X-Git-Url: http://git.pjr.cc/?p=ga4php.git;a=blobdiff_plain;f=archive%2Fauthserver_v1.0%2Fwww%2Findex.php;fp=archive%2Fauthserver_v1.0%2Fwww%2Findex.php;h=cff7fa316a07be6dd55ceaef9f4420d44ec3b0e7;hp=0000000000000000000000000000000000000000;hb=ee45b81ae7117097934cacc0c129565fddb49fc4;hpb=ac262b9b316777bed9e908b8b85200b8a14256f7

diff --git a/archive/authserver_v1.0/www/index.php b/archive/authserver_v1.0/www/index.php
new file mode 100644
index 0000000..cff7fa3
--- /dev/null
+++ b/archive/authserver_v1.0/www/index.php
@@ -0,0 +1,107 @@
+<?php 
+
+require_once("user_actions.php");
+
+// first check for a token retreival
+if(isset($_REQUEST["gettoken"])) {
+	$username = $_REQUEST["username"];
+	$otkid = $_REQUEST["otkid"];
+	$users = $myAC->getUsers();
+	$realname = "";
+	$otk = "";
+	foreach($users as $user) {
+		if($user["username"] == $username) {
+			$realname = $user["realname"];
+			$otk = $user["otk"];
+		}
+	}
+	
+	if($realname == "") $realname = $username;
+	if($otk == "") {
+?>
+<html>
+Hello <?php echo $realname?>, we're sorry, but your One Time Key has<br>
+already been picked up or you dont currently have a token. If you believe<br>
+this in error, please contact the site admin immediately as it could mean<br>
+your key has been compromised.<br>
+</html>
+<?php
+	exit(0); 
+	}
+	
+	if($otk != $otkid) {
+?>
+<html>
+Hello <?php echo $realname?>, we're sorry, but your One Time Key ID is not
+the correct one, the URL you have been sent may be in error, please check with the site admin
+</html>
+<?php	
+	}
+	
+	// now actually pick up the key
+	if(isset($_REQUEST["ready"])) {
+?>
+<html>
+Hello <?php echo $realname?>, welcome to the One Time Key retreival site. Here is your<br>
+One Time Key. Do not save this anywhere as it will compromise your account<br>
+<li> Point your phones camera at the screen
+<li> Watch the display until it locks onto the code
+<li> Once the code has been scanned, the phone should return to the Google Authenticator with a 6 digit number presented, or a "get code" button.<br><hr>
+<img src="?action=actuallygettoken&username=<?php echo $username?>&otkid=<?php echo $otkid ?>"><br>
+
+Once you have the key, you may try logging into the user site <a href="index.php">here</a>
+</html>
+<?php 
+	} else {
+?>
+<html>
+Hello <?php echo $realname?>, welcome to the One Time Key retreival site. Before we present<br>
+your key, you must have your phone ready to accept it as the key can only be presented once.<br>
+If your phone is not ready to accept the key, the key needs to be regenerated, so only proceed<br>
+if you phone is on, you have clicked on "scan account barcode" and the phone is ready to<br>
+scan the code.<br>
+<br>
+If you are ready to proceed, click <a href="index.php?gettoken&username=<?php echo $username?>&ready=true&otkid=<?php echo $otkid?>">here</a>.
+</html>
+<?php 
+	}
+	exit(0);
+}
+
+
+?>
+<html>
+<h1>Welcome to the GAAS User Site</h1>
+<?php
+if(isset($_REQUEST["message"])) {
+	echo "<font color=\"green\">".$_REQUEST["message"]."</font>";
+} 
+if(isset($_REQUEST["error"])) {
+	echo "<font color=\"red\">".$_REQUEST["error"]."</font>";
+} 
+
+if(!$loggedin) {
+?>
+<form method="post" action="?action=login">
+Username: <input type="text" name="username"><br>
+Token Code: <input type="text" name="tokencode"><br>
+<input type="submit" value="Login">
+</form>
+</html>
+<?php
+	exit(0); 
+} else {
+?>
+
+Welcome, you have successfully logged into the<br>
+user site, but there is no content here to view.<br>
+Later, this site will be where you might resync your<br>
+token or change pin codes and the like<br>
+</html>
+
+<hr><a href="?action=logout">Logout</a>
+
+<?php 
+}
+?>
+
