define('SUCCESS_URL', 'http://foamicate.com');
define('FAIL_URL', 'http://foamicate.com/failure.php');
if (!isset($_SESSION['authenticating'])) {
$_SESSION['authenticating'] = false;
}
// Check if the logged in session variable is set. If it's not initialize with false.
if (!isset($_SESSION['logged_in'])) {
$_SESSION['logged_in'] = false;
}
if (!$_SESSION['authenticating']) {
$_SESSION['authenticating'] = true;
// First thing to do is grab the username out of the post variables.
// TODO: change from GET to POST
//$user = fetch_user_info($username);
$user = array('public_key' => rawurldecode($_POST['public_key']), 'random' => $_POST['random']);
$result = TrustAuth::get_challenge($user);
$_SESSION['server'] = $result['server'];
$_SESSION['user'] = $user;
echo $result['json'];
} else {
$user = $_SESSION['user'];
$server = $_SESSION['server'];
if (!isset($_POST['md5']) || !isset($_POST['sha'])) {
$result = TrustAuth::wrong_stage();
} else {
$user['md5'] = $_POST['md5'];
$user['sha'] = $_POST['sha'];
$result = TrustAuth::authenticate($user, $server, SUCCESS_URL, FAIL_URL);
if ($result['status']) {
$_SESSION['logged_in'] = true;
if (($db_user = fetch_user_info($user['public_key'])) == true) {
/**
* Outputs the fields required for a form to be authenticated with TrustAuth.
*
* @param {array} $options an array with option values to override the defaults
* @return {string} string of HTML to output to the page.
*/
public static function authenticate_form($options)
{
$options = array_merge(array('challenge_name' => 'ta-challenge', 'response_name' => 'ta-response', 'key_name' => 'ta-key'), $options);
if (!isset($options['challenge'])) {
$options['challenge'] = TrustAuth::get_challenge($_SERVER['SERVER_NAME']);
}
$str = "<input type=\"hidden\" id=\"trustauth-challenge\" name=\"" . htmlentities($options['challenge_name']) . "\" value=\"" . $options['challenge'] . "\"/>\n";
$str .= "<input type=\"hidden\" id=\"trustauth-response\" name=\"" . htmlentities($options['response_name']) . "\"/>\n";
$str .= "<input type=\"hidden\" id=\"trustauth-key\" name=\"" . htmlentities($options['key_name']) . "\"/>\n";
return $str;
}
/**
* Adds the TrustAuth fields to the login form.
*/
function trustauth_login()
{
$challenge = TrustAuth::get_challenge();
setcookie(TRUSTAUTH_COOKIE_NAME, hash('sha256', $challenge . get_option(TRUSTAUTH_SALT_OPTION_NAME)), time() + TRUSTAUTH_COOKIE_EXPIRATION, COOKIEPATH, COOKIE_DOMAIN, false, true);
echo TrustAuth::authenticate_form(array('challenge' => $challenge));
}
