3 // TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
6 // get out master library for ga4php
7 require_once("../lib/lib.php");
11 // first we want to fork into the background like all good daemons should
12 //$pid = pcntl_fork();
18 // i am the parent, i shall leave
19 echo "i am a parent, i leave\n";
22 global $MSG_QUEUE_KEY_ID_SERVER, $MSG_QUEUE_KEY_ID_CLIENT;
24 $cl_queue = msg_get_queue($MSG_QUEUE_KEY_ID_CLIENT, 0666 | 'IPC_CREAT');
25 $sr_queue = msg_get_queue($MSG_QUEUE_KEY_ID_SERVER, 0666 | 'IPC_CREAT');
32 msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
33 echo "got message of type $msg_type\n";
35 case MSG_GET_RADIUS_CLIENTS:
36 $sql = "select * from radclients";
38 $res = $dbo->query($sql);
41 foreach($res as $row) {
42 // $sql = 'CREATE TABLE "radclients" ("rad_id" INTEGER PRIMARY KEY AUTOINCREMENT,"rad_name" TEXT, "rad_ip" TEXT, "rad_secret" TEXT, "rad_desc" TEXT);';
43 $clients[$i]["name"] = $row["rad_name"];
44 $clients[$i]["ip"] = $row["rad_ip"];
45 $clients[$i]["secret"] = $row["rad_secret"];
46 $clients[$i]["desc"] = $row["rad_desc"];
49 msg_send($cl_queue, MSG_GET_RADIUS_CLIENTS, $clients);
51 case MSG_REMOVE_RADIUS_CLIENT:
52 // it should send us a client by rad_name - doesnt work yet
53 $client = $msg["clientname"];
54 $sql = "delete from radclients where rad_name='$client'";
56 $res = $dbo->query($sql);
58 msg_send($cl_queue, MSG_REMOVE_RADIUS_CLIENT, true);
60 case MSG_ADD_RADIUS_CLIENT:
61 echo "in addradclient\n";
62 $client = $msg["clientname"];
63 $clientsecret = $msg["clientsecret"];
64 $clientip = $msg["clientip"];
65 $clientdesc = $msg["clientdescription"];
68 // check for existing clients with same name
69 $sql = "select * from radclients where rad_name='$client'";
70 echo "doing select, $sql\n";
71 $res = $dbo->query($sql);
72 if($res->fetchColumn() > 0) {
73 msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, "name");
76 // check for existing clients with same ip
77 $sql = "select * from radclients where rad_ip='$clientip'";
78 $res = $dbo->query($sql);
79 echo "doing select, $sql\n";
80 if($res->fetchColumn() > 0) {
81 msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, "ip");
84 $sql = "insert into radclients values (NULL, '$client', '$clientip', '$clientsecret', '$clientdesc')";
85 $res = $dbo->query($sql);
87 msg_send($cl_queue, MSG_ADD_RADIUS_CLIENT, true);
92 case MSG_DELETE_USER_TOKEN:
93 $username = $msg["username"];
95 $sql = "select users_otk from users where users_username='$username'";
97 $res = $dbo->query($sql);
99 foreach($res as $row) {
100 $otkid = $row["users_otk"];
104 unlink("$BASE_DIR/authserver/authd/otks/$otkid.png");
107 $sql = "update users set users_tokendata='',users_otk='' where users_username='$username'";
108 $dbo = getDatabase();
109 $res = $dbo->query($sql);
111 msg_send($cl_queue, MSG_DELETE_USER_TOKEN, true);
113 case MSG_AUTH_USER_TOKEN:
114 echo "Call to auth user token\n";
115 // minimal checking, we leav it up to authenticateUser to do the real
117 if(!isset($msg["username"])) $msg["username"] = "";
118 if(!isset($msg["passcode"])) $msg["passcode"] = "";
119 $username = $msg["username"];
120 $passcode = $msg["passcode"];
122 $authval = $myga->authenticateUser($username, $passcode);
123 msg_send($cl_queue, MSG_AUTH_USER_TOKEN, $authval);
126 if(!isset($msg["username"])) {
127 msg_send($cl_queue, MSG_GET_OTK_ID, false);
