function registerApp($appInformation)
{
/***
*
*
* @param bool new_user flag to create a new user
*
* These keys are for all new device registrations, including new
* user creation
* @key email username
* @key string password a URL-encoded password
* @key phone_verify (when asked)
* @key string key the encryption key
*
* These keys are only for new user creation
* @key string first_name
* @key string last_name
* @key int phone
* @key string handle the display username
***/
$username = $appInformation['username'];
$device = $appInformation['device'];
$newUser = boolstr($appInformation['new_user']);
$return_data = array();
$validuser_data = array();
$u = new UserFunctions();
$password = urldecode($appInformation['password']);
$encryption_key = $appInformation['key'];
if (isNull($password) || isNull($username) || isNull($device) || isNull($encryption_key)) {
return array('status' => false, 'error' => 'Required parameters missing', 'have_username' => !isNull($username), 'have_password' => !isNull($password), 'have_device' => !isNull($device), 'have_encryption_key' => !isNull($encryption_key));
}
if ($newUser) {
# Start the new user creation process
# The application should have verified password correctness
$name = array($appInformation['first_name'], $appInformation['last_name']);
$handle = $appInformation['handle'];
$phone = $appInformation['phone'];
if (isNull($appInformation['first_name']) || isNull($appInformation['last_name']) || isNull($phone) || isNull($handle)) {
return array('status' => false, 'error' => 'Required parameters missing', 'have_name' => !isNull($name), 'have_phone' => !isNull($phone), 'have_handle' => !isNull($handle));
}
$result = $u->createUser($username, $password, $name, $handle, $phone);
if ($result['status'] != true) {
if (empty($r['human_error'])) {
$result['human_error'] = $result['error'];
$result['app_error_code'] = 999;
}
return $result;
}
$return_data['dblink'] = $result['dblink'];
$validuser_data['dblink'] = $result['dblink'];
$validuser_data['secret'] = $result['raw_secret'];
$validuser_data['hash'] = $result['raw_auth'];
} else {
# Verify the user
# Set up equivalent variables to finish registering the app
$totp = isset($appInformation['totp']) ? $appInformation['totp'] : false;
$result = $u->lookupUser($username, $password, true, $totp);
if ($result['status'] === false && $result['totp'] === true) {
$u->sendTOTPText();
return array('status' => false, 'human_error' => $result['human_error'], 'error' => $result['error'], 'app_error_code' => 109);
}
# Get the cookie tokens we'll use to validate in registerApp()
$cookies = $u->createCookieTokens($result['data']);
$return_data['dblink'] = $result['data']['dblink'];
$validuser_data['dblink'] = $result['data']['dblink'];
$validuser_data['secret'] = $cookies['raw_secret'];
$validuser_data['hash'] = $cookies['raw_auth'];
}
# Get the data we need
$phone_verify_code = $appInformation['phone_verify'];
$r = $u->registerApp($validuser_data, $encryption_key, $device, $phone_verify_code);
if ($r['status'] === false) {
# Phone needs validation. Return the dblink and request
# validation. Upon validation, re-ping this same target
if ($r['app_error_code'] == 111) {
return array_merge($r, array($return_data));
}
if (empty($r['human_error'])) {
$r['human_error'] = $r['error'];
$r['app_error_code'] = 999;
}
# $r["cookies"] = $cookies;
# $r["lookup_data"] = $result;
return $r;
}
$return_data['secret'] = $r['secret'];
$return_data = array_merge(array('status' => true, 'message' => "Successful registration of device '{$device}'", 'details' => $r), $return_data);
return $return_data;
}
function verifyTOTP($get)
{
$code = $get['code'];
$user = $get['user'];
$password = urldecode($get['password']);
$password = str_replace(' ', '+', $password);
$secret = $get['secret'];
$hash = $get['hash'];
$remote = $get['remote'];
$is_encrypted = boolstr($get['encrypted']);
# If it's a good code, pass the cookies back
$u = new UserFunctions($user);
/* print_r("bob"."\n\n");
$e=$u->encryptThis("sally","bob");
print_r($e."\n\n");
print_r($u->decryptThis("sally",$e)."\n\n");*/
$r = $u->lookupUser($user, $password, false, $code);
if ($r[0] === false) {
$r['status'] = false;
$r['human_error'] = $r['message'];
return $r;
