← Back to branch summary

~armagetronad-ap/armagetronad/trunk-http-auth-server-work

« back to all changes in this revision

Viewing changes to armaauth/0.1/armaauth.php

  • Committer: zodiacsohma1 at gmail
  • Date: 2012-11-26 14:43:17 UTC
  • Revision ID: zodiacsohma1@gmail.com-20121126144317-3wuu6v1jp666bowg
Adding files

Show diffs side-by-side

added added

removed removed

Lines of Context:
armaauth/0.1/armaauth.php
 
1
<?php
 
2
 
 
3
require('version.php');
 
4
require('config.php');
 
5
require('functions.php');
 
6
 
 
7
init();
 
8
 
 
9
$query = @$_REQUEST['query'];
 
10
 
 
11
//check query type and decide what to do
 
12
switch($query)
 
13
{
 
14
        case 'check':
 
15
                //the most important case, handled after the switch
 
16
                break;
 
17
 
 
18
        case 'methods':
 
19
                //the server wants a list of supported methods, comma seperated
 
20
                conclude('methods '.implode(',', $validMethods), 200);
 
21
                break;
 
22
 
 
23
        case 'params':
 
24
                // the md5 method would support parameters, the prefix and
 
25
                // suffix that is added to the password before it is hashed.
 
26
                $msg = "";
 
27
                if (isset($_REQUEST['method']))
 
28
                {
 
29
                        $realDbDetails = get_db_details($host, @$_REQUEST['method']);
 
30
                        foreach ($realDbDetails['params'] as $var => $key)
 
31
                                $msg .= $var." ".$key."\n";
 
32
 
 
33
                }
 
34
                else
 
35
                {
 
36
                        foreach ($dbdetails['params'] as $var => $key)
 
37
                                $msg .= $var." ".$key."\n";
 
38
                }
 
39
 
 
40
                webform_params($msg);
 
41
 
 
42
                conclude($msg, 200);
 
43
                break;
 
44
 
 
45
        case 'versions':
 
46
                //return "supported" versions
 
47
                $msg = "";
 
48
                foreach ($versionTable as $version => $details)
 
49
                        $msg .= ",".$version;
 
50
 
 
51
                conclude(substr($msg, 1), 200);
 
52
                break;
 
53
    
 
54
        default:
 
55
                conclude('UNKNOWN_QUERY', 404);
 
56
}
 
57
 
 
58
//get request variables
 
59
$user = @$_REQUEST['user'];
 
60
$hash = @$_REQUEST['hash'] . ''; 
 
61
$salt = @$_REQUEST['salt'] . '';
 
62
$packedSalt = @pack("H*", $salt); //pack salt
 
63
 
 
64
if (in_array($_REQUEST['method'], $validMethods))
 
65
{
 
66
        $hashMethod = $_REQUEST['method'];
 
67
}
 
68
 
 
69
//no method? FAIL!
 
70
if (!isset($hashMethod))
 
71
        conclude('METHOD_NOT_IMPLEMENTED', 501);
 
72
 
 
73
if (in_array($hashMethod, $validMethods)) //make sure it's supported method
 
74
{               //connect
 
75
        $realDbDetails = get_db_details ($host, $hashMethod);
 
76
        $db = mysql_connect($realDbDetails['host'], $realDbDetails['user'], $realDbDetails['passwd']);
 
77
        mysql_select_db($realDbDetails['name'], $db);
 
78
 
 
79
        if ( $hashMethod === 'webform' )
 
80
    {
 
81
        if ( in_array('md5', $validMethods) ) $method = 'md5';
 
82
            else if ( in_array('bmd5', $validMethods) ) $method = 'bmd5';
 
83
            else die("METHOD_NOT_IMPLEMENTED"); // TODO: nice message
 
84
 
 
85
        $result = mysql_query('SELECT `'.$realDbDetails['row'].'`, `'.$realDbDetails['user_row'].'`,`' . $realDbDetails['username_row'].'`, `'.$realDbDetails['user_rank'].'` FROM `'.$realDbDetails['table'].'` WHERE `'.$realDbDetails['user_row'].'` = \''.addslashes($user).'\'', $db);
 
86
        $del_result = mysql_query('DELETE FROM `' . $realDbDetails['table'] . '`
 
87
                       WHERE `'.$realDbDetails['user_row'].'` = \''.addslashes($user).'\'');
 
88
    }
 
89
    else
 
90
    {
 
91
        $method = $hashMethod;
 
92
        $result = mysql_query('SELECT `'.$realDbDetails['row'].'`, `'.$realDbDetails['user_row'].'`,`'.$realDbDetails['user_rank'].'` FROM `'.$realDbDetails['table'].'` WHERE `'.$realDbDetails['user_row'].'` = \''.addslashes($user).'\'', $db);
 
93
    }
 
94
 
 
95
        if (mysql_num_rows($result) == 1) //if there's the user
 
96
        {
 
97
                $row = mysql_fetch_row($result);
 
98
                if (strlen($row[0]) == 0) //make sure hash row isn't empty
 
99
                        $hashEmpty = true;
 
100
                else
 
101
                {
 
102
            if ( $hashMethod == 'webform')
 
103
            {
 
104
                $correctUserName = $row[2];
 
105
                $rank = $row[3];
 
106
            }
 
107
            else
 
108
            {
 
109
                $correctUserName = $row[1];
 
110
                $rank = $row[2];
 
111
            }
 
112
            $correctHash = $method(pack('H*',$row[0]).$packedSalt); //calculate the correct hash
 
113
                        if (strcasecmp($hash, $correctHash) == 0) //and then compare it
 
114
                                $passwordOK = true;
 
115
                }
 
116
        }
 
117
        else
 
118
        $userMissing = true;
 
119
        
 
120
        mysql_close($db); //close the database connection
 
121
 
 
122
        if ($userMissing)
 
123
                conclude('USER_NOT_FOUND', 404);
 
124
        else if ($hashEmpty)
 
125
                conclude('PRECONDITION_FAILED: Login again at the authority.', 412);
 
126
        else if ($passwordOK) //if a valid password return ok
 
127
        conclude('PASSWORD_OK ' . $correctUserName . '@' . $host . $rank, 200);
 
128
}
 
129
 
 
130
//if all else, FAILS
 
131
conclude('PASSWORD_FAIL', 401);
 
132
 
 
133
?>