From a5bc0d133aabe8a6f52c8fc24a955796e93299fe Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Mon, 6 Dec 2010 03:25:43 +1100
Subject: [PATCH] a partially functional web app is now partially functional

---
 authserver/authd/authd.php          |   23 ++++++++---
 authserver/www/actions.php          |   68 +++++++++++++++++++++++++++++++++
 authserver/www/index.php            |   71 +++++++++++++++++++++++++++++++++++
 unittests/generaterandomstrings.php |   18 +++++++++
 4 files changed, 174 insertions(+), 6 deletions(-)
 create mode 100644 authserver/www/actions.php
 create mode 100644 unittests/generaterandomstrings.php

diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php
index bd10267..3a52041 100644
--- a/authserver/authd/authd.php
+++ b/authserver/authd/authd.php
@@ -1,5 +1,7 @@
 <?php
 
+// TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
+
 if(file_exists("config.php")) {
 	require_once("config.php");
 } else {
@@ -31,11 +33,8 @@ if($pid == -1) {
 	global $myga;
 	
 	
-	print_r($myga);
-	
 	while(true) {
 		msg_receive($sr_queue, 0, $msg_type, 16384, $msg);
-		print_r($msg);
 		switch($msg_type) {
 			case MSG_AUTH_USER_TOKEN:
 				echo "Call to auth user token\n";
@@ -69,10 +68,10 @@ if($pid == -1) {
 						$hand = fopen("otks/$otk.png", "rb");
 						$data = fread($hand, filesize("otks/$otk.png"));
 						fclose($hand);
-						msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
 						unlink("otks/$otk.png");
 						$sql = "update users set users_otk='' where users_username='$username'";
 						$dbo->query($sql);
+						msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
 					}
 				}
 				
@@ -155,23 +154,29 @@ if($pid == -1) {
 				
 				break;
 			case MSG_SET_USER_PASSWORD:
-				echo "Call to set user pass\n";
+				echo "how on earth is that happening Call to set user pass, wtf?\n";
 				// TODO
+				print_r($msg);
 				if(!isset($msg["username"])) {
 					msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
+					echo "in break 1\n";
 					break;
 				}
 				if(!isset($msg["password"])) {
 					msg_send($cl_queue, MSG_SET_USER_PASSWORD, false);
+					echo "in break 1\n";
 					break;
 				}
 				
 				$username = $msg["username"];
 				$password = $msg["password"];
 				
-				$pass = hash('sha512', $password);
+				echo "would set pass for $username, to $password\n";
+				if($password == "") $pass = "";
+				else $pass = hash('sha512', $password);
 				
 				$dbo = getDatabase();
+				echo "in set user pass for $username, $pass\n";
 				$sql = "update users set users_password='$pass' where users_username='$username'";
 				
 				$dbo->query($sql);
@@ -267,6 +272,12 @@ if($pid == -1) {
 					} else {
 						$users[$i]["hastoken"] = false;
 					}
+					
+					if($row["users_otk"]!="") {
+						$users[$i]["otk"] = $row["users_otk"];
+					} else {
+						$users[$i]["otk"] = "";
+					}
 					$i++; 
 				}
 				msg_send($cl_queue, MSG_GET_USERS, $users);
diff --git a/authserver/www/actions.php b/authserver/www/actions.php
new file mode 100644
index 0000000..2d2ca9c
--- /dev/null
+++ b/authserver/www/actions.php
@@ -0,0 +1,68 @@
+<?php 
+require_once("../lib/authClient.php");
+
+$myAC = new GAAuthClient();
+
+session_start();
+
+if(isset($_SESSION["loggedin"])) if($_SESSION["loggedin"]) $loggedin = true;
+else $loggedin = false;
+
+if(isset($_REQUEST["action"])) {
+	switch($_REQUEST["action"]) {
+		case "login":
+			$username = $_REQUEST["username"];
+			$password = $_REQUEST["password"];
+			
+			if($myAC->authUserPass($username, $password)) {
+				$_SESSION["loggedin"] = true;
+				$_SESSION["username"] = $username;
+				header("Location: index.php");
+			} else {
+				header("Location: index.php?message=loginfail");
+			}
+			
+			exit(0);
+			break;
+		case "logout":
+			$_SESSION["loggedin"] = false;
+			$_SESSION["username"] = "";
+			header("Location: index.php");
+			exit(0);
+			break;
+		case "createuser":
+			$username = $_REQUEST["username"];
+			$myAC->addUser($username);
+			header("Location: index.php");
+			exit(0);
+			break;
+		case "update":
+			error_log("would update");
+			$err = print_r($_REQUEST, true);
+			error_log("req: $err\n");
+			$username = $_REQUEST["username"];
+			if($_REQUEST["realname"]!="") {
+				$myAC->setUserRealName($username, $_REQUEST["realname"]);
+			}
+			if($_REQUEST["password"]!= "") {
+				$myAC->setUserPass($username, $_REQUEST["password"]);
+			}
+			break;
+		case "delete":
+			$username = $_REQUEST["username"];
+			$myAC->deleteUser($username);
+			break;
+		case "deletepass":
+			$username = $_REQUEST["username"];
+			$myAC->setUserPass($username, "");
+			break;
+		case "getotk":
+			$username = $_REQUEST["username"];
+			$otk = $myAC->getOtkPng($username);
+			header("Content-type: image/png");
+			echo $otk;
+			exit(0);
+			break;
+	}
+}
+?>
\ No newline at end of file
diff --git a/authserver/www/index.php b/authserver/www/index.php
index a893e2c..fa6f6df 100644
--- a/authserver/www/index.php
+++ b/authserver/www/index.php
@@ -11,5 +11,76 @@
  * then user admin would be less disconnected. I.e. if a user was deleted from AD, their token
  * data should disappear with them.
  */
+require_once("actions.php");
 