129 $username = $msg["username"];
130 $sql = "select users_otk from users where users_username='$username'";
131 $dbo = getDatabase();
132 $res = $dbo->query($sql);
134 foreach($res as $row) {
135 $otkid = $row["users_otk"];
139 msg_send($cl_queue, MSG_GET_OTK_ID, false);
141 msg_send($cl_queue, MSG_GET_OTK_ID, $otkid);
145 case MSG_GET_OTK_PNG:
146 if(!isset($msg["otk"])) {
147 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
150 $sql = "select users_username from users where users_otk='$otk'";
151 $dbo = getDatabase();
152 $res = $dbo->query($sql);
154 foreach($res as $row) {
155 $username = $row["users_username"];
158 if($username == "") {
159 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
160 } else if($username != $msg["username"]) {
161 msg_send($cl_queue, MSG_GET_OTK_PNG, false);
164 $hand = fopen("$BASE_DIR/authserver/authd/otks/$otk.png", "rb");
165 $data = fread($hand, filesize("$BASE_DIR/authserver/authd/otks/$otk.png"));
167 unlink("$BASE_DIR/authserver/authd/otks/$otk.png");
168 $sql = "update users set users_otk='' where users_username='$username'";
170 error_log("senting otk, fsize: ".filesize("$BASE_DIR/authserver/authd/otks/$otk.png")." $otk ");
171 msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
177 if(!isset($msg["username"])) {
178 msg_send($cl_queue, MSG_SYNC_TOKEN, false);
180 $tokenone = $msg["tokenone"];
181 $tokentwo = $msg["tokentwo"];
183 msg_send($cl_queue, MSG_SYNC_TOKEN, $myga->resyncCode($msg["username"], $tokenone, $tokentwo));
187 case MSG_GET_TOKEN_TYPE:
188 if(!isset($msg["username"])) {
189 msg_send($cl_queue, MSG_GET_TOKEN_TYPE, false);
191 msg_send($cl_queue, MSG_GET_TOKEN_TYPE, $myga->getTokenType($msg["username"]));
194 case MSG_ADD_USER_TOKEN:
195 echo "Call to add user token\n";
196 if(!isset($msg["username"])) {
197 msg_send($cl_queue, MSG_ADD_USER_TOKEN, false);
200 $username = $msg["username"];
202 if(isset($msg["tokentype"])) {
203 $tokentype=$msg["tokentype"];
206 if(isset($msg["hexkey"])) {
207 $hexkey = $msg["hexkey"];
210 $myga->setUser($username, $tokentype, "", $hexkey);
212 $url = $myga->createUrl($username);
213 echo "Url was: $url\n";
214 if(!file_exists("$BASE_DIR/authserver/authd/otks")) mkdir("$BASE_DIR/authserver/authd/otks");
215 $otk = generateRandomString();
216 system("qrencode -o $BASE_DIR/authserver/authd/otks/$otk.png '$url'");
218 $sql = "update users set users_otk='$otk' where users_username='$username'";
219 $dbo = getDatabase();
220 $res = $dbo->query($sql);
222 msg_send($cl_queue, MSG_ADD_USER_TOKEN, true);
225 case MSG_DELETE_USER:
226 echo "Call to del user\n";
227 if(!isset($msg["username"])) {
228 msg_send($cl_queue, MSG_DELETE_USER, false);
230 $username = $msg["username"];
233 $sql = "select users_otk from users where users_username='$username'";
234 $dbo = getDatabase();
235 $res = $dbo->query($sql);
237 foreach($res as $row) {
238 $otkid = $row["users_otk"];
241 unlink("otks/$otkid.png");
245 $sql = "delete from users where users_username='$username'";
246 $dbo = getDatabase();
249 msg_send($cl_queue, MSG_DELETE_USER, true);
252 case MSG_AUTH_USER_PASSWORD:
254 echo "Call to auth user pass\n";
255 if(!isset($msg["username"])) {
256 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
259 if(!isset($msg["password"])) {
260 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
264 $username = $msg["username"];
265 $password = $msg["password"];
