/
trustauth_auth.php
66 lines (51 loc) · 1.69 KB
/
trustauth_auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
include('trustauth.php');
include('mysql.php');
session_start();
// Define a few constants
define('SUCCESS_URL', 'http://foamicate.com');
define('FAIL_URL', 'http://foamicate.com/failure.php');
if ( ! isset($_SESSION['authenticating']) ) {
$_SESSION['authenticating'] = false;
}
// Check if the logged in session variable is set. If it's not initialize with false.
if ( ! isset($_SESSION['logged_in'])) {
$_SESSION['logged_in'] = false;
}
if ( ! $_SESSION['authenticating']) {
$_SESSION['authenticating'] = true;
// First thing to do is grab the username out of the post variables.
// TODO: change from GET to POST
//$user = fetch_user_info($username);
$user = array(
'public_key' => rawurldecode($_POST['public_key']),
'random' => $_POST['random'],
);
$result = TrustAuth::get_challenge($user);
$_SESSION['server'] = $result['server'];
$_SESSION['user'] = $user;
echo $result['json'];
}
else {
$user = $_SESSION['user'];
$server = $_SESSION['server'];
if ( ! isset($_POST['md5']) || ! isset($_POST['sha'])) {
$result = TrustAuth::wrong_stage();
}
else {
$user['md5'] = $_POST['md5'];
$user['sha'] = $_POST['sha'];
$result = TrustAuth::authenticate($user, $server, SUCCESS_URL, FAIL_URL);
if ($result['status']) {
$_SESSION['logged_in'] = true;
if (($db_user = fetch_user_info($user['public_key'])) == true) {
$_SESSION['user_id'] = $db_user['id'];
} else {
$_SESSION['user_id'] = add_user($user['public_key']);
}
}
}
$_SESSION['authenticating'] = false;
echo $result['json'];
}
?>