$userdata = $res[1]; $id = $userdata['id']; $name_block = $userdata['name']; $xml->setXml($name_block); echo "<!-- Name block: " . $name_block . " -->"; # Be sure we get the name from the actual userdata $full_name = $xml->getTagContents("<name>"); $first_name = $xml->getTagContents("<fname>"); $display_name = $xml->getTagContents("<dname>"); # Account for possible differnt modes of saving if (empty($first_name)) { $first_name = $name_block; } $login_output .= "<h1 id='welcome_back'>Welcome back, " . $first_name . "</h1>"; //Welcome message $cookie_result = $user->createCookieTokens($userdata); if ($debug) { echo "<p>Cookie Result:</p>"; echo displayDebug($cookie_result); echo "<p>Entering cookie handling post call ...</p>"; } if (!$cookie_result['status']) { echo "<div class='alert alert-warning'><button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>×</span></button>" . $cookie_result['error'] . "</div>"; if ($debug) { echo "<p>Got a cookie error, see above cookie result</p>"; } } else { // Need access -- name (id), email. Give server access? $logged_in = true; if ($redirect_to_home !== true && empty($redirect_url)) { $durl = $self_url;
function registerApp($appInformation) { /*** * * * @param bool new_user flag to create a new user * * These keys are for all new device registrations, including new * user creation * @key email username * @key string password a URL-encoded password * @key phone_verify (when asked) * @key string key the encryption key * * These keys are only for new user creation * @key string first_name * @key string last_name * @key int phone * @key string handle the display username ***/ $username = $appInformation['username']; $device = $appInformation['device']; $newUser = boolstr($appInformation['new_user']); $return_data = array(); $validuser_data = array(); $u = new UserFunctions(); $password = urldecode($appInformation['password']); $encryption_key = $appInformation['key']; if (isNull($password) || isNull($username) || isNull($device) || isNull($encryption_key)) { return array('status' => false, 'error' => 'Required parameters missing', 'have_username' => !isNull($username), 'have_password' => !isNull($password), 'have_device' => !isNull($device), 'have_encryption_key' => !isNull($encryption_key)); } if ($newUser) { # Start the new user creation process # The application should have verified password correctness $name = array($appInformation['first_name'], $appInformation['last_name']); $handle = $appInformation['handle']; $phone = $appInformation['phone']; if (isNull($appInformation['first_name']) || isNull($appInformation['last_name']) || isNull($phone) || isNull($handle)) { return array('status' => false, 'error' => 'Required parameters missing', 'have_name' => !isNull($name), 'have_phone' => !isNull($phone), 'have_handle' => !isNull($handle)); } $result = $u->createUser($username, $password, $name, $handle, $phone); if ($result['status'] != true) { if (empty($r['human_error'])) { $result['human_error'] = $result['error']; $result['app_error_code'] = 999; } return $result; } $return_data['dblink'] = $result['dblink']; $validuser_data['dblink'] = $result['dblink']; $validuser_data['secret'] = $result['raw_secret']; $validuser_data['hash'] = $result['raw_auth']; } else { # Verify the user # Set up equivalent variables to finish registering the app $totp = isset($appInformation['totp']) ? $appInformation['totp'] : false; $result = $u->lookupUser($username, $password, true, $totp); if ($result['status'] === false && $result['totp'] === true) { $u->sendTOTPText(); return array('status' => false, 'human_error' => $result['human_error'], 'error' => $result['error'], 'app_error_code' => 109); } # Get the cookie tokens we'll use to validate in registerApp() $cookies = $u->createCookieTokens($result['data']); $return_data['dblink'] = $result['data']['dblink']; $validuser_data['dblink'] = $result['data']['dblink']; $validuser_data['secret'] = $cookies['raw_secret']; $validuser_data['hash'] = $cookies['raw_auth']; } # Get the data we need $phone_verify_code = $appInformation['phone_verify']; $r = $u->registerApp($validuser_data, $encryption_key, $device, $phone_verify_code); if ($r['status'] === false) { # Phone needs validation. Return the dblink and request # validation. Upon validation, re-ping this same target if ($r['app_error_code'] == 111) { return array_merge($r, array($return_data)); } if (empty($r['human_error'])) { $r['human_error'] = $r['error']; $r['app_error_code'] = 999; } # $r["cookies"] = $cookies; # $r["lookup_data"] = $result; return $r; } $return_data['secret'] = $r['secret']; $return_data = array_merge(array('status' => true, 'message' => "Successful registration of device '{$device}'", 'details' => $r), $return_data); return $return_data; }
function verifyTOTP($get) { $code = $get['code']; $user = $get['user']; $password = urldecode($get['password']); $password = str_replace(' ', '+', $password); $secret = $get['secret']; $hash = $get['hash']; $remote = $get['remote']; $is_encrypted = boolstr($get['encrypted']); # If it's a good code, pass the cookies back $u = new UserFunctions($user); /* print_r("bob"."\n\n"); $e=$u->encryptThis("sally","bob"); print_r($e."\n\n"); print_r($u->decryptThis("sally",$e)."\n\n");*/ $r = $u->lookupUser($user, $password, false, $code); if ($r[0] === false) { $r['status'] = false; $r['human_error'] = $r['message']; return $r; } ## The user and code is valid! $return = array('status' => true); $userdata = $r[1]; $cookie_result = $u->createCookieTokens(null, true, $remote); $return['cookies'] = $cookie_result; $return['string'] = json_encode($cookie_result['raw_cookie']); return $return; }