/**
* Outputs the fields required for a form to be authenticated with TrustAuth.
*
* @param {array} $options an array with option values to override the defaults
* @return {string} string of HTML to output to the page.
*/
public static function authenticate_form($options)
{
$options = array_merge(array('challenge_name' => 'ta-challenge', 'response_name' => 'ta-response', 'key_name' => 'ta-key'), $options);
if (!isset($options['challenge'])) {
$options['challenge'] = TrustAuth::get_challenge($_SERVER['SERVER_NAME']);
}
$str = "<input type=\"hidden\" id=\"trustauth-challenge\" name=\"" . htmlentities($options['challenge_name']) . "\" value=\"" . $options['challenge'] . "\"/>\n";
$str .= "<input type=\"hidden\" id=\"trustauth-response\" name=\"" . htmlentities($options['response_name']) . "\"/>\n";
$str .= "<input type=\"hidden\" id=\"trustauth-key\" name=\"" . htmlentities($options['key_name']) . "\"/>\n";
return $str;
}
if (!$_SESSION['authenticating']) {
$_SESSION['authenticating'] = true;
// First thing to do is grab the username out of the post variables.
// TODO: change from GET to POST
//$user = fetch_user_info($username);
$user = array('public_key' => rawurldecode($_POST['public_key']), 'random' => $_POST['random']);
$result = TrustAuth::get_challenge($user);
$_SESSION['server'] = $result['server'];
$_SESSION['user'] = $user;
echo $result['json'];
} else {
$user = $_SESSION['user'];
$server = $_SESSION['server'];
if (!isset($_POST['md5']) || !isset($_POST['sha'])) {
$result = TrustAuth::wrong_stage();
} else {
$user['md5'] = $_POST['md5'];
$user['sha'] = $_POST['sha'];
$result = TrustAuth::authenticate($user, $server, SUCCESS_URL, FAIL_URL);
if ($result['status']) {
$_SESSION['logged_in'] = true;
if (($db_user = fetch_user_info($user['public_key'])) == true) {
$_SESSION['user_id'] = $db_user['id'];
} else {
$_SESSION['user_id'] = add_user($user['public_key']);
}
}
}
$_SESSION['authenticating'] = false;
echo $result['json'];
}
/**
* Activates the TrustAuth plugin.
*/
function trustauth_activation()
{
update_option(TRUSTAUTH_SALT_OPTION_NAME, TrustAuth::get_random_value());
trustauth_create_tables();
}
<?php
require_once 'libtrustauth.php';
echo '
<table class="form-table">
<tr>
<th><label for="trustauth-register-button">' . __('TrustAuth', 'trustauth') . '</label></th>
<td>
<p style="margin-top:0;">' . __('Adding your TrustAuth key allows you to login to WordPress using TrustAuth.', 'trustauth') . '</p>
<p>', TrustAuth::register_form(array('use_html5' => false)), '</p>
</td>
</tr>
</table>
';
public static function authenticate($user, $server, $success_url, $fail_url)
{
// Return error if any required parameter is missing
if (!isset($user['random']) || !isset($user['public_key']) || !isset($user['md5']) || !isset($user['sha']) || !isset($server['pre_master_secret']) || !isset($server['random'])) {
return false;
}
$user['public_key'] = TrustAuth::fix_key($user['public_key']);
// Load the key into the engine
$rsa = new Crypt_RSA();
$rsa->loadKey($user['public_key']);
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
// Decrypt the hashes from the client
$user_md5 = bin2hex($rsa->decrypt(pack('H*', $user['md5'])));
$user_sha = bin2hex($rsa->decrypt(pack('H*', $user['sha'])));
// Generate the master secret
$master_secret = TrustAuth::get_master_secret($server['pre_master_secret'], $user['random'], $server['random']);
$transmitted_messages = TrustAuth::get_transmitted_messages($user['random'], $master_secret, $server['random']);
// Calculate the expected hashes from the client
$md5_hash = TrustAuth::get_md5_hash($master_secret, $user['random'], $server['random'], $transmitted_messages);
$sha_hash = TrustAuth::get_sha_hash($master_secret, $user['random'], $server['random'], $transmitted_messages);
// If the hashes match then set the successful login session secret
if ($md5_hash === $user_md5 && $sha_hash === $user_sha) {
return array('status' => true, 'json' => json_encode(array('url' => $success_url, 'status' => TrustAuth::$status['logged_in'])));
} else {
return array('status' => false, 'json' => json_encode(array('url' => $fail_url, 'status' => TrustAuth::$status['auth_fail'], 'error' => 'Failed to authenticate.')));
}
}
