fork into the background like all good daemons should
17 //$pid = pcntl_fork();
23 // i am the parent, i shall leave
24 echo "i am a parent, i leave\n";
27 global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
29 $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
30 $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
37 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
39 case MSG_DELETE_USER_TOKEN:
40 $username = $msg["username"];
42 $sql = "select users_otk from users where users_username='$username'";
44 $res = $dbo->query($sql);
46 foreach($res as $row) {
47 $otkid = $row["users_otk"];
50 unlink("otks/$otkid.png");
53 $sql = "update users set users_tokendata='',users_otk='' where users_username='$username'";
55 $res = $dbo->query($sql);
57 msg_send($cl_queue, MSG_DELETE_USER_TOKEN, true);
59 case MSG_AUTH_USER_TOKEN:
60 echo "Call to auth user token\n";
61 // minimal checking, we leav it up to authenticateUser to do the real
63 if(!isset($msg["username"])) $msg["username"] = "";
64 if(!isset($msg["passcode"])) $msg["passcode"] = "";
65 $username = $msg["username"];
66 $passcode = $msg["passcode"];
68 $authval = $myga->authenticateUser($username, $passcode);
69 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
72 if(!isset($msg["username"])) {
73 msg_send($cl_queue, MSG_GET_OTK_ID, false);
75 $username = $msg["username"];
76 $sql = "select users_otk from users where users_username='$username'";
78 $res = $dbo->query($sql);
80 foreach($res as $row) {
81 $otkid = $row["users_otk"];
85 msg_send($cl_queue, MSG_GET_OTK_ID, false);
87 msg_send($cl_queue, MSG_GET_OTK_ID, $otkid);
92 if(!isset($msg["otk"])) {
93 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
96 $sql = "select users_username from users where users_otk='$otk'";
98 $res = $dbo->query($sql);
100 foreach($res as $row) {
101 $username = $row["users_username"];
104 if($username == "") {
105 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
106 } else if($username != $msg["username"]) {
107 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
109 $hand = fopen("otks/$otk.png", "rb");
110 $data = fread($hand, filesize("otks/$otk.png"));
112 unlink("otks/$otk.png");
113 $sql = "update users set users_otk='' where users_username='$username'";
115 error_log("senting otk, fsize: ".filesize("otks/$otk.png")." $otk ");
116 msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
121 case MSG_ADD_USER_TOKEN:
122 echo "Call to add user token\n";
123 if(!isset($msg["username"])) {
124 msg_send($cl_queue, MSG_ADD_USER_TOKEN, false);
126 $username = $msg["username"];
128 if(isset($msg["tokentype"])) {
129 $tokentype=$msg["tokentype"];
132 if(isset($msg["hexkey"])) {
133 $hexkey = $msg["hexkey"];
136 $myga->setUser($username, $tokentype, "", $hexkey);
138 $url = $myga->createUrl($username);
140 $otk = generateRandomString();
141 system("qrencode -o otks/$otk.png $url");
143 $sql = "update users set users_otk='$otk' where users_username='$username'";
144 $dbo = getDatabase();
145 $res = $dbo->query($sql);
147 msg_send($cl_queue, MSG_ADD_USER_TOKEN, true);
150 case MSG_DELETE_USER:
151 echo "Call to del user\n";
152 if(!isset($msg["username"])) {
153 msg_send($cl_queue, MSG_DELETE_USER, false);
155 $username = $msg["username"];
158 $sql = "select users_otk from users where users_username='$username'";
159 $dbo = getDatabase();
160 $res = $dbo->query($sql);
162 foreach($res as $row) {
163 $otkid = $row["users_otk"];
166 unlink("otks/$otkid.png");
170 $sql = "delete from users where users_username='$username'";
171 $dbo = getDatabase();
174 msg_send($cl_queue, MSG_DELETE_USER, true);
177 case MSG_AUTH_USER_PASSWORD:
179 echo "Call to auth user pass\n";
180 if(!isset($msg["username"])) {
181 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
184 if(!isset($msg["password"])) {
185 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
189 $username = $msg["username"];
190 $password = $msg["password"];
191 $sql = "select users_password from users where users_username='$username'";
192 $dbo = getDatabase();
193 $res = $dbo->query($sql);
195 foreach($res as $row) {
196 $pass = $row["users_password"];
200 $ourpass = hash('sha512', $password);
201 echo "ourpass: $ourpass\nourhash: $pass\n";
202 if($ourpass == $pass) {
203 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
206 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
211 case MSG_SET_USER_PASSWORD:
212 echo "how on earth is that happening Call to set user pass, wtf?\n";
215 if(!isset($msg["username"])) {
216 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
220 if(!isset($msg["password"])) {
221 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
226 $username = $msg["username"];
227 $password = $msg["password"];
229 echo "would set pass for $username, to $password\n";
230 if($password == "") $pass = "";
231 else $pass = hash('sha512', $password);
233 $dbo = getDatabase();
234 echo "in set user pass for $username, $pass\n";
235 $sql = "update users set users_password='$pass' where users_username='$username'";
239 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
242 // these are irrelavent yet
245 case MSG_SET_USER_REALNAME:
246 echo "Call to set user realname\n";
248 if(!isset($msg["username"])) {
249 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
252 if(!isset($msg["realname"])) {
253 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
257 $username = $msg["username"];
258 $realname = $msg["realname"];
259 $sql = "update users set users_realname='$realname' where users_username='$username'";
260 $dbo = getDatabase();
264 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
266 // TODO now set real name
268 case MSG_SET_USER_TOKEN:
270 echo "Call to set user token\n";
271 if(!isset($msg["username"])) {
272 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
275 if(!isset($msg["tokenstring"])) {
276 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
281 $username = $msg["username"];
282 $token = $msg["tokenstring"];
283 $return = $myga->setUserKey($username, $token);
284 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
286 // TODO now set token
288 case MSG_SET_USER_TOKEN_TYPE:
290 echo "Call to set user token type\n";
291 if(!isset($msg["username"])) {
292 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
295 if(!isset($msg["tokentype"])) {
296 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
300 $username = $msg["username"];
301 $tokentype = $msg["tokentype"];
303 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
305 // TODO now set token
308 // TODO this needs to be better
309 $sql = "select * from users";
311 $dbo = getDatabase();
312 $res = $dbo->query($sql);
316 foreach($res as $row) {
317 $users[$i]["username"] = $row["users_username"];
318 $users[$i]["realname"] = $row["users_realname"];
319 if($row["users_password"]!="") {
320 $users[$i]["haspass"] = true;
322 $users[$i]["haspass"] = false;
324 echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
325 if($row["users_tokendata"]!="") {
326 $users[$i]["hastoken"] = true;
328 $users[$i]["hastoken"] = false;
331 if($row["users_otk"]!="") {
332 $users[$i]["otk"] = $row["users_otk"];
334 $users[$i]["otk"] = "";
338 msg_send($cl_queue, MSG_GET_USERS, $users);
340 // TODO now set token