if (empty($_SERVER['PATH_INFO'])) { http_response_code(404); die('<h1>404 Not Found</h1>'); } if (preg_match('#^/code/([^/]+)$#', $_SERVER['PATH_INFO'], $matches)) { $secrets = get_secrets($matches[1]); if (!$secrets || empty($secrets['shared_secret'])) { http_response_code(404); die('<h1>404 Not Found</h1>No secret is available for that account.'); } header('Content-Type: text/plain'); echo SteamTotp::getAuthCode($secrets['shared_secret'], get_time_offset()); exit(0); } if (preg_match('#^/key/([^/]+)/([^/]+)$#', $_SERVER['PATH_INFO'], $matches)) { $secrets = get_secrets($matches[1]); if (!$secrets || empty($secrets['identity_secret'])) { http_response_code(404); die('<h1>404 Not Found</h1>No secret is available for that account.'); } $time = filter_input(INPUT_GET, 't', FILTER_VALIDATE_INT); if (!$time) { $time = time() + get_time_offset(); } header('Content-Type: application/json'); echo json_encode(['time' => $time, 'key' => SteamTotp::getConfirmationKey($secrets['identity_secret'], $time, $matches[2])]); exit(0); } http_response_code(404); die('<h1>404 Not Found</h1>'); // functions
function file_get_contents_curl($url, $service) { $ch = curl_init(); curl_setopt($ch, CURLOPT_USERAGENT, 'curl/7.x (linux)'); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url . get_secrets($service, $url)); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); // Skip SSL checks for localhost clients as Trusted CAs often aren't // installed into CURL on developer's PCs if (in_array($_SERVER["REMOTE_ADDR"], array("127.0.0.1", "::1"))) { curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); } $data = curl_exec($ch); curl_close($ch); return $data; }