summaryrefslogtreecommitdiff
path: root/backend/php/src/index.php
Unidiff
Diffstat (limited to 'backend/php/src/index.php') (more/less context) (ignore whitespace changes)
-rw-r--r--backend/php/src/index.php744
1 files changed, 744 insertions, 0 deletions
diff --git a/backend/php/src/index.php b/backend/php/src/index.php
new file mode 100644
index 0000000..eb3d75a
--- a/dev/null
+++ b/backend/php/src/index.php
@@ -0,0 +1,744 @@
1<?php
2 include "./configuration.php";
3 include "./objects/class.database.php";
4 include "./objects/class.user.php";
5 include "./objects/class.record.php";
6 include "./objects/class.recordversion.php";
7 include "./objects/class.onetimepassword.php";
8 include "./objects/class.onetimepasswordstatus.php";
9
10//-----------------------------------------------------------------------------
11
12if ( !function_exists('json_decode') ) {
13 function json_decode($content, $assoc=false) {
14 require_once 'json/JSON.php';
15 if ( $assoc ) {
16 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
17 } else {
18 $json = new Services_JSON;
19 }
20
21 return $json->decode($content);
22 }
23}
24
25if ( !function_exists('json_encode') ) {
26 function json_encode($content) {
27 require_once 'json/JSON.php';
28 $json = new Services_JSON;
29
30 return $json->encode($content);
31 }
32}
33
34//-----------------------------------------------------------------------------
35 //'dec2base', 'base2dec' and 'digits' are functions found on the following
36 //PHP manual page: http://ch2.php.net/manual/en/ref.bc.php
37//
38
39function dec2base($dec, $base, $digits=FALSE) {
40 if ($base<2 or $base>256) {
41 die("Invalid Base: ".$base);
42 }
43
44 bcscale(0);
45 $value="";
46 if (!$digits) {
47 $digits = digits($base);
48 }
49
50 while ($dec > $base-1) {
51 $rest = bcmod($dec, $base);
52 $dec = bcdiv($dec, $base);
53 $value = $digits[$rest].$value;
54 }
55
56 $value=$digits[intval($dec)].$value;
57
58 return (string)$value;
59}
60
61//.............................................................................
62
63// convert another base value to its decimal value
64function base2dec($value, $base, $digits=FALSE) {
65 if ($base<2 or $base>256) {
66 die("Invalid Base: ".$base);
67 }
68
69 bcscale(0);
70 if ($base<37) {
71 $value=strtolower($value);
72 }
73
74 if (!$digits) {
75 $digits=digits($base);
76 }
77
78 $size = strlen($value);
79 $dec="0";
80 for ($loop=0; $loop<$size; $loop++) {
81 $element = strpos($digits, $value[$loop]);
82 $power = bcpow($base, $size-$loop-1);
83 $dec = bcadd($dec, bcmul($element,$power));
84 }
85
86 return (string)$dec;
87}
88
89//.............................................................................
90
91function digits($base) {
92 if ($base>64) {
93 $digits="";
94 for ($loop=0; $loop<256; $loop++) {
95 $digits.=chr($loop);
96 }
97 } else {
98 $digits ="0123456789abcdefghijklmnopqrstuvwxyz";
99 $digits.="ABCDEFGHIJKLMNOPQRSTUVWXYZ-_";
100 }
101
102 $digits=substr($digits,0,$base);
103
104 return (string)$digits;
105}
106
107//-----------------------------------------------------------------------------
108
109function clipperz_hash($value) {
110 return hash("sha256", hash("sha256", $value, true));
111}
112
113//-----------------------------------------------------------------------------
114
115function clipperz_randomSeed() {
116 $result;
117
118 srand((double) microtime()*1000000);
119 $result = "";
120
121 while(strlen($result) < 64) {
122 $result = $result.dec2base(rand(), 16);
123 }
124
125 $result = substr($result, 0, 64);
126
127 return $result;
128}
129