}
## The user and code is valid!
$return = array('status' => true);
$userdata = $r[1];
$cookie_result = $u->createCookieTokens(null, true, $remote);
$return['cookies'] = $cookie_result;
$return['string'] = json_encode($cookie_result['raw_cookie']);
return $return;
}
}
$settings_blob = "<section id='account_settings' class='panel panel-default clearfix'><div class='panel-heading'><h2 class='panel-title'>Settings</h2></div><div class='panel-body'>" . $emailHtml . $alternateEmailHtml . "<ul id='settings_list'><li><a href='#' id='showAdvancedOptions' data-domain='{$domain}' data-user-tfa='" . $has2fa . "' role='button' class='btn btn-default'>More Options</a></li>" . $verifyphone_link . $random . "</ul></div></section>";
$login_output .= "<div id='login_block'>";
$alt_forms = "<div id='alt_logins'>\n<!-- OpenID, Google, Twitter, Facebook -->\n</div>";
$login_preamble = "\n\t <h2 id='title'>User Login</h2>";
if ($_REQUEST['m'] == 'login_error') {
$login_preamble .= "<div class='alert alert-warning'><button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>×</span></button><p><strong>There was a problem setting your login credentials</strong>. Please try again.</p></div>";
}
$loginform = "<script src='bower_components/bootstrap/dist/js/bootstrap.min.js' type='text/javascript' charset='utf-8'></script>\n\t <form id='login' method='post' action='?q=submitlogin' class='form-horizontal'>\n <fieldset>\n <legend>Login</legend>\n<div class='form-group col-sm-9 col-md-5'>\n\t <label for='username' class='control-label'>\n\t\tEmail:\n\t </label>\n\t <input class='form-control' type='email' name='username' id='username' placeholder='*****@*****.**' autofocus='autofocus' required='required'/>\n\t </div>\n<div class='form-group col-sm-9 col-md-5 has-feedback'>\n\t <label for='password' class='control-label'>\n\t\tPassword:\n\t </label>\n\t <input class='form-control' type='password' name='password' id='password' placeholder='Password' class='password-input' required='required'/> <span class='glyphicon glyphicon-question-sign do-password-reset form-control-feedback' style='pointer-events:all;' id='reset-password-icon' data-toggle='tooltip' title='Forgot Password?'></span>\n</div>\n</fieldset>";
$loginform_close = "\t <br/>\n\t <button id='login_button' class='btn btn-primary'>Login</button>\n\t </form>{$alt_forms}<br/><p id='form_create_new_account'><small>Don't have an account yet? <a href='?q=create'>Create one</a>!</small></p>";
$big_login = $login_preamble . $loginform . $loginform_close;
$small_login = $loginform . $loginform_close;
if ($_REQUEST['q'] == 'submitlogin') {
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$totp = empty($_POST["totp"]) ? false : $_POST["totp"];
$res = $user->lookupUser($_POST['username'], $_POST['password'], true, $totp);
if ($res[0] === false && $res["totp"] === true) {
# User has two factor authentication. Prompt!
$totpclass = $res["error"] === false ? "bg-success" : "bg-danger";
$is_encrypted = empty($res["encrypted_hash"]) || empty($res["encrypted_secret"]);
$hash = $is_encrypted ? $_COOKIE[$cookieauth] : $res["encrypted_hash"];
$secret = $is_encrypted ? $_COOKIE[$cookiekey] : $res["encrypted_secret"];
$current_ip = $_SERVER['REMOTE_ADDR'];
$ipArray = explode(".", $current_ip);
array_pop($ipArray);
$ipTop = implode(".", $ipArray);
$current_ip = $ipTop;
$totp_buffer = "<section id='totp_prompt' class='row'>\n <div class='{$totp_class} alert alert-danger col-xs-12 col-md-6 force-center' id='totp_message'>" . $res["human_error"] . "</div>\n <form id='totp_submit' onsubmit='event.preventDefault();' class='form-horizontal clearfix col-xs-12'>\n <fieldset>\n <legend>Two-Factor Authentication</legend>\n <input type='number' id='totp_code' name='totp_code' placeholder='Code' pattern='[0-9]{6}' size='6' maxlength='6' required/>\n <input type='hidden' id='username' name='username' value='" . $_POST['username'] . "'/>\n <input type='hidden' id='password' name='password' value='" . $res["encrypted_password"] . "' class='password-input'/>\n <input type='hidden' id='secret' name='secret' value='" . $secret . "'/>\n <input type='hidden' id='hash' name='hash' value='" . $hash . "'/>\n <input type='hidden' id='remote' name='remote' value='" . $current_ip . "'/>\n <input type='hidden' id='encrypted' name='encrypted' value='" . $user->strbool($is_encrypted) . "'/>\n <br/>\n <br/>\n <button id='verify_totp_button' class='totpbutton btn btn-primary'>Verify</button>\n </fieldset>\n <p><small><a href='#' id='alternate_verification_prompt'>I can't use my app</a></small></p>\n </form>\n</section>";
$login_output .= $totp_buffer;
} else {
if ($res[0] !== false) {
</div>
<div>
<h3>Show User Data</h3>
<?php
try {
if ($u->validateUser()) {
?>
<form action='?t=show' method='post'>
<p>User: <?php
echo $_COOKIE[$cookieuser];
?>
</p>
<input type='password' name='pw' placeholder='password'/><br/>
<input type='submit'/>
</form>
<?php
} else {
echo "Please log in above to test this.";
}
} catch (Exception $e) {
echo "You've not logged in. Please log in above to test this.";
}
if ($_REQUEST['t'] == 'show') {
echo displayDebug($u->lookupUser($_COOKIE[$cookieuser], $_POST['pw']));
}
?>
</div>
</article>
</body>
</html>
