function verifyMessage($address, $signature, $message) { /* Return Status List (Reference | Update as needed) 0 = Nothing Executed; 1= Success 100 = Connection failed with Bitcoin client. 101 = Query failure? (Not sure what happens to create this error, But it is atleast acknolwedged it can happen, Please report how to create this error if you know) */ //Declare default variables (Sanatize after Declaration) $output = array(); $output["return_status"] = 0; //Connect to Bitcoin $Bitcoin_connection = OpenBitcoinClient(); if ($Bitcoin_connection["return_status"] == 1) { //Connection success, Now verify the message. try { $message_matches_signature_query = $Bitcoin_connection["connection_tunnel"]->query("verifymessage", $address, $signature, $message); } catch (Exception $e) { $message_matches_signature_query = false; } if ($message_matches_signature_query == true) { //That message/address/signature pair is valid $output["return_status"] = 1; } else { if ($message_matches_signature_query == false) { //That message/address/signature pair is NOT valid $output["return_status"] = 100; } else { //Not sure what happened, But it wasen't good, Failure $output["return_status"] = 101; } } } else { $output["return_status"] = 100; } return $output; }
function wot_login_step2($address, $signature) { /* Return Status List (Reference | Update as needed) 0 = Nothing Executed; 1= Success 100 = Connection failed with Bitcoin 101 = Signature didn't match 102 = IDK? */ //Declare default variables (Sanatize after Declaration) $output = array(); $output["return_status"] = 0; $output["return_status_message"] = 'Something went awry'; //Sanatize $address = trim($address); $signature = trim($signature); $message = trim($message); //Connect to Bitcoin $Bitcoin_connection = OpenBitcoinClient(); if ($Bitcoin_connection["return_status"] == 1) { //Verify that the message was valid //Query for Message $message_q = wot_doQuery("SELECT `message` FROM `address_authentication_awaiting_index` WHERE `address_to_register` = ? LIMIT 0,1", $address); $message = $message_q->fetch(); try { $message_valid = $Bitcoin_connection["connection_tunnel"]->query("verifymessage", $address, $signature, $message["message"]); } catch (Exception $e) { $message_valid = 102; //Invoke a 102 print_r($e); } if ($message_valid == true) { //Add address to database $address_exists_q = wot_doQuery("SELECT `id` FROM `address_index` WHERE `address` = ? LIMIT 0,1", $address); $address_exists = $address_exists_q->fetch(); if ($address_exists["id"] == 0) { $session_salt = wot_generateRandomString(1000); wot_doQuery_returnId("INSERT INTO `address_index` (`address`, `timestamp_added`, `session_salt`) VALUE(?, ?, ?)", $address, time(), $session_salt); wot_createSession($address); $output["return_status"] = 1; $output["return_status_message"] = ''; } else { if ($address_exists["id"] > 0) { wot_createSession($address); $output["return_status"] = 1; $output["return_status_message"] = ''; } } //Randomize the message so noone else can use the previouslyed used signemessage to sign in them selves (By means of javascript injection, maybe clipboard scanner,etc) wot_doQuery("UPDATE `address_authentication_awaiting_index` SET `message` = ? WHERE `address_to_register` = ? LIMIT 1", wot_generateRandomString(1000), $address); } else { if ($message_valid == false) { $output["return_status"] = 101; $output["return_status_message"] = 'That Signature did not match the message and Bitcoin address that was inputted'; } else { $output["return_status"] = 102; $output["return_status_message"] = 'Unable to connect to the Bitcoin network, we are under going matience. Please report this issue if it persists longer than 24 hours.'; } } } else { //Connection failed $output["return_status"] = 100; $output["return_status_message"] = "Unable to connect to the Bitcoin network, we are under going matience. Please report this issue if it persists longer than 24 hours."; } return $output; }
wot_detect_session_ended(); //if there is no valid session, redirect user to the sessionended.php page (other wise do nothing) //Declare variables $act = $_GET["act"]; $tx_id = (int) $_GET["id"]; //Get tx information $tx_information = wot_tx_queue_information($tx_id); //Quickly organize who is me and who is not me $distinct_identities = wot_distinct_me_and_swim($tx_information["db_data"]["address_a"], $tx_information["db_data"]["address_a_status"], $tx_information["db_data"]["address_b"], $tx_information["db_data"]["address_b_status"]); //Who are we awaiting on? Me or SWIM? $status = wot_awaitingOnMeOrSwim($distinct_identities["db_data"]["me_status"], $distinct_identities["db_data"]["swim_status"]); if ($act == "signmessage") { //Check if this user is required to sign message? if ($distinct_identities["me_status"] == 0) { //Check if the message is valid $Bitcoin_connection = OpenBitcoinClient(); $validate_signed_message = $Bitcoin_connection["connection_tunnel"]->query("verifymessage", $wot_session["address"], $_POST["signed_message"], $tx_information["db_data"]["message"]); if ($validate_signed_message == true) { //The signature validates update it to transaction information, and change status wot_doQuery("UPDATE `feedback_queue_index` SET `address_b_signature` = ?, `address_b_status` = 1 WHERE `id` = ? AND `address_b` = ? LIMIT 1", $_POST["signed_message"], $tx_id, $wot_session["address"]); //Reset information now that we have updated everything //Get tx information $tx_information = wot_tx_queue_information($tx_id); //Quickly organize who is me and who is not me $distinct_identities = wot_distinct_me_and_swim($tx_information["db_data"]["address_a"], $tx_information["db_data"]["address_a_status"], $tx_information["db_data"]["address_b"], $tx_information["db_data"]["address_b_status"]); //Who are we awaiting on? Me or SWIM? $status = wot_awaitingOnMeOrSwim($distinct_identities["db_data"]["me_status"], $distinct_identities["db_data"]["swim_status"]); } else { } } }