function login() { // Check Token so Login comming from https://127.0.0.1/index.php $token = $_POST['token']; if ($token == $_COOKIE['session_id']) { if (empty($_POST['username'])) { return false; } if (empty($_POST['password'])) { return false; } $username = $_POST['username']; $password = $_POST['password']; $incheck = new InputChecker(); // Validate input ... $validPass = $incheck->isValidPassword($password); $validUserName = $incheck->isValidUsername($username); echo 'Attempted login: '******'isLoggedIn'] = 1; redirect("https://127.0.0.1/searchView.php"); } else { redirect("https://127.0.0.1/"); } }
$nonceB64 = strtok("."); $sig = base64url_decode(strtok(".")); } } //dump("kidB64:" . $kidB64 . " chalB64:" . $chalB64 . " nonceB64:" . $nonceB64 ." sig:" . $sig); if (checkChal($chalB64, getPeer())) { dump("HOBA: Challenge accepted"); } else { dump("HOBA: Challenge failed"); setFailCookie(); exit(1); } $kid = base64url_decode($kidB64); $tbsOrigin = "https://" . $_SERVER['SERVER_NAME'] . ":" . $_SERVER['SERVER_PORT']; $sigText = genTbsBlob($nonceB64, $GLOBALS['alg'], $tbsOrigin, $kidB64, $chalB64); dbLogin(); $device = dbGetDeviceByKid($kid); if (!$device) { dump("HOBA: kid not found"); setFailCookie(); dbLogout(); exit(1); } $pem = jwkToPem($device['pubKey']); $verified = openssl_verify($sigText, $sig, $pem, OPENSSL_ALGO_SHA256); if ($verified) { dump("HOBA: Key Verification Successful"); $user = dbGetDeviceByKid($kid); $t = time() + $GLOBALS['sessionTimeout']; $chocolate = getCookieVal($user['kid'], $user['did']); dbAddDeviceSession($user['kid'], $user['did'], $chocolate, $t);