-rw-r--r-- | backend/php/src/index.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/backend/php/src/index.php b/backend/php/src/index.php index 3d23e7a..214ac01 100644 --- a/backend/php/src/index.php +++ b/backend/php/src/index.php | |||
@@ -282,199 +282,200 @@ error_log("handshake"); | |||
282 | $_SESSION["s"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"; | 282 | $_SESSION["s"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"; |
283 | $_SESSION["v"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"; | 283 | $_SESSION["v"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00"; |
284 | } | 284 | } |
285 | 285 | ||
286 | $_SESSION["b"] = clipperz_randomSeed(); | 286 | $_SESSION["b"] = clipperz_randomSeed(); |
287 | // $_SESSION["b"] = "5761e6c84d22ea3c5649de01702d60f674ccfe79238540eb34c61cd020230c53"; | 287 | // $_SESSION["b"] = "5761e6c84d22ea3c5649de01702d60f674ccfe79238540eb34c61cd020230c53"; |
288 | $_SESSION["B"] = dec2base(bcadd(base2dec($_SESSION["v"], 16), bcpowmod($srp_g, base2dec($_SESSION["b"], 16), $srp_n)), 16); | 288 | $_SESSION["B"] = dec2base(bcadd(base2dec($_SESSION["v"], 16), bcpowmod($srp_g, base2dec($_SESSION["b"], 16), $srp_n)), 16); |
289 | 289 | ||
290 | $result["s"] = $_SESSION["s"]; | 290 | $result["s"] = $_SESSION["s"]; |
291 | $result["B"] = $_SESSION["B"]; | 291 | $result["B"] = $_SESSION["B"]; |
292 | 292 | ||
293 | //============================================================= | 293 | //============================================================= |
294 | } else if ($message == "credentialCheck") { | 294 | } else if ($message == "credentialCheck") { |
295 | error_log("credentialCheck"); | 295 | error_log("credentialCheck"); |
296 | $u = clipperz_hash(base2dec($_SESSION["B"],16)); | 296 | $u = clipperz_hash(base2dec($_SESSION["B"],16)); |
297 | $A = base2dec($_SESSION["A"], 16); | 297 | $A = base2dec($_SESSION["A"], 16); |
298 | $S = bcpowmod(bcmul($A, bcpowmod(base2dec($_SESSION["v"], 16), base2dec($u, 16), $srp_n)), base2dec($_SESSION["b"], 16), $srp_n); | 298 | $S = bcpowmod(bcmul($A, bcpowmod(base2dec($_SESSION["v"], 16), base2dec($u, 16), $srp_n)), base2dec($_SESSION["b"], 16), $srp_n); |
299 | $K = clipperz_hash($S); | 299 | $K = clipperz_hash($S); |
300 | $M1 = clipperz_hash($A.base2dec($_SESSION["B"],16).$K); | 300 | $M1 = clipperz_hash($A.base2dec($_SESSION["B"],16).$K); |
301 | 301 | ||
302 | //$result["B"] = $_SESSION["B"]; | 302 | //$result["B"] = $_SESSION["B"]; |
303 | //$result["u"] = $u; | 303 | //$result["u"] = $u; |
304 | //$result["A"] = $A; | 304 | //$result["A"] = $A; |
305 | //$result["S"] = $S; | 305 | //$result["S"] = $S; |
306 | //$result["K"] = $K; | 306 | //$result["K"] = $K; |
307 | //$result["M1"] = $M1; | 307 | //$result["M1"] = $M1; |
308 | //$result["_M1"] = $parameters["parameters"]["M1"]; | 308 | //$result["_M1"] = $parameters["parameters"]["M1"]; |
309 | 309 | ||
310 | if ($M1 == $parameters["parameters"]["M1"]) { | 310 | if ($M1 == $parameters["parameters"]["M1"]) { |
311 | $_SESSION["K"] = $K; | 311 | $_SESSION["K"] = $K; |
312 | $M2 = clipperz_hash($A.$M1.$K); | 312 | $M2 = clipperz_hash($A.$M1.$K); |
313 | 313 | ||
314 | $result["M2"] = $M2; | 314 | $result["M2"] = $M2; |
315 | $result["connectionId"] = ""; | 315 | $result["connectionId"] = ""; |
316 | $result["loginInfo"] = array(); | 316 | $result["loginInfo"] = array(); |
317 | $result["loginInfo"]["latest"] = array(); | 317 | $result["loginInfo"]["latest"] = array(); |
318 | $result["loginInfo"]["current"] = array(); | 318 | $result["loginInfo"]["current"] = array(); |
319 | $result["offlineCopyNeeded"] = "false"; | 319 | $result["offlineCopyNeeded"] = "false"; |
320 | $result["lock"] = "----"; | 320 | $result["lock"] = "----"; |
321 | } else { | 321 | } else { |
322 | $result["error"] = "?"; | 322 | $result["error"] = "?"; |
323 | } | 323 | } |
324 | //============================================================= | 324 | //============================================================= |
325 | } else if ($message == "oneTimePassword") { | 325 | } else if ($message == "oneTimePassword") { |
326 | error_log("oneTimePassword"); | 326 | error_log("oneTimePassword"); |
327 | //{ | 327 | //{ |
328 | //"message":"oneTimePassword", | 328 | //"message":"oneTimePassword", |
329 | //"version":"0.2", | 329 | //"version":"0.2", |
330 | //"parameters":{ | 330 | //"parameters":{ |
331 | // "oneTimePasswordKey":"06dfa7f428081f8b2af98b0895e14e18af90b0ef2ff32828e55cc2ac6b24d29b", | 331 | // "oneTimePasswordKey":"06dfa7f428081f8b2af98b0895e14e18af90b0ef2ff32828e55cc2ac6b24d29b", |
332 | // "oneTimePasswordKeyChecksum":"60bcba3f72e56f6bb3f0ff88509b9a0e5ec730dfa71daa4c1e892dbd1b0c360d" | 332 | // "oneTimePasswordKeyChecksum":"60bcba3f72e56f6bb3f0ff88509b9a0e5ec730dfa71daa4c1e892dbd1b0c360d" |
333 | //} | 333 | //} |
334 | //} | 334 | //} |
335 | $otp = new onetimepassword(); | 335 | $otp = new onetimepassword(); |
336 | $otpList = $otp->GetList(array(array("key", "=", $parameters["parameters"]["oneTimePasswordKey"]))); | 336 | $otpList = $otp->GetList(array(array("key", "=", $parameters["parameters"]["oneTimePasswordKey"]))); |
337 | 337 | ||
338 | if (count($otpList) == 1) { | 338 | if (count($otpList) == 1) { |
339 | $currentOtp = $otpList[0]; | 339 | $currentOtp = $otpList[0]; |
340 | 340 | ||
341 | if ($currentOtp->GetOnetimepasswordstatus()->code == "ACTIVE") { | 341 | if ($currentOtp->GetOnetimepasswordstatus()->code == "ACTIVE") { |
342 | if ($currentOtp->key_checksum == $parameters["parameters"]["oneTimePasswordKeyChecksum"]) { | 342 | if ($currentOtp->key_checksum == $parameters["parameters"]["oneTimePasswordKeyChecksum"]) { |
343 | $_SESSION["userId"] = $currentOtp->GetUser()->userId; | 343 | $_SESSION["userId"] = $currentOtp->GetUser()->userId; |
344 | $_SESSION["otpId"]= $currentOtp->onetimepasswordId; | 344 | $_SESSION["otpId"]= $currentOtp->onetimepasswordId; |
345 | 345 | ||
346 | $result["data"] = $currentOtp->data; | 346 | $result["data"] = $currentOtp->data; |
347 | $result["version"] = $currentOtp->version; | 347 | $result["version"] = $currentOtp->version; |
348 | 348 | ||
349 | resetOTP($currentOtp, "REQUESTED"); | 349 | resetOTP($currentOtp, "REQUESTED"); |
350 | } else { | 350 | } else { |
351 | resetOTP($currentOtp, "DISABLED"); | 351 | resetOTP($currentOtp, "DISABLED"); |
352 | throw new Exception("The requested One Time Password has been disabled, due to a wrong keyChecksum"); | 352 | throw new Exception("The requested One Time Password has been disabled, due to a wrong keyChecksum"); |
353 | } | 353 | } |
354 | } else { | 354 | } else { |
355 | throw new Exception("The requested One Time Password was not active"); | 355 | throw new Exception("The requested One Time Password was not active"); |
356 | } | 356 | } |
357 | } else { | 357 | } else { |
358 | throw new Exception("The requested One Time Password has not been found"); | 358 | throw new Exception("The requested One Time Password has not been found"); |
359 | } | 359 | } |
360 | 360 | ||
361 | //============================================================= | 361 | //============================================================= |
362 | } | 362 | } |
363 | 363 | ||
364 | break; | 364 | break; |
365 | 365 | ||
366 | case "message": | 366 | case "message": |
367 | error_log("message"); | 367 | error_log("message"); |
368 | if ($parameters["srpSharedSecret"] == $_SESSION["K"]) { | 368 | if ($parameters["srpSharedSecret"] == $_SESSION["K"]) { |
369 | $message = $parameters["message"]; | 369 | $message = $parameters["message"]; |
370 | 370 | ||
371 | //============================================================= | 371 | //============================================================= |
372 | if ($message == "getUserDetails") { | 372 | if ($message == "getUserDetails") { |
373 | //{"message":"getUserDetails", "srpSharedSecret":"f18e5cf7c3a83b67d4db9444af813ee48c13daf4f8f6635397d593e52ba89a08", "parameters":{}} | 373 | //{"message":"getUserDetails", "srpSharedSecret":"f18e5cf7c3a83b67d4db9444af813ee48c13daf4f8f6635397d593e52ba89a08", "parameters":{}} |
374 | $user = new user(); | 374 | $user = new user(); |
375 | $user = $user->Get($_SESSION["userId"]); | 375 | $user = $user->Get($_SESSION["userId"]); |
376 | 376 | ||
377 | $result["header"] = $user->header; | 377 | $result["header"] = $user->header; |
378 | |||
378 | $records = $user->GetRecordList(); | 379 | $records = $user->GetRecordList(); |
379 | foreach ($records as $record) | 380 | foreach ($records as $record) { |
380 | { | ||
381 | $recordStats["updateDate"] = $record->update_date; | 381 | $recordStats["updateDate"] = $record->update_date; |
382 | $recordsStats[$record->reference] = $recordStats; | 382 | $recordsStats[$record->reference] = $recordStats; |
383 | } | 383 | } |
384 | $result["recordsStats"] = $recordsStats; | 384 | $result["recordsStats"] = $recordsStats; |
385 | |||
385 | $result["statistics"] =$user->statistics; | 386 | $result["statistics"] =$user->statistics; |
386 | $result["version"] =$user->version; | 387 | $result["version"] =$user->version; |
387 | 388 | ||
388 | //============================================================= | 389 | //============================================================= |
389 | } else if ($message == "addNewRecords") { | 390 | } else if ($message == "addNewRecords") { |
390 | /* | 391 | /* |
391 | //{ | 392 | //{ |
392 | //"message":"addNewRecords", | 393 | //"message":"addNewRecords", |
393 | //"srpSharedSecret":"b58fdf62acebbcb67f63d28c0437f166069f45690c648cd4376a792ae7a325f7", | 394 | //"srpSharedSecret":"b58fdf62acebbcb67f63d28c0437f166069f45690c648cd4376a792ae7a325f7", |
394 | //"parameters":{ | 395 | //"parameters":{ |
395 | // "records":[ | 396 | // "records":[ |
396 | // { | 397 | // { |
397 | // "record":{ | 398 | // "record":{ |
398 | // "reference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610", | 399 | // "reference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610", |
399 | // "data":"OBSGtcb6blXq/xaYG.....4EqlQqgAvITN", | 400 | // "data":"OBSGtcb6blXq/xaYG.....4EqlQqgAvITN", |
400 | // "version":"0.3" | 401 | // "version":"0.3" |
401 | // }, | 402 | // }, |
402 | // "currentRecordVersion":{ | 403 | // "currentRecordVersion":{ |
403 | // "reference":"83ad301525c18f2afd72b6ac82c0a713382e1ef70ac69935ca7e2869dd4ff980", | 404 | // "reference":"83ad301525c18f2afd72b6ac82c0a713382e1ef70ac69935ca7e2869dd4ff980", |
404 | // "recordReference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610", | 405 | // "recordReference":"fda703707fee1fff42443124cd0e705f5bea0ac601758d81b2e832705339a610", |
405 | // "data":"NXJ5jiZhkd0CMiwwntAq....1TjjF+SGfE=", | 406 | // "data":"NXJ5jiZhkd0CMiwwntAq....1TjjF+SGfE=", |
406 | // "version":"0.3", | 407 | // "version":"0.3", |
407 | // "previousVersion":"3e174a86afc322271d8af28bc062b0f1bfd7344fad01212cd08b2757c4b199c4", | 408 | // "previousVersion":"3e174a86afc322271d8af28bc062b0f1bfd7344fad01212cd08b2757c4b199c4", |
408 | // "previousVersionKey":"kozaaGCzXWr71LbOKu6Z3nz520V..5U85tSBvb+u44twttv54Kw==" | 409 | // "previousVersionKey":"kozaaGCzXWr71LbOKu6Z3nz520V..5U85tSBvb+u44twttv54Kw==" |
409 | // } | 410 | // } |
410 | // } | 411 | // } |
411 | // ], | 412 | // ], |
412 | // "user":{ | 413 | // "user":{ |
413 | // "header":"{\"reco...ersion\":\"0.1\"}", | 414 | // "header":"{\"reco...ersion\":\"0.1\"}", |
414 | // "statistics":"rKI6nR6iqggygQJ3SQ58bFUX", | 415 | // "statistics":"rKI6nR6iqggygQJ3SQ58bFUX", |
415 | // "version":"0.3", | 416 | // "version":"0.3", |
416 | // "lock":"----" | 417 | // "lock":"----" |
417 | // } | 418 | // } |
418 | //} | 419 | //} |
419 | //} | 420 | //} |
420 | */ | 421 | */ |
421 | $user = new user(); | 422 | $user = new user(); |
422 | $record = new record(); | 423 | $record = new record(); |
423 | $recordVersion = new recordversion(); | 424 | $recordVersion = new recordversion(); |
424 | 425 | ||
425 | $user = $user->Get($_SESSION["userId"]); | 426 | $user = $user->Get($_SESSION["userId"]); |
426 | updateUserData($parameters["parameters"]["user"], $user); | 427 | updateUserData($parameters["parameters"]["user"], $user); |
427 | 428 | ||
428 | $recordParameterList = $parameters["parameters"]["records"]; | 429 | $recordParameterList = $parameters["parameters"]["records"]; |
429 | $c = count($recordParameterList); | 430 | $c = count($recordParameterList); |
430 | for ($i=0; $i<$c; $i++) { | 431 | for ($i=0; $i<$c; $i++) { |
431 | updateRecordData($recordParameterList[$i], $record, $recordVersion); | 432 | updateRecordData($recordParameterList[$i], $record, $recordVersion); |
432 | 433 | ||
433 | $record->SaveNew(); | 434 | $record->SaveNew(); |
434 | $recordVersion->SaveNew(); | 435 | $recordVersion->SaveNew(); |
435 | 436 | ||
436 | $record->AddRecordversion($recordVersion); | 437 | $record->AddRecordversion($recordVersion); |
437 | $user->AddRecord($record); | 438 | $user->AddRecord($record); |
438 | 439 | ||
439 | $record->Save(); | 440 | $record->Save(); |
440 | $recordVersion->Save(); | 441 | $recordVersion->Save(); |
441 | } | 442 | } |
442 | 443 | ||
443 | $user->Save(); | 444 | $user->Save(); |
444 | 445 | ||
445 | $result["lock"] = $user->lock; | 446 | $result["lock"] = $user->lock; |
446 | $result["result"] = "done"; | 447 | $result["result"] = "done"; |
447 | 448 | ||
448 | //============================================================= | 449 | //============================================================= |
449 | } else if ($message == "getRecordDetail") { | 450 | } else if ($message == "getRecordDetail") { |
450 | //{ | 451 | //{ |
451 | //"message":"getRecordDetail", | 452 | //"message":"getRecordDetail", |
452 | //"srpSharedSecret":"4c00dcb66a9f2aea41a87e4707c526874e2eb29cc72d2c7086837e53d6bf2dfe", | 453 | //"srpSharedSecret":"4c00dcb66a9f2aea41a87e4707c526874e2eb29cc72d2c7086837e53d6bf2dfe", |
453 | //"parameters":{ | 454 | //"parameters":{ |
454 | // "reference":"740009737139a189cfa2b1019a6271aaa39467b59e259706564b642ff3838d50" | 455 | // "reference":"740009737139a189cfa2b1019a6271aaa39467b59e259706564b642ff3838d50" |
455 | //} | 456 | //} |
456 | //} | 457 | //} |
457 | // | 458 | // |
458 | //result = { | 459 | //result = { |
459 | // currentVersion:{ | 460 | // currentVersion:{ |
460 | // reference:"88943d709c3ea2442d4f58eaaec6409276037e5a37e0a6d167b9dad9e947e854", | 461 | // reference:"88943d709c3ea2442d4f58eaaec6409276037e5a37e0a6d167b9dad9e947e854", |
461 | // accessDate:"Wed, 13 February 2008 14:25:12 UTC", | 462 | // accessDate:"Wed, 13 February 2008 14:25:12 UTC", |
462 | // creationDate:"Tue, 17 April 2007 17:17:52 UTC", | 463 | // creationDate:"Tue, 17 April 2007 17:17:52 UTC", |
463 | // version:"0.2", | 464 | // version:"0.2", |
464 | // data:"xI3WXddQLFtL......EGyKnnAVik", | 465 | // data:"xI3WXddQLFtL......EGyKnnAVik", |
465 | // updateDate:"Tue, 17 April 2007 17:17:52 UTC", | 466 | // updateDate:"Tue, 17 April 2007 17:17:52 UTC", |
466 | // header:"####" | 467 | // header:"####" |
467 | // } | 468 | // } |
468 | // reference:"13a5e52976337ab210903cd04872588e1b21fb72bc183e91aa25c494b8138551", | 469 | // reference:"13a5e52976337ab210903cd04872588e1b21fb72bc183e91aa25c494b8138551", |
469 | // oldestUsedEncryptedVersion:"0.2", | 470 | // oldestUsedEncryptedVersion:"0.2", |
470 | // accessDate:"Wed, 13 February 2008 14:25:12 UTC", | 471 | // accessDate:"Wed, 13 February 2008 14:25:12 UTC", |
471 | // creationDate:"Wed, 14 March 2007 13:53:11 UTC", | 472 | // creationDate:"Wed, 14 March 2007 13:53:11 UTC", |
472 | // version:"0.2", | 473 | // version:"0.2", |
473 | // updatedDate:"Tue, 17 April 2007 17:17:52 UTC", | 474 | // updatedDate:"Tue, 17 April 2007 17:17:52 UTC", |
474 | // data:"0/BjzyY6jeh71h...pAw2++NEyylGhMC5C5f5m8pBApYziN84s4O3JQ3khW/1UttQl4=" | 475 | // data:"0/BjzyY6jeh71h...pAw2++NEyylGhMC5C5f5m8pBApYziN84s4O3JQ3khW/1UttQl4=" |
475 | //} | 476 | //} |
476 | $record = new record(); | 477 | $record = new record(); |
477 | 478 | ||
478 | $recordList = $record->GetList(array(array("reference", "=", $parameters["parameters"]["reference"]))); | 479 | $recordList = $record->GetList(array(array("reference", "=", $parameters["parameters"]["reference"]))); |
479 | $currentRecord = $recordList[0]; | 480 | $currentRecord = $recordList[0]; |
480 | $currentRecordVersions = $currentRecord->GetRecordversionList(); | 481 | $currentRecordVersions = $currentRecord->GetRecordversionList(); |