130//-----------------------------------------------------------------------------
131
132function updateUserCredentials($parameters, &$user) {
133 $user->username = $parameters["C"];
134 $user->srp_s = $parameters["s"];
135 $user->srp_v = $parameters["v"];
136 $user->auth_version =$parameters["version"];
137}
138
139function updateUserData($parameters, &$user) {
140 $user->header = $parameters["header"];
141 $user->statistics =$parameters["statistics"];
142 $user->version =$parameters["version"];
143 $user->lock = $parameters["lock"];
144}
145
146function updateRecordData($parameters, &$record, &$recordVersion) {
147 $recordData = $parameters["record"];
148 $record->reference =$recordData["reference"];
149 $record->data = $recordData["data"];
150 $record->version = $recordData["version"];
151
152 $recordVersionData = $parameters["currentRecordVersion"];
153 $recordVersion->reference = $recordVersionData ["reference"];
154 $recordVersion->data = $recordVersionData ["data"];
155 $recordVersion->version = $recordVersionData ["version"];
156 $recordVersion->previous_version_id =$recordVersionData ["previousVersion"];
157 $recordVersion->previous_version_key =$recordVersionData ["previousVersionKey"];
158}
159
160//-----------------------------------------------------------------------------
161
162function updateOTPStatus(&$otp, $status) {
163 $otpStatus = new onetimepasswordstatus();
164 $selectedStatuses = $otpStatus->GetList(array(array("code", "=", $status)));
165 $otpStatus = $selectedStatuses[0];
166 $otp->SetOnetimepasswordstatus($otpStatus);
167}
168
169function updateOTP($parameters, &$otp, $status) {
170 $otp->reference = $parameters["reference"];
171 $otp->key = $parameters["key"];
172 $otp->key_checksum= $parameters["keyChecksum"];
173 $otp->data = $parameters["data"];
174 $otp->version = $parameters["version"];
175
176 updateOTPStatus($otp, $status);
177}
178
179function resetOTP(&$otp, $status) {
180 $otp->data = "";
181 updateOTPStatus($otp, $status);
182 $otp->Save();
183}
184
185//-----------------------------------------------------------------------------
186
187function fixOTPStatusTable() {
188 $otpStatus = new onetimepasswordstatus();
189 $otpStatusList = $otpStatus->GetList();
190 if (count($otpStatusList) != 4) {
191 $otpStatus->DeleteList();
192
193 $otpStatus->code = "ACTIVE"; $otpStatus->name = "Active"; $otpStatus->description = "Active"; $otpStatus->SaveNew();
194 $otpStatus->code = "REQUESTED"; $otpStatus->name = "Requested"; $otpStatus->description = "Requested";$otpStatus->SaveNew();
195 $otpStatus->code = "USED"; $otpStatus->name = "Used"; $otpStatus->description = "Used"; $otpStatus->SaveNew();
196 $otpStatus->code = "DISABLED"; $otpStatus->name = "Disabled"; $otpStatus->description = "Disabled";$otpStatus->SaveNew();
197 }
198}
199
200//-----------------------------------------------------------------------------
201
202function arrayContainsValue($array, $value) {
203 $object = NULL;
204 for ($i=0; $i<count($array); $i++) {
205 if ($array[$i] == $value) {
206 $object = $value;
207 }
208 }
209
210 return !is_null($object);
211}
212
213//-----------------------------------------------------------------------------
214
215 $result = Array();
216
217 session_start();
218
219 $method = $_POST['method'];
220
221 if (get_magic_quotes_gpc()) {
222 $parameters = json_decode(stripslashes($_POST['parameters']), true);
223 } else {
224 $parameters = json_decode($_POST['parameters'], true);
225 }
226
227 $parameters = $parameters["parameters"];
228
229 switch($method) {
230 case "registration":
231error_log("registration");