266 $sql = "select users_password from users where users_username='$username'";
267 $dbo = getDatabase();
268 $res = $dbo->query($sql);
270 foreach($res as $row) {
271 $pass = $row["users_password"];
275 $ourpass = hash('sha512', $password);
276 echo "ourpass: $ourpass\nourhash: $pass\n";
277 if($ourpass == $pass) {
278 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, true);
281 msg_send($cl_queue, MSG_AUTH_USER_PASSWORD, false);
286 case MSG_SET_USER_PASSWORD:
287 echo "how on earth is that happening Call to set user pass, wtf?\n";
290 if(!isset($msg["username"])) {
291 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
295 if(!isset($msg["password"])) {
296 msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
301 $username = $msg["username"];
302 $password = $msg["password"];
304 echo "would set pass for $username, to $password\n";
305 if($password == "") $pass = "";
306 else $pass = hash('sha512', $password);
308 $dbo = getDatabase();
309 echo "in set user pass for $username, $pass\n";
310 $sql = "update users set users_password='$pass' where users_username='$username'";
314 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
317 // these are irrelavent yet
320 case MSG_SET_USER_REALNAME:
321 echo "Call to set user realname\n";
323 if(!isset($msg["username"])) {
324 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
327 if(!isset($msg["realname"])) {
328 msg_send($cl_queue, MSG_SET_USER_REALNAME, false);
332 $username = $msg["username"];
333 $realname = $msg["realname"];
334 $sql = "update users set users_realname='$realname' where users_username='$username'";
335 $dbo = getDatabase();
339 msg_send($cl_queue, MSG_SET_USER_REALNAME, true);
341 // TODO now set real name
343 case MSG_SET_USER_TOKEN:
345 echo "Call to set user token\n";
346 if(!isset($msg["username"])) {
347 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
350 if(!isset($msg["tokenstring"])) {
351 msg_send($cl_queue, MSG_SET_USER_TOKEN, false);
356 $username = $msg["username"];
357 $token = $msg["tokenstring"];
358 $return = $myga->setUserKey($username, $token);
359 msg_send($cl_queue, MSG_SET_USER_TOKEN, $return);
361 // TODO now set token
363 case MSG_SET_USER_TOKEN_TYPE:
365 echo "Call to set user token type\n";
366 if(!isset($msg["username"])) {
367 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
370 if(!isset($msg["tokentype"])) {
371 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, false);
375 $username = $msg["username"];
376 $tokentype = $msg["tokentype"];
378 msg_send($cl_queue, MSG_SET_USER_TOKEN_TYPE, $myga->setTokenType($username, $tokentype));
380 // TODO now set token
383 // TODO this needs to be better
384 $sql = "select * from users order by users_username";
386 $dbo = getDatabase();
387 $res = $dbo->query($sql);
391 foreach($res as $row) {
392 $users[$i]["username"] = $row["users_username"];
393 $users[$i]["realname"] = $row["users_realname"];
394 if($row["users_password"]!="") {
395 $users[$i]["haspass"] = true;
397 $users[$i]["haspass"] = false;
399 echo "user: ".$users[$i]["username"]." has tdata: \"".$row["users_tokendata"]."\"\n";
400 if($row["users_tokendata"]!="") {
401 $users[$i]["hastoken"] = true;
403 $users[$i]["hastoken"] = false;
406 if($row["users_otk"]!="") {
407 $users[$i]["otk"] = $row["users_otk"];
409 $users[$i]["otk"] = "";
413 msg_send($cl_queue, MSG_GET_USERS, $users);
415 // TODO now set token