summaryrefslogtreecommitdiff
path: root/backend
Unidiff
Diffstat (limited to 'backend') (more/less context) (ignore whitespace changes)
-rw-r--r--backend/php/src/index.php5
1 files changed, 3 insertions, 2 deletions
diff --git a/backend/php/src/index.php b/backend/php/src/index.php
index 3d23e7a..214ac01 100644
--- a/backend/php/src/index.php
+++ b/backend/php/src/index.php
@@ -282,199 +282,200 @@ error_log("handshake");
282 $_SESSION["s"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"; 282 $_SESSION["s"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00";
283 $_SESSION["v"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"; 283 $_SESSION["v"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00";
284 } 284 }
285 285
286 $_SESSION["b"] = clipperz_randomSeed(); 286 $_SESSION["b"] = clipperz_randomSeed();
287 // $_SESSION["b"] = "5761e6c84d22ea3c5649de01702d60f674ccfe79238540eb34c61cd020230c53"; 287 // $_SESSION["b"] = "5761e6c84d22ea3c5649de01702d60f674ccfe79238540eb34c61cd020230c53";
288 $_SESSION["B"] = dec2base(bcadd(base2dec($_SESSION["v"], 16), bcpowmod($srp_g, base2dec($_SESSION["b"], 16), $srp_n)), 16); 288 $_SESSION["B"] = dec2base(bcadd(base2dec($_SESSION["v"], 16), bcpowmod($srp_g, base2dec($_SESSION["b"], 16), $srp_n)), 16);
289 289
290 $result["s"] = $_SESSION["s"]; 290 $result["s"] = $_SESSION["s"];
291 $result["B"] = $_SESSION["B"]; 291 $result["B"] = $_SESSION["B"];
292 292
293 //============================================================= 293 //=============================================================
294 } else if ($message == "credentialCheck") { 294 } else if ($message == "credentialCheck") {
295error_log("credentialCheck"); 295error_log("credentialCheck");
296 $u = clipperz_hash(base2dec($_SESSION["B"],16)); 296 $u = clipperz_hash(base2dec($_SESSION["B"],16));
297 $A = base2dec($_SESSION["A"], 16); 297 $A = base2dec($_SESSION["A"], 16);
298 $S = bcpowmod(bcmul($A, bcpowmod(base2dec($_SESSION["v"], 16), base2dec($u, 16), $srp_n)), base2dec($_SESSION["b"], 16), $srp_n); 298 $S = bcpowmod(bcmul($A, bcpowmod(base2dec($_SESSION["v"], 16), base2dec($u, 16), $srp_n)), base2dec($_SESSION["b"], 16), $srp_n);
299 $K = clipperz_hash($S); 299 $K = clipperz_hash($S);
300 $M1 = clipperz_hash($A.base2dec($_SESSION["B"],16).$K); 300 $M1 = clipperz_hash($A.base2dec($_SESSION["B"],16).$K);
301 301
302//$result["B"] = $_SESSION["B"]; 302//$result["B"] = $_SESSION["B"];
303//$result["u"] = $u; 303//$result["u"] = $u;
304//$result["A"] = $A; 304//$result["A"] = $A;
305//$result["S"] = $S; 305//$result["S"] = $S;
306//$result["K"] = $K; 306//$result["K"] = $K;
307//$result["M1"] = $M1; 307//$result["M1"] = $M1;
308//$result["_M1"] = $parameters["parameters"]["M1"]; 308//$result["_M1"] = $parameters["parameters"]["M1"];
309 309
310 if ($M1 == $parameters["parameters"]["M1"]) { 310 if ($M1 == $parameters["parameters"]["M1"]) {
311 $_SESSION["K"] = $K; 311 $_SESSION["K"] = $K;
312 $M2 = clipperz_hash($A.$M1.$K); 312 $M2 = clipperz_hash($A.$M1.$K);
313 313
314 $result["M2"] = $M2; 314 $result["M2"] = $M2;
315 $result["connectionId"] = ""; 315 $result["connectionId"] = "";
316 $result["loginInfo"] = array(); 316 $result["loginInfo"] = array();
317 $result["loginInfo"]["latest"] = array(); 317 $result["loginInfo"]["latest"] = array();
318 $result["loginInfo"]["current"] = array(); 318 $result["loginInfo"]["current"] = array();
319 $result["offlineCopyNeeded"] = "false"; 319 $result["offlineCopyNeeded"] = "false";
320 $result["lock"] = "----"; 320 $result["lock"] = "----";
321 } else { 321 } else {
322 $result["error"] = "?"; 322 $result["error"] = "?";
323 } 323 }
324 //============================================================= 324 //=============================================================
325 } else if ($message == "oneTimePassword") { 325 } else if ($message == "oneTimePassword") {
326error_log("oneTimePassword"); 326error_log("oneTimePassword");
327//{ 327//{
328 //"message":"oneTimePassword", 328 //"message":"oneTimePassword",
329 //"version":"0.2", 329 //"version":"0.2",
330 //"parameters":{ 330 //"parameters":{
331 // "oneTimePasswordKey":"06dfa7f428081f8b2af98b0895e14e18af90b0ef2ff32828e55cc2ac6b24d29b", 331 // "oneTimePasswordKey":"06dfa7f428081f8b2af98b0895e14e18af90b0ef2ff32828e55cc2ac6b24d29b",
332 // "oneTimePasswordKeyChecksum":"60bcba3f72e56f6bb3f0ff88509b9a0e5ec730dfa71daa4c1e892dbd1b0c360d" 332 // "oneTimePasswordKeyChecksum":"60bcba3f72e56f6bb3f0ff88509b9a0e5ec730dfa71daa4c1e892dbd1b0c360d"
333 //} 333 //}
334//} 334//}
335 $otp = new onetimepassword(); 335 $otp = new onetimepassword();
336 $otpList = $otp->GetList(array(array("key", "=", $parameters["parameters"]["oneTimePasswordKey"]))); 336 $otpList = $otp->GetList(array(array("key", "=", $parameters["parameters"]["oneTimePasswordKey"])));
337 337
338 if (count($otpList) == 1) { 338 if (count($otpList) == 1) {
339 $currentOtp = $otpList[0]; 339 $currentOtp = $otpList[0];
340 340
341 if ($currentOtp->GetOnetimepasswordstatus()->code == "ACTIVE") { 341 if ($currentOtp->GetOnetimepasswordstatus()->code == "ACTIVE") {
342 if ($currentOtp->key_checksum == $parameters["parameters"]["oneTimePasswordKeyChecksum"]) { 342 if ($currentOtp->key_checksum == $parameters["parameters"]["oneTimePasswordKeyChecksum"]) {
343 $_SESSION["userId"] = $currentOtp->GetUser()->userId; 343 $_SESSION["userId"] = $currentOtp->GetUser()->userId;
344 $_SESSION["otpId"]= $currentOtp->onetimepasswordId; 344 $_SESSION["otpId"]= $currentOtp->onetimepasswordId;
345 345
346 $result["data"] = $currentOtp->data; 346 $result["data"] = $currentOtp->data;
347 $result["version"] = $currentOtp->version; 347 $result["version"] = $currentOtp->version;
348 348
349 resetOTP($currentOtp, "REQUESTED"); 349 resetOTP($currentOtp, "REQUESTED");
350 } else { 350 } else {
351 resetOTP($currentOtp, "DISABLED"); 351 resetOTP($currentOtp, "DISABLED");
352 throw new Exception("The requested One Time Password has been disabled, due to a wrong keyChecksum"); 352 throw new Exception("The requested One Time Password has been disabled, due to a wrong keyChecksum");
353 } 353 }
354 } else { 354 } else {
355 throw new Exception("The requested One Time Password was not active"); 355 throw new Exception("The requested One Time Password was not active");
356 } 356 }
357 } else { 357 } else {
358 throw new Exception("The requested One Time Password has not been found"); 358 throw new Exception("The requested One Time Password has not been found");
359 } 359 }
360 360
361 //============================================================= 361 //=============================================================
362 } 362 }
363 363
364 break; 364 break;
365 365
366 case "message": 366 case "message":
367error_log("message"); 367error_log("message");
368 if ($parameters["srpSharedSecret"] == $_SESSION["K"]) { 368 if ($parameters["srpSharedSecret"] == $_SESSION["K"]) {
369 $message = $parameters["message"]; 369 $message = $parameters["message"];
370 370
371 //============================================================= 371 //=============================================================
372 if ($message == "getUserDetails") { 372 if ($message == "getUserDetails") {
373//{"message":"getUserDetails", "srpSharedSecret":"f18e5cf7c3a83b67d4db9444af813ee48c13daf4f8f6635397d593e52ba89a08", "parameters":{}} 373//{"message":"getUserDetails", "srpSharedSecret":"f18e5cf7c3a83b67d4db9444af813ee48c13daf4f8f6635397d593e52ba89a08", "parameters":{}}