232 $message = $parameters["message"];
233
234 if ($message == "completeRegistration") {
235 $user = new user();
236
237 updateUserCredentials($parameters["credentials"], $user);
238 updateUserData($parameters["user"], $user);
239 $user->Save();
240
241 $result["lock"] = $user->lock;
242 $result["result"] = "done";
243 }
244 break;
245
246 case "handshake":
247error_log("handshake");
248 $srp_g = "2";
249 $srp_n = base2dec("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16);
250
251 $message = $parameters["message"];
252
253 //=============================================================
254 if ($message == "connect") {
255 $user= new user();
256 $_SESSION["C"] = $parameters["parameters"]["C"];
257 $_SESSION["A"] = $parameters["parameters"]["A"];
258
259 $userList = $user->GetList(array(array("username", "=", $_SESSION["C"])));
260
261 if (count($userList) == 1) {
262 $currentUser = $userList[ 0 ];
263
264 if (array_key_exists("otpId", $_SESSION)) {
265 $otp = new onetimepassword();
266 $otp = $otp->Get($_SESSION["otpId"]);
267
268 if ($otp->GetUser()->userId != $currentUser->userId) {
269 throw new Exception("User missmatch between the current session and 'One Time Password' user");
270 } else if ($otp->GetOnetimepasswordstatus()->code != "REQUESTED") {
271 throw new Exception("Tring to use an 'One Time Password' in the wrong state");
272 }
273
274 resetOTP($otp, "USED");
275 $result["oneTimePassword"] = $otp->reference;
276 }
277
278 $_SESSION["s"] = $currentUser->srp_s;
279 $_SESSION["v"] = $currentUser->srp_v;
280 $_SESSION["userId"] = $currentUser->userId;
281 } else {
282 $_SESSION["s"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00";
283 $_SESSION["v"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00";
284 }
285
286 $_SESSION["b"] = clipperz_randomSeed();
287 // $_SESSION["b"] = "5761e6c84d22ea3c5649de01702d60f674ccfe79238540eb34c61cd020230c53";
288 $_SESSION["B"] = dec2base(bcadd(base2dec($_SESSION["v"], 16), bcpowmod($srp_g, base2dec($_SESSION["b"], 16), $srp_n)), 16);
289
290 $result["s"] = $_SESSION["s"];
291 $result["B"] = $_SESSION["B"];
292
293 //=============================================================
294 } else if ($message == "credentialCheck") {
295error_log("credentialCheck");
296 $u = clipperz_hash(base2dec($_SESSION["B"],16));
297 $A = base2dec($_SESSION["A"], 16);
298 $S = bcpowmod(bcmul($A, bcpowmod(base2dec($_SESSION["v"], 16), base2dec($u, 16), $srp_n)), base2dec($_SESSION["b"], 16), $srp_n);
299 $K = clipperz_hash($S);
300 $M1 = clipperz_hash($A.base2dec($_SESSION["B"],16).$K);
301
302//$result["B"] = $_SESSION["B"];
303//$result["u"] = $u;
304//$result["A"] = $A;
305//$result["S"] = $S;
306//$result["K"] = $K;
307//$result["M1"] = $M1;
308//$result["_M1"] = $parameters["parameters"]["M1"];
309
310 if ($M1 == $parameters["parameters"]["M1"]) {
311 $_SESSION["K"] = $K;
312 $M2 = clipperz_hash($A.$M1.$K);
313
314 $result["M2"] = $M2;
315 $result["connectionId"] = "";
316 $result["loginInfo"] = array();
317 $result["loginInfo"]["latest"] = array();
318 $result["loginInfo"]["current"] = array();
319 $result["offlineCopyNeeded"] = "false";
320 $result["lock"] = "----";
321 } else {
322 $result["error"] = "?";
323 }
324 //=============================================================
325 } else if ($message == "oneTimePassword") {
326error_log("oneTimePassword");
327//{
328 //"message":"oneTimePassword",
329 //"version":"0.2",
330 //"parameters":{
331 // "oneTimePasswordKey":"06dfa7f428081f8b2af98b0895e14e18af90b0ef2ff32828e55cc2ac6b24d29b",
332 // "oneTimePasswordKeyChecksum":"60bcba3f72e56f6bb3f0ff88509b9a0e5ec730dfa71daa4c1e892dbd1b0c360d"
333 //}
334//}
335 $otp = new onetimepassword();
336 $otpList = $otp->GetList(array(array("key", "=", $parameters["parameters"]["oneTimePasswordKey"])));
337
338 if (count($otpList) == 1) {
339 $currentOtp = $otpList[0];
340
341 if ($currentOtp->GetOnetimepasswordstatus()->code == "ACTIVE") {
342 if ($currentOtp->key_checksum == $parameters["parameters"]["oneTimePasswordKeyChecksum"]) {
343 $_SESSION["userId"] = $currentOtp->GetUser()->userId;
344 $_SESSION["otpId"]= $currentOtp->onetimepasswordId;
345
346 $result["data"] = $currentOtp->data;
347 $result["version"] = $currentOtp->version;
348
349 resetOTP($currentOtp, "REQUESTED");
350 } else {
351 resetOTP($currentOtp, "DISABLED");
352 throw new Exception("The requested One Time Password has been disabled, due to a wrong keyChecksum");
353 }
354 } else {
355 throw new Exception("The requested One Time Password was not active");
356 }
357 } else {
358 throw new Exception("The requested One Time Password has not been found");
359 }
360
361 //=============================================================
362 }
363
364 break;
365
366 case "message":
367error_log("message");
368 if ($parameters["srpSharedSecret"] == $_SESSION["K"]) {
369 $message = $parameters["message"];
370
371 //=============================================================
372 if ($message == "getUserDetails") {
373//{"message":"getUserDetails", "srpSharedSecret":"f18e5cf7c3a83b67d4db9444af813ee48c13daf4f8f6635397d593e52ba89a08", "parameters":{}}
374 $user = new user();
375 $user = $user->Get($_SESSION["userId"]);
376
377 $result["header"] = $user->header;
378 $result["statistics"] =$user->statistics;
379 $result["version"] =$user->version;
380
381 //=============================================================
382 } else if ($message == "addNewRecords") {
383/*
384//{
385 //"message":"addNewRecords",
386 //"srpSharedSecret":"b58fdf62acebbcb67f63d28c0437f166069f45690c648cd4376a792ae7a325f7",
387 //"parameters":{
388 // "records":[
389 // {
390 // "record":{
391 // "reference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610",
392 // "data":"OBSGtcb6blXq/xaYG.....4EqlQqgAvITN",
393 // "version":"0.3"
394 // },
395 // "currentRecordVersion":{
396 // "reference":"83ad301525c18f2afd72b6ac82c0a713382e1ef70ac69935ca7e2869dd4ff980",
397 // "recordReference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610",
398 // "data":"NXJ5jiZhkd0CMiwwntAq....1TjjF+SGfE=",
399 // "version":"0.3",
400 // "previousVersion":"3e174a86afc322271d8af28bc062b0f1bfd7344fad01212cd08b2757c4b199c4",
401 // "previousVersionKey":"kozaaGCzXWr71LbOKu6Z3nz520V..5U85tSBvb+u44twttv54Kw=="
402 // }
403 // }
404 // ],
405 // "user":{
406 // "header":"{\"reco...ersion\":\"0.1\"}",
407 // "statistics":"rKI6nR6iqggygQJ3SQ58bFUX",
408 // "version":"0.3",
409 // "lock":"----"
410 // }
411 //}
412//}
413*/
414 $user = new user();
415 $record = new record();
416 $recordVersion = new recordversion();
417
418 $user = $user->Get($_SESSION["userId"]);
419 updateUserData($parameters["parameters"]["user"], $user);
420
421 $recordParameterList = $parameters["parameters"]["records"];
422 $c = count($recordParameterList);
423 for ($i=0; $i<$c; $i++) {
424 updateRecordData($recordParameterList[$i], $record, $recordVersion);
425
426 $record->SaveNew();
427 $recordVersion->SaveNew();
428
429 $record->AddRecordversion($recordVersion);
430 $user->AddRecord($record);
431
432 $record->Save();
433 $recordVersion->Save();
434 }
435
436 $user->Save();
437
438 $result["lock"] = $user->lock;
439 $result["result"] = "done";
440
