if (verifyCredentials($DB, $USERNAME, $PASSWORD) !== True) { handleError("Invalid credentials", 403, "Forbidden"); exit; // Exit just for certainty. HandleError should have exited already. } if ($AUTHONLY) { header("HTTP/1.1 200 Created"); header("Content-type: text/plain"); print "authenticated {$USERNAME}\n"; exit; } // Now we are authenticated. Now add the key if (isset($_POST["id"])) { $REQUESTKEYID = $_POST["id"]; } $PUBKEY = normalizebase64($_POST["pubkey"]); if (isset($REQUESTKEYID)) { if ($stmt = $DB->prepare('UPDATE `pubkeys` SET privkey=? WHERE `keyid`=? AND `user`=?')) { $stmt->bind_param("sis", $PUBKEY, $REQUESTKEYID, $USERNAME); if (($result = $stmt->execute()) === FALSE) { $error = $DB->error; $stmt->close(); $DB->rollback(); $DB->close(); handleError($error, 500); } elseif ($result === NULL || $DB->affected_rows != 1) { $stmt->close(); $DB->rollback(); $DB->close(); handleError("The requested keyid is not valid", 400, "Bad request"); }
setrawcookie($DARWINCOOKIENAME, $authtoken, $cookieexpire, '/', 'darwin.bournemouth.ac.uk', TRUE); print $authtoken; } else { $stmt->close(); handleError("key not found: \"{$decryptresponse}\"", 403, "Not Authorized"); } $db->close(); } if (isset($_REQUEST['cleanup'])) { if ($db = getAuthDb()) { $epoch = time(); cleanChallenges($db, $epoch); cleanTokens($db, $epoch); header("HTTP/1.1 204 No Content"); $db->close(); exit; } } if (!isset($_REQUEST['keyid'])) { handleError("insufficient credentials", 403, "Forbidden"); } $keyid = $_REQUEST['keyid']; if (isset($_REQUEST['response'])) { $response = normalizebase64($_REQUEST['response']); $responsebin = base64_decode($response); // print("Response received: $response"); // print(", this should make 0x".bin2hex($responsebin)."\n"); handleresponse($keyid, $responsebin); } else { issuechallenge($keyid); }