/** * Create basic salt for internal encryption * Should not be ran if already created. */ private function buildInternalKey() { if (self::g('salt')) { throw new LogicException("Do not run after initialization."); } self::s('salt', Encryption::enc(Encryption::genGarbage(8) . str_shuffle(Site::getKey('session')) . sha1(str_shuffle(self::g('client'))), $this->client)); }
if (!($jdata = json_decode($data, true))) { throw new RuntimeException("Unable to parse input."); } if (empty($jdata["credentials"])) { throw new RuntimeException("Received credentials are missing."); } // Read credentials $cred_obj = explode(" ", base64_decode($jdata['credentials'])); if (count($cred_obj) < 2) { throw new RuntimeException("Received credentials are malformed."); } // This is where you normally handle the call, i.e.. $res = Api::handleRequest($jdata); // Username and passphrase successfully read. $username = $cred_obj[0]; $passphrase = $cred_obj[1]; // Set asymmetric key to be used in future communication $session = Session::getInstance(); $session->set(Session::TRANSPORT_KEY, Encryption::genGarbage(Session::KEYSIZE)); // Clear login key $session->set(Captcha::KEY_LOGIN, null); // Let's say that everything went well and Citizen $username was loaded successfully. $res = array("id" => 123, "username" => $username, Session::STORAGE_KEY => base64_encode(Session::getStorageKey()), Session::TRANSPORT_KEY => base64_encode($session->get(Session::TRANSPORT_KEY))); // This is where you normally pass $res (Api::handleRequest()) to whatever renderer is available. /* Output */ $output = json_encode(array("result" => $res)); die(Encryption::enc($output, $key)); } catch (Exception $e) { $output = json_encode(array("error" => array("code" => 1, "message" => $e->getMessage()))); trigger_error($e->getMessage()); die(Encryption::enc($output, $key)); }