441 //=============================================================
442 } else if ($message == "getRecordDetail") {
443//{
444 //"message":"getRecordDetail",
445 //"srpSharedSecret":"4c00dcb66a9f2aea41a87e4707c526874e2eb29cc72d2c7086837e53d6bf2dfe",
446 //"parameters":{
447 // "reference":"740009737139a189cfa2b1019a6271aaa39467b59e259706564b642ff3838d50"
448 //}
449//}
450//
451 //result = {
452 // currentVersion:{
453 // reference:"88943d709c3ea2442d4f58eaaec6409276037e5a37e0a6d167b9dad9e947e854",
454 // accessDate:"Wed, 13 February 2008 14:25:12 UTC",
455 // creationDate:"Tue, 17 April 2007 17:17:52 UTC",
456 // version:"0.2",
457 // data:"xI3WXddQLFtL......EGyKnnAVik",
458 // updateDate:"Tue, 17 April 2007 17:17:52 UTC",
459 // header:"####"
460 // }
461 // reference:"13a5e52976337ab210903cd04872588e1b21fb72bc183e91aa25c494b8138551",
462 // oldestUsedEncryptedVersion:"0.2",
463 // accessDate:"Wed, 13 February 2008 14:25:12 UTC",
464 // creationDate:"Wed, 14 March 2007 13:53:11 UTC",
465 // version:"0.2",
466 // updatedDate:"Tue, 17 April 2007 17:17:52 UTC",
467 // data:"0/BjzyY6jeh71h...pAw2++NEyylGhMC5C5f5m8pBApYziN84s4O3JQ3khW/1UttQl4="
468 //}
469 $record = new record();
470
471 $recordList = $record->GetList(array(array("reference", "=", $parameters["parameters"]["reference"])));
472 $currentRecord = $recordList[0];
473 $currentRecordVersions = $currentRecord->GetRecordversionList();
474 $currentVersion = $currentRecordVersions[0];
475
476 $result["currentVersion"] = array();
477 $result["currentVersion"]["reference"] =$currentVersion->reference;
478 $result["currentVersion"]["data"] = $currentVersion->data;
479 $result["currentVersion"]["header"] = $currentVersion->header;
480 $result["currentVersion"]["version"] = $currentVersion->version;
481 $result["currentVersion"]["creationDate"] =$currentVersion->creation_date;
482 $result["currentVersion"]["updateDate"] =$currentVersion->update_date;
483 $result["currentVersion"]["accessDate"] =$currentVersion->access_date;
484
485 $result["reference"] = $currentRecord->reference;
486 $result["data"] = $currentRecord->data;
487 $result["version"] = $currentRecord->version;
488 $result["creationDate"] =$currentRecord->creation_date;
489 $result["updateDate"] = $currentRecord->update_date;
490 $result["accessDate"] = $currentRecord->access_date;
491 $result["oldestUsedEncryptedVersion"] ="---";
492
493 //=============================================================
494 } else if ($message == "updateData") {
495//{
496 //"message":"updateData",
497 //"srpSharedSecret":"4e4aadb1d64513ec4dd42f5e8d5b2d4363de75e4424b6bcf178c9d6a246356c5",
498 //"parameters":{
499 // "records":[
500 // {
501 // "record":{
502 // "reference":"740009737139a189cfa2b1019a6271aaa39467b59e259706564b642ff3838d50",
503 // "data":"8hgR0Z+JDrUa812polDJ....JnZUKXNEqKI",
504 // "version":"0.3"
505 // },
506 // "currentRecordVersion":{
507 // "reference":"b1d82aeb9a0c4f6584bea68ba80839f43dd6ede79791549e29a1860554b144ee",
508 // "recordReference":"740009737139a189cfa2b1019a6271aaa39467b59e259706564b642ff3838d50",
509 // "data":"2d/UgKxxV+kBPV9GRUE.....VGonDoW0tqefxOJo=",
510 // "version":"0.3",
511 // "previousVersion":"55904195249037394316d3be3f5e78f08073170103bf0e7ab49a911c159cb0be",
512 // "previousVersionKey":"YWiaZeMIVHaIl96OWW+2e8....6d6nHbn6cr2NA/dbQRuC2w=="
513 // }
514 // }
515 // ],
516 // "user":{
517 // "header":"{\"rec.....sion\":\"0.1\"}",
518 // "statistics":"tt3uU9hWBy8rNnMckgCnxMJh",
519 // "version":"0.3",
520 // "lock":"----"
521 // }
522 //}
523//}
524
525 $user = new user();
526 $user = $user->Get($_SESSION["userId"]);
527 updateUserData($parameters["parameters"]["user"], $user);
528 $user->Save();
529
530 $recordParameterList = $parameters["parameters"]["records"];
531 $c = count($recordParameterList);
532 for ($i=0; $i<$c; $i++) {
533 $recordList = $user->GetRecordList(array(array("reference", "=", $recordParameterList[$i]["record"]["reference"])));
534 $currentRecord = $recordList[0];
535 $currentRecordVersions = $currentRecord->GetRecordversionList();
536 $currentVersion = $currentRecordVersions[0];
537
538 updateRecordData($recordParameterList[$i], $currentRecord, $currentVersion);
539
540
541 $currentRecord->Save();
542 $currentVersion->Save();
543 }
544
545
546 $result["lock"] = $user->lock;
547 $result["result"] = "done";
548
549 //=============================================================
550 } else if ($message == "deleteRecords") {
551//{
552 //"message":"deleteRecords",
553 //"srpSharedSecret":"4a64982f7ee366954ec50b9efea62a902a097ef111410c2aa7c4d5343bd1cdd1",
554 //"parameters":{
555 // "recordReferences":["46494c81d10b80ab190d41e6806ef63869cfcc7a0ab8fe98cc3f93de4729bb9a"],
556 // "user":{
557 // "header":"{\"rec...rsion\":\"0.1\"}",
558 // "statistics":"44kOOda0xYZjbcugJBdagBQx",
559 // "version":"0.3",
560 // "lock":"----"
561 // }
562 //}
563//}
564 $user = new user();
565 $user = $user->Get($_SESSION["userId"]);
566
567 $recordReferenceList = $parameters["parameters"]["recordReferences"];
568 $recordList = array();
569 $c = count($recordReferenceList);
570 for ($i=0; $i<$c; $i++) {
571 array_push($recordList, array("reference", "=", $recordReferenceList[$i]));
572 }
573
574 $record = new record();
575 $record->DeleteList($recordList, true);
576
577 updateUserData($parameters["parameters"]["user"], $user);
578 $user->Save();
579
580 $result["recordList"] = $recordList;
581 $result["lock"] = $user->lock;
582 $result["result"] = "done";
583
584 //=============================================================
585 } else if ($message == "deleteUser") {
586//{"message":"deleteUser", "srpSharedSecret":"e8e4ca6544dca49c95b3647d8358ad54c317048b74d2ac187ac25f719c9bac58", "parameters":{}}
587 $user = new user();
588 $user->Get($_SESSION["userId"]);
589 $user->Delete(true);
590
591 $result["result"] = "ok";
592
593 //=============================================================
594 } else if ($message == "addNewOneTimePassword") {
595//{
596 //"message":"addNewOneTimePassword",
597 //"srpSharedSecret":"96fee4af06c09ce954fe7a9f87970e943449186bebf70bac0af1d6ebb818dabb",
598 //"parameters":{
599 // "user":{
600 // "header":"{\"records\":{\"index\":{\"419ea6....rsion\":\"0.1\"}",
601 // "statistics":"rrlwNbDt83rpWT4S72upiVsC",
602 // "version":"0.3",
603 // "lock":"----"
604 // },
605 // "oneTimePassword":{
606 // "reference":"29e26f3a2aae61fe5cf58c45296c6df4f3dceafe067ea550b455be345f44123c",
607 // "key":"afb848208758361a96a298b9db08995cf036011747809357a90645bc93fdfa03",
608 // "keyChecksum":"d1599ae443b5a566bfd93c0aeec4c81b42c0506ee09874dae050449580bb3486",
609 // "data":"hsyY8DHksgR52x6c4j7XAtIUeY.....dxsr3XWt7CbGg==",
610 // "version":"0.3"
611 // }
612 //}
613//}
614
615 fixOTPStatusTable();
616
617 $user = new user();
618 $user = $user->Get($_SESSION["userId"]);
619
620 $otp = new onetimepassword();
621 updateOTP($parameters["parameters"]["oneTimePassword"], $otp, "ACTIVE");
622 $user->AddOnetimepassword($otp);
623
624 updateUserData($parameters["parameters"]["user"], $user);
625 $user->Save();
626
627 $result["lock"] = $user->lock;
628 $result["result"] = "done";
629
630 //=============================================================
631 } else if ($message == "updateOneTimePasswords") {
632//{
633 //"message":"updateOneTimePasswords",
634 //"srpSharedSecret":"c78f8ed099ea421f4dd0a4e02dbaf1f7da925f0088188d99399874ff064a3d27",
635 //"parameters":{
636 // "user":{
637 // "header":"{\"reco...sion\":\"0.1\"}",
638 // "statistics":"UeRq75RZHzDC7elzrh/+OB5d",
639 // "version":"0.3",
640 // "lock":"----"
641 // },
642 // "oneTimePasswords":["f5f44c232f239efe48ab81a6236deea1a840d52946f7d4d782dad52b4c5359ce"]
643 //}
644//}
645
646 $user = new user();
647 $user = $user->Get($_SESSION["userId"]);
648
649 $validOtpReferences = $parameters["parameters"]["oneTimePasswords"];
650
651 $otpList = $user->GetOnetimepasswordList();
652 $c = count($otpList);
653 for ($i=0; $i<$c; $i++) {
654 $currentOtp = $otpList[$i];
655 if (arrayContainsValue($validOtpReferences, $currentOtp->reference) == false) {
656 $currentOtp->Delete();
657 }
658 }
659
660 updateUserData($parameters["parameters"]["user"], $user);
661 $user->Save();
662
663 $result["result"] = $user->lock;
664
665 //=============================================================
666 } else if ($message == "getOneTimePasswordsDetails") {
667
668 //=============================================================
669 } else if ($message == "getLoginHistory") {
670 $result["result"] = array();
671
672 //=============================================================
673 } else if ($message == "upgradeUserCredentials") {
674//{
675 //"message":"upgradeUserCredentials",
676 //"srpSharedSecret":"f1c25322e1478c8fb26063e9eef2f6fc25e0460065a31cb718f80bcff8f8a735",
677 //"parameters":{
678 // "user":{
679 // "header":"{\"reco...sion\":\"0.1\"}",
680 // "statistics":"s72Xva+w7CLgH+ihwqwXUbyu",
681 // "version":"0.3",
682 // "lock":"----"
683 // },
684 // "credentials":{
685 // "C":"57d15a8afbc1ae08103bd991d387ddfd8d26824276476fe709d754f098b6c26d",
686 // "s":"d6735fc0486f391c4f3c947928f9e61a2418e7bed2bc9b25bb43f93acc52f636",
687 // "v":"540c2ebbf941a481b6b2c9026c07fb46e8202e4408ed96864a696deb622baece",
688 // "version":"0.2"
689 // },
690 // "oneTimePasswords":{
691 // "923cdc61c4b877b263236124c44d69b459d240453a461cce8ddf7518b423ca94": "1HD6Ta0xsifEDhDwE....9WDK6tvrS6w==",
692 // "fb1573cb9497652a81688a099a524fb116e604c6fbc191cf33406eb8438efa5f": "CocN0cSxLmMRdgNF9....o3xhGUEY68Q=="
693 // }
694 //}
695//}
696
697 $user = new user();
698 $user->Get($_SESSION["userId"]);
699
700 $otp = new onetimepassword();
701
702 updateUserCredentials($parameters["parameters"]["credentials"], $user);
703 updateUserData($parameters["parameters"]["user"], $user);
704
705 $otpList = $parameters["parameters"]["oneTimePasswords"];
706 foreach($otpList as $otpReference=>$otpData) {
707 $otpList = $otp->GetList(array(array("reference", "=", $otpReference)));
708 $currentOtp = $otpList[0];
709 $currentOtp->data = $otpData;
710 $currentOtp->Save();
711 }
712
713 $user->Save();
714
715 $result["lock"] = $user->lock;
716 $result["result"] = "done";
717
718 //=============================================================
719 } else if ($message == "echo") {
720 $result["result"] = $parameters;
721 }
722
723 //=============================================================
724 } else {
725 $result["error"] = "Wrong shared secret!";
726 }
727 break;
728
729 case "logout":
730error_log("logout");
731 session_destroy();
732 break;
733
734 default:
735error_log("default");
736 $result["result"] = $parameters;
737 break;
738 }
739
740 session_write_close();
741
742 echo(json_encode($result));
743error_log("result: ".json_encode($result));
744?> \ No newline at end of file