From: <ep...@us...> - 2008-08-15 09:56:44
|
Revision: 8515 http://armagetronad.svn.sourceforge.net/armagetronad/?rev=8515&view=rev Author: epsy Date: 2008-08-15 09:56:53 +0000 (Fri, 15 Aug 2008) Log Message: ----------- some old stuff i forgot to commit Modified Paths: -------------- tools/http-auth-server/trunk/config.php tools/http-auth-server/trunk/loginform.php Modified: tools/http-auth-server/trunk/config.php =================================================================== --- tools/http-auth-server/trunk/config.php 2008-08-13 12:57:25 UTC (rev 8514) +++ tools/http-auth-server/trunk/config.php 2008-08-15 09:56:53 UTC (rev 8515) @@ -21,6 +21,7 @@ $dbs['forums']['methods']['webform']['site_key_time_row'] = 'site_key_time'; $dbs['forums']['methods']['webform']['site_row'] = 'site'; $dbs['forums']['methods']['webform']['user_key_row'] = 'user_key'; +$dbs['forums']['methods']['webform']['hash_row'] = 'hash_row'; $dbs['forums']['validMethods'] = array('bmd5', 'md5', 'sha1'); //hashes which are in the table $dbs['forums']['params'] = array('prefix' => '', 'suffix' => ''); Modified: tools/http-auth-server/trunk/loginform.php =================================================================== --- tools/http-auth-server/trunk/loginform.php 2008-08-13 12:57:25 UTC (rev 8514) +++ tools/http-auth-server/trunk/loginform.php 2008-08-15 09:56:53 UTC (rev 8515) @@ -19,24 +19,30 @@ mysql_select_db($realDbDetails['name'], $db); // first, let's see what site is that -$result = mysql_query( +$site_res = mysql_query( 'SELECT SQL_CALC_FOUND_ROWS `' . $realDbDetails['authority_row'] . '`, - `' . $realDbDetails['site_key_row'] . '`, + `' . $realDbDetails['site_key_row'] . '` AS site_key, `' . $realDbDetails['site_key_hash_row'] . '`, - `' . $realDbDetails['site_row'] . '` + `' . $realDbDetails['site_row'] . '` AS site FROM `' . $realDbDetails['table'] . '` WHERE `' . $realDbDetails['site_key_hash_row'] . '`=\'' . $site_key_hash /* = $_REQUEST['k'] */ . '\' ORDER BY `' . $realDbDetails['site_key_time_row'] . '` DESC LIMIT 0,1'); + +$site_assoc = mysql_fetch_assoc($site_res); +$site = $result_assoc['site_row']; + $total = mysql_query('SELECT FOUND_ROWS() AS total'); $total_assoc = mysql_fetch_assoc($total); +mysql_close($db); if ( $total_assoc['total'] < 1) { die('PRECONDITION_FAILED'); // TODO: put a nice message here } + // nowhere to redirect? no thanks if ( isset($_REQUEST['redirect']) ) { @@ -52,8 +58,41 @@ if ( isset($_POST[ $host . 'submit']) ) { // ah, the user just submitted his login request, let's see if he entered his user/pw correctly - // well, we can't guess which method the server supports, but we'll have a preference for md5, then bmd5 + // FIXME well, we can't guess which method the server supports and isn'tjust a different auth'ing sheme (like this one, webform), but we'll have a preference for md5, then bmd5 + if ( in_array('md5', $validMethods) ) $method = 'md5'; + else if ( in_array('bmd5', $validMethods) ) $method = 'bmd5'; + else die("METHOD_NOT_IMPLEMENTED"); // TODO + + $realDbDetails = get_db_details($host, $method); + $db = mysql_connect($realDbDetails['host'], $realDbDetails['user'], $realDbDetails['passwd']); + mysql_select_db($realDbDetails['name'], $db); + + $user_res = mysql_query('SELECT ' . $realDbDetails['row'] . ' AS truepassword, ' . $realDbDetails['user_row'] . ' FROM ' . $realDbDetails['table'] . ' WHERE ' . $realDbDetails['user_row'] . ' = \'' . addslashes($_POST['username']) . '\'', $db); + + $pass = $_POST['password']; + $user_assoc = mysql_fetch_assoc($user_res); + + mysql_close($db); + + if ( $user_assoc['truepassword'] == $pass ) + { + // success, connect to the db, put the keys hashed together there + + $realDbDetails = get_db_details($host, 'webform'); + $db = mysql_connect($realDbDetails['host'], $realDbDetails['user'], $realDbDetails['passwd']); + mysql_select_db($realDbDetails['name'], $db); + + $q = mysql_query(' + UPDATE `' . $realDbDetails['table'] . '` + SET `' . $realDbDetails['hash_row'] . '`=\'' . . '\' + '); + } + else + { + // fail + die ("PASSWORD_FAIL"); // TODO + } } else { @@ -72,6 +111,7 @@ </p> <p> <input name="redirect" type="hidden" value="<?php echo $redirect; ?>" /> + <input name="k" type="hidden" value="<?php echo $site_key_hash; ?>" /> <input name="<?php echo $host; ?>submit" type="submit" /> </p> </form> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ep...@us...> - 2008-08-15 14:37:22
|
Revision: 8517 http://armagetronad.svn.sourceforge.net/armagetronad/?rev=8517&view=rev Author: epsy Date: 2008-08-15 14:37:31 +0000 (Fri, 15 Aug 2008) Log Message: ----------- fixed bugs typos and turtles Modified Paths: -------------- tools/http-auth-server/trunk/config.php tools/http-auth-server/trunk/functions.php tools/http-auth-server/trunk/loginform.php Modified: tools/http-auth-server/trunk/config.php =================================================================== --- tools/http-auth-server/trunk/config.php 2008-08-15 10:16:16 UTC (rev 8516) +++ tools/http-auth-server/trunk/config.php 2008-08-15 14:37:31 UTC (rev 8517) @@ -4,26 +4,28 @@ //database details for checking against, repeat this section to support multiple databases //use $dbs['authority_name']['methods']['method']['host/name/user/passwd/table/userrow'] to set specific DB detailms for specific methods -$dbs['forums']['host'] = ''; -$dbs['forums']['name'] = ''; -$dbs['forums']['user'] = ''; -$dbs['forums']['passwd'] = ''; -$dbs['forums']['table'] = ''; -$dbs['forums']['user_row'] = ''; -$dbs['forums']['methods']['md5']['row'] = ''; -$dbs['forums']['methods']['bmd5']['row'] = ''; -$dbs['forums']['methods']['sha1']['row'] = ''; +$dbs['epsy.teamkilled.net:8080/~epsy']['host'] = 'localhost'; +$dbs['epsy.teamkilled.net:8080/~epsy']['name'] = 'http-auth-test'; +$dbs['epsy.teamkilled.net:8080/~epsy']['user'] = 'root'; +$dbs['epsy.teamkilled.net:8080/~epsy']['passwd'] = 'mycoolzone'; +$dbs['epsy.teamkilled.net:8080/~epsy']['table'] = 'server-users'; +$dbs['epsy.teamkilled.net:8080/~epsy']['user_row'] = 'user'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['md5']['row'] = 'md5'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['bmd5']['row'] = ''; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['sha1']['row'] = ''; // If you want to serve web authentication(not working yet) you will need to create this table with the following fields: -$dbs['forums']['methods']['webform']['table'] = 'armaauth'; -$dbs['forums']['methods']['webform']['authority_row'] = 'authority'; -$dbs['forums']['methods']['webform']['site_key_row'] = 'site_key'; -$dbs['forums']['methods']['webform']['site_key_hash_row'] = 'site_key_hash'; -$dbs['forums']['methods']['webform']['site_key_time_row'] = 'site_key_time'; -$dbs['forums']['methods']['webform']['site_row'] = 'site'; -$dbs['forums']['methods']['webform']['user_key_row'] = 'user_key'; -$dbs['forums']['methods']['webform']['hash_row'] = 'hash_row'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['table'] = 'server-webform'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['authority_row'] = 'authority'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['site_key_row'] = 'site_key'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['site_key_hash_row'] = 'site_key_hash'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['site_key_time_row'] = 