+// the logged in component
+if($loggedin) {
+?>
+<h1>GAAS Manager</h1>
+Welcome to the Google Authenticator Authentication Server Manager Application<br>
+<hr><h2>Users</h2>
+<table border="1">
+<tr><th>Username</th><th>RealName</th><th>Has Password?</th><th>Has Token?</th><th>OTK</th><th>Update</th><th>Delete</th></tr>
+<?php
+$users = $myAC->getUsers();
+foreach($users as $user) {
+	$username = $user["username"];
+	
+	if($user["realname"] == "") $realname = "";
+	else $realname = $user["realname"];
+	
+	if($user["haspass"]) $haspass = "Yes <input type=\"password\" name=\"password\"> <a href=\"index.php?action=deletepass&username=$username\">Delete Password</a>";
+	else $haspass = "No <input type=\"password\" name=\"password\">";
+	
+	if($user["hastoken"]) $hastoken = "Yes";
+	else $hastoken = "No";
+	
+	if($user["otk"]!="") $otk = "<a href=\"index.php?action=getotk&username=$username\">Get</a>";
+	else $otk = "Already Claimed";
+	
+	$delete = "<a href=\"?action=delete&username=$username\">Delete</a>";
+	
+	echo "<form method=\"post\" action=\"?action=update&username=$username\"><tr><td>$username</td><td><input type=\"text\" name=\"realname\" value=\"$realname\"></td><td>$haspass</td>";
+	echo "<td>$hastoken</td><td>$otk</td><td><input type=\"submit\" value=\"Update\"></td><td>$delete</td><tr></form>";
+} 
+?>
+</table><br>
+<form method="post" action="?action=createuser">Create User: <input type="text" name="username"> <input type="submit" value="Create"></form>
+
+<hr><h2>Radius Clients</h2>
+Not yet implemented
+
+<hr><a href="?action=logout">Logout</a>
+
+<?php 
+
+
+} else {
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	// Login page
+?>
+<h1>GAAS Manager Login</h1>
+<?php
+if(isset($_REQUEST["message"])) {
+	echo "<font color=\"red\">Login Failed</font>";
+} 
+?>
+<form method="post" action="?action=login">
+<table>
+<tr><td>Username</td><td><input type="text" name="username"></td></tr>
+<tr><td>Password</td><td><input type="password" name="password"></td></tr>
+<tr><td><input type="submit" value="Go"></td></tr>
+</table>
+</form>
+<?php
+}
 ?>
\ No newline at end of file
diff --git a/unittests/generaterandomstrings.php b/unittests/generaterandomstrings.php
new file mode 100644
index 0000000..fc3e38c
--- /dev/null
+++ b/unittests/generaterandomstrings.php
@@ -0,0 +1,18 @@
+<?php
+
+include("../authserver/lib/lib.php");
+
+echo "Doing 50000 string generations\n";
+for($l = 0; $l < 50000; $l++) {
+	if(($l%1000)==0) {
+		echo "At $l\n";
+	}
+	$str = generateRandomString();
+	if(strlen($str)!=128) {
+		echo "Failure at ".strlen($str)." with $str\n";
+		return false;
+	}
+}
+
+return true;
+?>
-- 
1.7.0.4