374 $user = new user(); 374 $user = new user();
375 $user = $user->Get($_SESSION["userId"]); 375 $user = $user->Get($_SESSION["userId"]);
376 376
377 $result["header"] = $user->header; 377 $result["header"] = $user->header;
378
378 $records = $user->GetRecordList(); 379 $records = $user->GetRecordList();
379 foreach ($records as $record) 380 foreach ($records as $record) {
380 {
381 $recordStats["updateDate"] = $record->update_date; 381 $recordStats["updateDate"] = $record->update_date;
382 $recordsStats[$record->reference] = $recordStats; 382 $recordsStats[$record->reference] = $recordStats;
383 } 383 }
384 $result["recordsStats"] = $recordsStats; 384 $result["recordsStats"] = $recordsStats;
385
385 $result["statistics"] =$user->statistics; 386 $result["statistics"] =$user->statistics;
386 $result["version"] =$user->version; 387 $result["version"] =$user->version;
387 388
388 //============================================================= 389 //=============================================================
389 } else if ($message == "addNewRecords") { 390 } else if ($message == "addNewRecords") {
390/* 391/*
391//{ 392//{
392 //"message":"addNewRecords", 393 //"message":"addNewRecords",
393 //"srpSharedSecret":"b58fdf62acebbcb67f63d28c0437f166069f45690c648cd4376a792ae7a325f7", 394 //"srpSharedSecret":"b58fdf62acebbcb67f63d28c0437f166069f45690c648cd4376a792ae7a325f7",
394 //"parameters":{ 395 //"parameters":{
395 // "records":[ 396 // "records":[
396 // { 397 // {
397 // "record":{ 398 // "record":{
398 // "reference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610", 399 // "reference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610",
399 // "data":"OBSGtcb6blXq/xaYG.....4EqlQqgAvITN", 400 // "data":"OBSGtcb6blXq/xaYG.....4EqlQqgAvITN",
400 // "version":"0.3" 401 // "version":"0.3"
401 // }, 402 // },
402 // "currentRecordVersion":{ 403 // "currentRecordVersion":{
403 // "reference":"83ad301525c18f2afd72b6ac82c0a713382e1ef70ac69935ca7e2869dd4ff980", 404 // "reference":"83ad301525c18f2afd72b6ac82c0a713382e1ef70ac69935ca7e2869dd4ff980",
404 // "recordReference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610", 405 // "recordReference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610",
405 // "data":"NXJ5jiZhkd0CMiwwntAq....1TjjF+SGfE=", 406 // "data":"NXJ5jiZhkd0CMiwwntAq....1TjjF+SGfE=",
406 // "version":"0.3", 407 // "version":"0.3",
407 // "previousVersion":"3e174a86afc322271d8af28bc062b0f1bfd7344fad01212cd08b2757c4b199c4", 408 // "previousVersion":"3e174a86afc322271d8af28bc062b0f1bfd7344fad01212cd08b2757c4b199c4",
408 // "previousVersionKey":"kozaaGCzXWr71LbOKu6Z3nz520V..5U85tSBvb+u44twttv54Kw==" 409 // "previousVersionKey":"kozaaGCzXWr71LbOKu6Z3nz520V..5U85tSBvb+u44twttv54Kw=="
409 // } 410 // }
410 // } 411 // }
411 // ], 412 // ],
412 // "user":{ 413 // "user":{
413 // "header":"{\"reco...ersion\":\"0.1\"}", 414 // "header":"{\"reco...ersion\":\"0.1\"}",
414 // "statistics":"rKI6nR6iqggygQJ3SQ58bFUX", 415 // "statistics":"rKI6nR6iqggygQJ3SQ58bFUX",
415 // "version":"0.3", 416 // "version":"0.3",
416 // "lock":"----" 417 // "lock":"----"
417 // } 418 // }
418 //} 419 //}
419//} 420//}
420*/ 421*/
421 $user = new user(); 422 $user = new user();
422 $record = new record(); 423 $record = new record();
423 $recordVersion = new recordversion(); 424 $recordVersion = new recordversion();
424 425
425 $user = $user->Get($_SESSION["userId"]); 426 $user = $user->Get($_SESSION["userId"]);
426 updateUserData($parameters["parameters"]["user"], $user); 427 updateUserData($parameters["parameters"]["user"], $user);
427 428
428 $recordParameterList = $parameters["parameters"]["records"]; 429 $recordParameterList = $parameters["parameters"]["records"];
429 $c = count($recordParameterList); 430 $c = count($recordParameterList);
430 for ($i=0; $i<$c; $i++) { 431 for ($i=0; $i<$c; $i++) {
431 updateRecordData($recordParameterList[$i], $record, $recordVersion); 432 updateRecordData($recordParameterList[$i], $record, $recordVersion);
432 433
433 $record->SaveNew(); 434 $record->SaveNew();
434 $recordVersion->SaveNew(); 435 $recordVersion->SaveNew();
435 436
436 $record->AddRecordversion($recordVersion); 437 $record->AddRecordversion($recordVersion);
437 $user->AddRecord($record); 438 $user->AddRecord($record);
438 439
439 $record->Save(); 440 $record->Save();
440 $recordVersion->Save(); 441 $recordVersion->Save();
441 } 442 }
442 443
443 $user->Save(); 444 $user->Save();
444 445
445 $result["lock"] = $user->lock; 446 $result["lock"] = $user->lock;
446 $result["result"] = "done"; 447 $result["result"] = "done";
447 448
448 //============================================================= 449 //=============================================================
449 } else if ($message == "getRecordDetail") { 450 } else if ($message == "getRecordDetail") {
450//{ 451//{
451 //"message":"getRecordDetail", 452 //"message":"getRecordDetail",
452 //"srpSharedSecret":"4c00dcb66a9f2aea41a87e4707c526874e2eb29cc72d2c7086837e53d6bf2dfe", 453 //"srpSharedSecret":"4c00dcb66a9f2aea41a87e4707c526874e2eb29cc72d2c7086837e53d6bf2dfe",
453 //"parameters":{ 454 //"parameters":{
454 // "reference":"740009737139a189cfa2b1019a6271aaa39467b59e259706564b642ff3838d50" 455 // "reference":"740009737139a189cfa2b1019a6271aaa39467b59e259706564b642ff3838d50"
455 //} 456 //}
456//} 457//}
457// 458//
458 //result = { 459 //result = {
459 // currentVersion:{ 460 // currentVersion:{
460 // reference:"88943d709c3ea2442d4f58eaaec6409276037e5a37e0a6d167b9dad9e947e854", 461 // reference:"88943d709c3ea2442d4f58eaaec6409276037e5a37e0a6d167b9dad9e947e854",
461 // accessDate:"Wed, 13 February 2008 14:25:12 UTC", 462 // accessDate:"Wed, 13 February 2008 14:25:12 UTC",
462 // creationDate:"Tue, 17 April 2007 17:17:52 UTC", 463 // creationDate:"Tue, 17 April 2007 17:17:52 UTC",
463 // version:"0.2", 464 // version:"0.2",
464 // data:"xI3WXddQLFtL......EGyKnnAVik", 465 // data:"xI3WXddQLFtL......EGyKnnAVik",
465 // updateDate:"Tue, 17 April 2007 17:17:52 UTC", 466 // updateDate:"Tue, 17 April 2007 17:17:52 UTC",
466 // header:"####" 467 // header:"####"
467 // } 468 // }
468 // reference:"13a5e52976337ab210903cd04872588e1b21fb72bc183e91aa25c494b8138551", 469 // reference:"13a5e52976337ab210903cd04872588e1b21fb72bc183e91aa25c494b8138551",
469 // oldestUsedEncryptedVersion:"0.2", 470 // oldestUsedEncryptedVersion:"0.2",
470 // accessDate:"Wed, 13 February 2008 14:25:12 UTC", 471 // accessDate:"Wed, 13 February 2008 14:25:12 UTC",
471 // creationDate:"Wed, 14 March 2007 13:53:11 UTC", 472 // creationDate:"Wed, 14 March 2007 13:53:11 UTC",
472 // version:"0.2", 473 // version:"0.2",
473 // updatedDate:"Tue, 17 April 2007 17:17:52 UTC", 474 // updatedDate:"Tue, 17 April 2007 17:17:52 UTC",
474 // data:"0/BjzyY6jeh71h...pAw2++NEyylGhMC5C5f5m8pBApYziN84s4O3JQ3khW/1UttQl4=" 475 // data:"0/BjzyY6jeh71h...pAw2++NEyylGhMC5C5f5m8pBApYziN84s4O3JQ3khW/1UttQl4="
475 //} 476 //}
476 $record = new record(); 477 $record = new record();
477 478
478 $recordList = $record->GetList(array(array("reference", "=", $parameters["parameters"]["reference"]))); 479 $recordList = $record->GetList(array(array("reference", "=", $parameters["parameters"]["reference"])));
479 $currentRecord = $recordList[0]; 480 $currentRecord = $recordList[0];
480 $currentRecordVersions = $currentRecord->GetRecordversionList(); 481 $currentRecordVersions = $currentRecord->GetRecordversionList();