'site_key_time'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['site_row'] = 'site'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['user_key_row'] = 'user_key'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['hash_row'] = 'hash_row'; +$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['siteKeyTimeout'] = 5 * 60; // Time in seconds until a site key is considered expired and can be trashed -$dbs['forums']['validMethods'] = array('bmd5', 'md5', 'sha1'); //hashes which are in the table -$dbs['forums']['params'] = array('prefix' => '', 'suffix' => ''); +$dbs['epsy.teamkilled.net:8080/~epsy']['validMethods'] = array('md5', 'webform'); //hashes which are in the table +$dbs['epsy.teamkilled.net:8080/~epsy']['params'] = array('prefix' => '', 'suffix' => ''); + ?> Modified: tools/http-auth-server/trunk/functions.php =================================================================== --- tools/http-auth-server/trunk/functions.php 2008-08-15 10:16:16 UTC (rev 8516) +++ tools/http-auth-server/trunk/functions.php 2008-08-15 14:37:31 UTC (rev 8517) @@ -106,9 +106,9 @@ function webform_params (&$msg) { global $validMethods, $hashMethod; - if (in_array($_GET['method'], $validMethods)) + if (in_array($_REQUEST['method'], $validMethods)) { - $hashMethod = $_GET['method']; + $hashMethod = $_REQUEST['method']; } //no method? FAIL! @@ -131,12 +131,17 @@ mysql_select_db($realDbDetails['name'], $db); $q = 'INSERT INTO `' . $realDbDetails['table'] . '` - SET `' . $realDbDetails['authority_row'] . '`="' . $host . '", - `' . $realDbDetails['site_row'] . '`="' . $_SERVER['REMOTE_ADDR'] . '", - `' . $realDbDetails['site_key_row'] . '`="' . $key . '", - `' . $realDbDetails['site_key_hash_row'] . '`="' . md5($key) . '", - `' . $realDbDetails['user_key_row'] . '`=""'; // set it later, dont let people use it without the user actually logining in :-P + SET `' . $realDbDetails['authority_row'] . '`="' . $host . '", + `' . $realDbDetails['site_row'] . '`="' . $_SERVER['REMOTE_ADDR'] . '", + `' . $realDbDetails['site_key_row'] . '`="' . $key . '", + `' . $realDbDetails['site_key_hash_row'] . '`="' . md5($key) . '", + `' . $realDbDetails['site_key_time_row'] . '`="' . time() . '", + `' . $realDbDetails['user_key_row'] . '`=""'; // set it later, dont let people use it without the user actually logining in :-P + mysql_query( $q, $db ); + + echo mysql_error(); + return $key; } Modified: tools/http-auth-server/trunk/loginform.php =================================================================== --- tools/http-auth-server/trunk/loginform.php 2008-08-15 10:16:16 UTC (rev 8516) +++ tools/http-auth-server/trunk/loginform.php 2008-08-15 14:37:31 UTC (rev 8517) @@ -85,7 +85,7 @@ $q = mysql_query(' UPDATE `' . $realDbDetails['table'] . '` - SET `' . $realDbDetails['hash_row'] . '`=\'' . . '\' + SET `' . $realDbDetails['hash_row'] . '`=\'' . 'TODO' . '\' '); } else This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ep...@us...> - 2008-08-15 14:46:11
|
Revision: 8518 http://armagetronad.svn.sourceforge.net/armagetronad/?rev=8518&view=rev Author: epsy Date: 2008-08-15 14:46:21 +0000 (Fri, 15 Aug 2008) Log Message: ----------- moar typos Modified Paths: -------------- tools/http-auth-server/trunk/functions.php Added Paths: ----------- tools/http-auth-server/trunk/htmltemplate.php Modified: tools/http-auth-server/trunk/functions.php =================================================================== --- tools/http-auth-server/trunk/functions.php 2008-08-15 14:37:31 UTC (rev 8517) +++ tools/http-auth-server/trunk/functions.php 2008-08-15 14:46:21 UTC (rev 8518) @@ -134,14 +134,12 @@ SET `' . $realDbDetails['authority_row'] . '`="' . $host . '", `' . $realDbDetails['site_row'] . '`="' . $_SERVER['REMOTE_ADDR'] . '", `' . $realDbDetails['site_key_row'] . '`="' . $key . '", - `' . $realDbDetails['site_key_hash_row'] . '`="' . md5($key) . '", + `' . $realDbDetails['site_key_hash_row'] . '`="' . md5($key) . '", `' . $realDbDetails['site_key_time_row'] . '`="' . time() . '", - `' . $realDbDetails['user_key_row'] . '`=""'; // set it later, dont let people use it without the user actually logining in :-P + `' . $realDbDetails['user_key_row'] . '`=""'; // set it later, dont let people use it without the user actually logining in :-P mysql_query( $q, $db ); - echo mysql_error(); - return $key; } Added: tools/http-auth-server/trunk/htmltemplate.php =================================================================== --- tools/http-auth-server/trunk/htmltemplate.php (rev 0) +++ tools/http-auth-server/trunk/htmltemplate.php 2008-08-15 14:46:21 UTC (rev 8518) @@ -0,0 +1,26 @@ +<?php + +function make_header() +{ + global $host; + + echo '<' . '?'; // hopefully we'll have this gone with PHP6 +?>xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html + PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <title>Login with authority <?php echo htmlspecialchars($host); ?></title> + </head> + <body> +<?php +} + +function make_footer() +{ +?> </body> +</html><?php +} + +?> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ep...@us...> - 2008-08-15 15:21:33
|
Revision: 8519 http://armagetronad.svn.sourceforge.net/armagetronad/?rev=8519&view=rev Author: epsy Date: 2008-08-15 15:21:42 +0000 (Fri, 15 Aug 2008) Log Message: ----------- redirects back Modified Paths: -------------- tools/http-auth-server/trunk/config.php tools/http-auth-server/trunk/loginform.php Modified: tools/http-auth-server/trunk/config.php =================================================================== --- tools/http-auth-server/trunk/config.php 2008-08-15 14:46:21 UTC (rev 8518) +++ tools/http-auth-server/trunk/config.php 2008-08-15 15:21:42 UTC (rev 8519) @@ -4,28 +4,28 @@ //database details for checking against, repeat this section to support multiple databases //use $dbs['authority_name']['methods']['method']['host/name/user/passwd/table/userrow'] to set specific DB detailms for specific methods -$dbs['epsy.teamkilled.net:8080/~epsy']['host'] = 'localhost'; -$dbs['epsy.teamkilled.net:8080/~epsy']['name'] = 'http-auth-test'; -$dbs['epsy.teamkilled.net:8080/~epsy']['user'] = 'root'; -$dbs['epsy.teamkilled.net:8080/~epsy']['passwd'] = 'mycoolzone'; -$dbs['epsy.teamkilled.net:8080/~epsy']['table'] = 'server-users'; -$dbs['epsy.teamkilled.net:8080/~epsy']['user_row'] = 'user'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['md5']['row'] = 'md5'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['bmd5']['row'] = ''; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['sha1']['row'] = ''; +$dbs['forums']['host'] = ''; +$dbs['forums']['name'] = ''; +$dbs['forums']['user'] = ''; +$dbs['forums']['passwd'] = ''; +$dbs['forums']['table'] = ''; +$dbs['forums']['user_row'] = ''; +$dbs['forums']['methods']['md5']['row'] = ''; +$dbs['forums']['methods']['bmd5']['row'] = ''; +$dbs['forums']['methods']['sha1']['row'] = ''; // If you want to serve web authentication(not working yet) you will need to create this table with the following fields: -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['table'] = 'server-webform'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['authority_row'] = 'authority'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['site_key_row'] = 'site_key'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['site_key_hash_row'] = 