Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $auth = new Authenticator();
- $user = $auth->process();
- if ($user->username == "animuson") $final = "animuson@boogiewoogie";
- else $final = "{$user->username}@tronner";
- $auth->conclude("PASSWORD_OK {$final}\n", 200);
- class Authenticator {
- private $authority = "tronner.com"; // The authority domain that we should be using
- private $statusOk = true; // Should it always force HTTP status code 200 when sending the message?
- private $username; // The username being checked
- private $prefix = "arma"; // The prefix that is attached to the front of passwords
- private $suffix = "md5"; // The suffix that is attached to the end of passwords
- private $methods = array("md5" => array("prefix" => "arma", "suffix" => "md5")); // The encryption methods you support
- function __construct() {
- global $ani;
- if ($ani->i->server['http_host'] != $this->authority) $this->conclude("WRONG_HOST", 404);
- }
- public function process($query = NULL) {
- global $ani;
- if (is_null($query)) $query = strtolower($ani->i->get['query']);
- switch ($query):
- case "methods":
- $this->conclude("METHODS {$this->getMethods()}");
- break;
- case "params":
- $this->conclude($this->getParameters(strtolower($ani->i->get['method'])));
- break;
- case "check":
- return $this->checkPassword();
- break;
- default:
- $this->conclude("UNKNOWN_QUERY", 404);
- endswitch;
- }
- private function conclude($message, $status = 200) {
- if ($this->statusOk === true) $status = 200;
- header("Status: {$status}", true, $status);
- header("Content-Type: text/plain");
- die("{$message}\n");
- }
- private function substituteUser($string) { return str_replace("%u", $this->username, $string); }
- private function getMethods() { return implode(",", array_keys($this->methods)); }
- private function getParameters($method) {
- if (!array_key_exists($method, $this->methods)) $this->conclude("UNKNOWN_METHOD", 404);
- $params = array();
- if ($this->methods[$method]['prefix'] != "") $params[] = "PREFIX {$this->methods[$method]['prefix']}";
- if ($this->methods[$method]['suffix'] != "") $params[] = "SUFFIX {$this->methods[$method]['suffix']}";
- return implode("\n", $params);
- }
- private function getPassword($username, $method) {
- global $ani;
- $this->username = $username;
- // Let's not bother if it's an invalid username...
- if (preg_match("/[^a-zA-Z0-9_]/", $username) || strlen($username) < 4 || strlen($username) > 30) $this->conclude("UNKNOWN_USER", 404);
- $user = $ani->e->db->fetch($ani->e->db->query("SELECT * FROM `global_users` WHERE `username` = '{$username}'"));
- if ($user['uid'] == "") $this->conclude("UNKNOWN_USER", 404);
- $cache = new Cache("users", array($user['uid'], $username));
- $user = $cache->decode();
- switch ($method):
- case "bmd5":
- return array($user, $user->password);
- break;
- case "md5":
- return array($user, $user->tronner->password);
- break;
- default:
- $this->conclude("METHOD_NOT_IMPLEMNTED", 501);
- endswitch;
- }
- private function checkPassword() {
- global $ani;
- $info = $this->getPassword(strtolower($ani->i->get['user']), strtolower($ani->i->get['method']));
- $salt = $ani->i->get['salt'];
- $hash = $ani->i->get['hash'];
- $packedSalt = pack("H*", $salt);
- $correctPassword = pack("H*", $info[1]);
- $correctHash = md5("{$packedSalt}{$correctPassword}");
- if (strcasecmp($hash, $correctHash) === 0) return $info[0];
- else $this->conclude("PASSWORD_FAIL {$hash} / {$correctHash}", 401);
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement