function querycoll($host, $db_rid, $coll_rid, $query, $apptype, $useragent, $cachecontrol, $da_date, $api_version, $master, $token, $master_key, $da_date) { $header = getauthheaders($apptype, $useragent, $cachecontrol, $da_date, $api_version, getauthtoken($master, $token, gettoken($master_key, 'POST', 'docs', $coll_rid, $da_date))); $header[] = 'Content-Length:' . strlen($query); $header[] = 'Content-Type:application/sql'; $header[] = 'x-ms-documentdb-isquery:True'; //print "<pre>";print_r($header);print "</pre>"; $options = array(CURLOPT_HTTPHEADER => $header, CURLOPT_POST => true, CURLOPT_POSTFIELDS => $query); return request($host, "/dbs/" . $db_rid . "/colls/" . $coll_rid . "/docs", $options); }
} if (isset($HEADERS["Accept"])) { $accept = $HEADERS["Accept"]; } else { $accept = ""; } if (strpos($accept, "text/html") === False) { $htmloutput = false; header("Content-type: text/plain"); } else { $htmloutput = true; } $MAXTOKENLIFETIME = 86400; // Tokens remain valid for one day on the client side (becomes invalid after half hour of inactivity on the server) if ($db = getAuthDb()) { $authtoken = getauthtoken($db, $_REQUEST['newuser'], $_SERVER["REMOTE_ADDR"]); $cookieexpire = time() + $MAXTOKENLIFETIME; if (isset($_SERVER['HTTP_HOST'])) { $host = $_SERVER['HTTP_HOST']; $secure = $host != 'localhost'; if (!$secure) { $host = NULL; } } else { $host = 'darwin.bournemouth.ac.uk'; $secure = TRUE; } setrawcookie($DARWINCOOKIENAME, $authtoken, $cookieexpire, '/', $host, $secure); error_log(__FILE__ . ": Cookie set."); if (isset($_REQUEST['redirect'])) { error_log(__FILE__ . ": redirecting");
} else { $htmloutput = true; } if ($user !== NULL) { if ($htmloutput) { $db = getAuthDb(); showSuccessScreen($db, $user); } else { echo "login:{$user}\n"; } } elseif (isset($_REQUEST['username']) && isset($_REQUEST['password'])) { if ($db = getAuthDb()) { error_log(__FILE__ . ": Got a database connection"); if (verifyCredentials($db, $_REQUEST['username'], $_REQUEST['password']) === True) { error_log(__FILE__ . ": verified credentials"); $authtoken = getauthtoken($db, $_REQUEST['username'], $_SERVER["REMOTE_ADDR"]); $cookieexpire = time() + $MAXTOKENLIFETIME; if (isset($_SERVER['HTTP_HOST'])) { $host = $_SERVER['HTTP_HOST']; $secure = $host != 'localhost'; if (!$secure) { $host = NULL; } } else { $host = 'darwin.bournemouth.ac.uk'; $secure = TRUE; } error_log(__FILE__ . ": The host for the cookie has been determined as '{$host}'"); setrawcookie($DARWINCOOKIENAME, $authtoken, $cookieexpire, '/', $host, $secure); error_log(__FILE__ . ": Cookie set."); if (isset($_REQUEST['redirect'])) {
/** * @param int $keyid * @param string $response */ function handleresponse($keyid, $response) { global $DARWINCOOKIENAME; global $MAXTOKENLIFETIME; if (($db = getAuthDb()) === NULL) { handleError("Database connection error", 500); } $db->autocommit(FALSE); cleanChallenges($db); $stmt = $db->prepare('SELECT `challenge`, `requestip` FROM `challenges` WHERE `keyid`=?'); $stmt->bind_param("i", $keyid); $stmt->bind_result($challenge, $challengeip); if (!$stmt->execute()) { handleError($db->error); } if ($stmt->fetch() !== TRUE || $challengeip != $_SERVER["REMOTE_ADDR"]) { handleError("Invalid challenge", 403, "Not authorized"); } $stmt->close(); $stmt = $db->prepare('SELECT `user`, `privkey` FROM `pubkeys` WHERE `keyid`=?'); $stmt->bind_param("i", $keyid); $stmt->bind_result($user, $pubkey); $stmt->execute(); if ($stmt->fetch() === TRUE) { $stmt->close(); $decryptresponse = rsadecrypt($response, $pubkey); if ($decryptresponse !== $challenge) { handleError("Invalid response", 403, "Not Authorized"); // } else { // print("Challenge successfully decrypted: $decryptresponse\n"); } $db->commit(); $authtoken = getauthtoken($db, $user, $challengeip, $keyid); header("HTTP/1.1 200 Success"); $cookieexpire = time() + $MAXTOKENLIFETIME; setrawcookie($DARWINCOOKIENAME, $authtoken, $cookieexpire, '/', 'darwin.bournemouth.ac.uk', TRUE); print $authtoken; } else { $stmt->close(); handleError("key not found: \"{$decryptresponse}\"", 403, "Not Authorized"); } $db->close(); }