'site_key_hash'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['site_key_time_row'] = 'site_key_time'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['site_row'] = 'site'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['user_key_row'] = 'user_key'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['hash_row'] = 'hash_row'; -$dbs['epsy.teamkilled.net:8080/~epsy']['methods']['webform']['siteKeyTimeout'] = 5 * 60; // Time in seconds until a site key is considered expired and can be trashed +$dbs['forums']['methods']['webform']['table'] = 'armaauth'; +$dbs['forums']['methods']['webform']['authority_row'] = 'authority'; +$dbs['forums']['methods']['webform']['site_key_row'] = 'site_key'; +$dbs['forums']['methods']['webform']['site_key_hash_row'] = 'site_key_hash'; +$dbs['forums']['methods']['webform']['site_key_time_row'] = 'site_key_time'; +$dbs['forums']['methods']['webform']['site_row'] = 'site'; +$dbs['forums']['methods']['webform']['user_key_row'] = 'user_key'; +$dbs['forums']['methods']['webform']['hash_row'] = 'hash_row'; +$dbs['forums']['methods']['webform']['hash_row'] = 'hash_row'; +$dbs['forums']['methods']['webform']['siteKeyTimeout'] = 5 * 60; // Time in seconds until a site key is considered expired and can be trashed +$dbs['forums']['validMethods'] = array('bmd5', 'md5', 'sha1'); //hashes which are in the table +$dbs['forums']['params'] = array('prefix' => '', 'suffix' => ''); -$dbs['epsy.teamkilled.net:8080/~epsy']['validMethods'] = array('md5', 'webform'); //hashes which are in the table -$dbs['epsy.teamkilled.net:8080/~epsy']['params'] = array('prefix' => '', 'suffix' => ''); - ?> Modified: tools/http-auth-server/trunk/loginform.php =================================================================== --- tools/http-auth-server/trunk/loginform.php 2008-08-15 14:46:21 UTC (rev 8518) +++ tools/http-auth-server/trunk/loginform.php 2008-08-15 15:21:42 UTC (rev 8519) @@ -7,7 +7,7 @@ init(); -$site_key_hash = @$_REQUEST['k']; +$site_key_hash = @$_REQUEST['key']; if ( !in_array('webform', $validMethods) ) { @@ -23,7 +23,7 @@ 'SELECT SQL_CALC_FOUND_ROWS `' . $realDbDetails['authority_row'] . '`, `' . $realDbDetails['site_key_row'] . '` AS site_key, - `' . $realDbDetails['site_key_hash_row'] . '`, + `' . $realDbDetails['site_key_hash_row'] . '` AS stie_key_hash, `' . $realDbDetails['site_row'] . '` AS site FROM `' . $realDbDetails['table'] . '` WHERE `' . $realDbDetails['site_key_hash_row'] . '`=\'' . $site_key_hash /* = $_REQUEST['k'] */ . '\' @@ -32,6 +32,8 @@ $site_assoc = mysql_fetch_assoc($site_res); $site = $result_assoc['site_row']; +$sitekey = $result_assoc['site_key']; +$sitekeyhash = $result_assoc['site_key_hash']; $total = mysql_query('SELECT FOUND_ROWS() AS total'); $total_assoc = mysql_fetch_assoc($total); @@ -44,7 +46,7 @@ // nowhere to redirect? no thanks -if ( isset($_REQUEST['redirect']) ) +if ( !isset($_REQUEST['redirect']) ) { die('PRECONDITION_FAILED'); // TODO: put a nice message here } @@ -82,11 +84,16 @@ $realDbDetails = get_db_details($host, 'webform'); $db = mysql_connect($realDbDetails['host'], $realDbDetails['user'], $realDbDetails['passwd']); mysql_select_db($realDbDetails['name'], $db); + + $userkey = generate_key(); + $mixOfTehKeyz = md5( $userkey . $sitekey ); $q = mysql_query(' UPDATE `' . $realDbDetails['table'] . '` - SET `' . $realDbDetails['hash_row'] . '`=\'' . 'TODO' . '\' + SET `' . $realDbDetails['hash_row'] . '`=\'' . $mixOfTehKeyz . '\' '); + // then tell the user to go back to the site he's loginning with + header("Location: " . $redirect . "?key=" . $sitekeyhash . "&ukey=" . $userkey, true, 303 ); } else { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |