dump("HOBA: Challenge failed"); setFailCookie(); exit(1); } $kid = base64url_decode($kidB64); $tbsOrigin = "https://" . $_SERVER['SERVER_NAME'] . ":" . $_SERVER['SERVER_PORT']; $sigText = genTbsBlob($nonceB64, $GLOBALS['alg'], $tbsOrigin, $kidB64, $chalB64); dbLogin(); $device = dbGetDeviceByKid($kid); if (!$device) { dump("HOBA: kid not found"); setFailCookie(); dbLogout(); exit(1); } $pem = jwkToPem($device['pubKey']); $verified = openssl_verify($sigText, $sig, $pem, OPENSSL_ALGO_SHA256); if ($verified) { dump("HOBA: Key Verification Successful"); $user = dbGetDeviceByKid($kid); $t = time() + $GLOBALS['sessionTimeout']; $chocolate = getCookieVal($user['kid'], $user['did']); dbAddDeviceSession($user['kid'], $user['did'], $chocolate, $t); setSuccessCookie($chocolate, $t); header("Hobareg: regok", true, 200); dump("HOBA: Login Successful"); } else { setFailCookie(); dump("HOBA: Login failed, Verification failure"); } dbLogout();
//dump("kidB64:" . $kidB64 . " chalB64:" . $chalB64 . " nonceB64:" . $nonceB64 ." sig:" . $sig); if (checkChal($chalB64, getPeer())) { dump("HOBA: Challenge accepted"); } else { dump("HOBA: Challenge failed"); setFailCookie(); exit(1); } $tbsOrigin = "https://" . $_SERVER['SERVER_NAME'] . ":" . $_SERVER['SERVER_PORT']; $sigText = genTbsBlob($nonceB64, $GLOBALS['alg'], $tbsOrigin, $kidB64, $chalB64); $pem = jwkToPem($pubKey); $verified = openssl_verify($sigText, $sig, $pem, OPENSSL_ALGO_SHA256); dbLogin(); if ($verified) { dump("HOBA: Key Verification Successful"); $newUser = dbRegisterKey($kid, $pubKey, $did); if (!$newUser) { dump("HOBA: Register failed, verification passed but kid already registered"); exit(1); } $t = time() + $GLOBALS['sessionTimeout']; $chocolate = getCookieVal($kid, $did); dbAddDeviceSession($kid, $did, $chocolate, $t); setSuccessCookie($chocolate, $t); header("Hobareg: regok", true, 200); dump("HOBA: Registration Successful"); } else { setFailCookie(); dump("HOBA: Register failed, Verification failure"); } dbLogout();
} printFooter(); } else { dump("HOBA: No YEOLDE session found"); printLoginFailure(); } } else { dump("HOBA: No cookie set"); if (isset($_POST['YeOldeLogin'])) { // Handle traditional logins dump("HOBA: Initiating YeOlde Login"); if (isset($_POST['YeOldeUser']) && isset($_POST['YeOldePassword'])) { $uid = dbCheckUserPass($_POST['YeOldeUser'], $_POST['YeOldePassword'], false); if (!$uid === false) { $t = time() + $GLOBALS['sessionTimeout']; $chocolate = getCookieVal($uid, $uid); dbAddUserSession($uid, $chocolate, $t); setUserCookie($chocolate, $t); dump("HOBA: YeOlde Login Successful"); $user = dbGetUserByCookie($chocolate); printHeader(); printMeat($user['uName'], false, ""); printFooter(); } else { printLoginFailure("YeOlde Bad Username/Password"); } } else { printLoginFailure("YeOlde Missing Username/Password"); } } }
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Document</title> <link rel="stylesheet" type="text/css" href="./css/login.css"> </head> <body> <div class="logo"></div> <form id="form" method="post" action="loginProcess.php"> <div class="wrapper"> <label for="username"></label> <input class="username" type="text" name="id" placeholder="id" value="<?php echo getCookieVal("id"); ?> " > <input class="pwd" type="password" name="password" placeholder="password"> <button id="login" type="submit"></button> <div class="yzm"> <input type="text" name="yzm" placeholder="请输入验证码" class="verificationCode"/> <img class="verificationImg" src="yzm.php?r=<?php echo rand(); ?> " onclick="this.src='yzm.php?r='+Math.random()"/> <a href="login.php" class="verificationIcon">看不清?换一个</a> </div> <div class="sfbc"><span>是否保存id</span><input type="checkbox" value="yes" name="keep" /></div> </div>
<?php require_once "common.php"; ?> <html> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> </head> <h1>Admin login system</h1> <form action="loginProcess.php" method="post"> <table> <tr><td>UserID</td><td><input type="text" name="id" value="<?php echo getCookieVal('id');?>"/></td></tr> <tr><td>Password</td><td><input type="password" name="password"/></td></tr> <tr> <td><input type="submit" value="Login"/></td> <td><input type="reset" value="Reset"/></td> </tr> </table> </form> <?php //get the errno if(!empty($_GET['errno'])){ $errno=$_GET['errno']; if($errno==1){ echo "<font color='red' size='3'>The username or password is invalid</font>"; } } ?>