if (empty($_SERVER['PATH_INFO'])) {
http_response_code(404);
die('<h1>404 Not Found</h1>');
}
if (preg_match('#^/code/([^/]+)$#', $_SERVER['PATH_INFO'], $matches)) {
$secrets = get_secrets($matches[1]);
if (!$secrets || empty($secrets['shared_secret'])) {
http_response_code(404);
die('<h1>404 Not Found</h1>No secret is available for that account.');
}
header('Content-Type: text/plain');
echo SteamTotp::getAuthCode($secrets['shared_secret'], get_time_offset());
exit(0);
}
if (preg_match('#^/key/([^/]+)/([^/]+)$#', $_SERVER['PATH_INFO'], $matches)) {
$secrets = get_secrets($matches[1]);
if (!$secrets || empty($secrets['identity_secret'])) {
http_response_code(404);
die('<h1>404 Not Found</h1>No secret is available for that account.');
}
$time = filter_input(INPUT_GET, 't', FILTER_VALIDATE_INT);
if (!$time) {
$time = time() + get_time_offset();
}
header('Content-Type: application/json');
echo json_encode(['time' => $time, 'key' => SteamTotp::getConfirmationKey($secrets['identity_secret'], $time, $matches[2])]);
exit(0);
}
http_response_code(404);
die('<h1>404 Not Found</h1>');
// functions
function file_get_contents_curl($url, $service)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, 'curl/7.x (linux)');
curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url . get_secrets($service, $url));
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
// Skip SSL checks for localhost clients as Trusted CAs often aren't
// installed into CURL on developer's PCs
if (in_array($_SERVER["REMOTE_ADDR"], array("127.0.0.1", "::1"))) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
