Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- // Roblox Agent Data
- $roblox_token = "0";
- // Database
- $sql_server = "localhost";
- $sql_username = "roblox";
- $sql_password = "Eje%xpv%sfbmmz%uijol%j%xbt%hpjoh%up%hjwf%zpv%nz%qbttxpsc";
- $sql_databse = "roblox";
- $conn = new mysqli($sql_server, $sql_username, $sql_password, $sql_databse);
- // Table ENUMS
- $table_users = "users";
- $table_tokens = "userTokens";
- $table_2FA = "verifyRequests";
- // Prepared Statements
- $user_istatement = $conn->prepare("SELECT * FROM $table_users WHERE username='?'");
- $user_fstatement = $conn->prepare("INSERT INTO $table_users (uuid, robloxid, username, password) VALUES (?, ?, ?, ?)");
- $token_istatement = $conn->prepare("INSERT INTO $table_tokens (issued, expires, userUuid, tokenhash) VALUES (?, ?, ?, ?)");
- $token_fstatement = $conn->prepare("SELECT * FROM $table_tokens WHERE tokenhash='?'");
- $R2FA_a_istatement = $conn->prepare("INSERT INTO $table_2FA (uuid, verificationCode) VALUES (?, ?)");
- $R2FA_b_istatement = $conn->prepare("UPDATE $table_2FA SET ?='?' WHERE uuid='?'");
- $R2FA_fstatement = $conn->prepare("SELECT * FROM $table_2FA WHERE uuid='?'");
- // Settings
- $token_length = (2*60)*1000; // in ms [ (2*60)*1000 = 2 mins ]
- // Main Functions
- function generatePIN($digits = 4){
- $i = 0; //counter
- $pin = ""; //our default pin is blank.
- while($i < $digits){
- //generate a random number between 0 and 9.
- $pin .= mt_rand(0, 9);
- $i++;
- }
- return $pin;
- }
- function getR2FAData($id) {
- $reply = array();
- $R2FA_fstatement->bind_param("s", $id);
- if($R2FA_fstatement->execute()){
- $result = $R2FA_fstatement->get_result();
- if($result->nom_rows > 0){
- while($row = $result->fetch_assoc()){
- // return data
- $reply["row"]=$row;
- return $reply;
- }
- } else {
- // No Data
- $reply["status"] = -2;
- return $reply;
- }
- } else {
- // Error
- $reply["status"] = -3;
- return $reply;
- }
- }
- function updateR2FA($id, $vals) {
- foreach ($id as $name=>$value) {
- if ($name=="userUuid") {
- $token_istatement->bind_param("sss", $name, $value, $id);
- $token_istatement->execute();
- } elseif ($name=="verificationCode") {
- $token_istatement->bind_param("sss", $name, $value, $id);
- $token_istatement->execute();
- } elseif ($name=="status") {
- $token_istatement->bind_param("sss", $name, $value, $id);
- $token_istatement->execute();
- }
- }
- }
- function verifyR2FA($id, $pin) {
- $data = getR2FAData($id);
- if ( md5($pin) == $data["row"]["verificationCode"] ) {
- return true;
- } else {
- return false;
- }
- }
- function newR2FA() {
- $pin_p = generatePIN();
- $pin_s = md5($pin_p);
- $id = md5( ( $pin_s . strval( time() ) ) );
- $token_istatement->bind_param("ss", $id, $pin_p);
- $token_istatement->execute();
- return array("pin"=>$pin_s, "id"=>$id);
- }
- function getTokenData($token) {
- $reply = array();
- $token_fstatement->bind_param("s", $username);
- if($token_fstatement->execute()){
- $result = $token_fstatement->get_result();
- if($result->nom_rows > 0){
- while($row = $result->fetch_assoc()){
- // return data
- $reply["issued"]=$row["issued"];
- $reply["expires"]=$row["expires"];
- $reply["id"]=$row["userUuid"];
- $reply["public"]=$row["tokenhash"];
- return $reply;
- }
- } else {
- // No Data
- $reply["status"] = -2;
- return $reply;
- }
- } else {
- // Error
- $reply["status"] = -3;
- return $reply;
- }
- }
- function validateToken($public, $private) {
- $now = time();
- $tokenData = getTokenData($public);
- // Still valid ( time ). Check if the token private/public match
- if ( $public == md5( $private ) ) {
- // Do a second check with the data from the DB
- if ( $public == $tokenData["public"] ) {
- if ( md5($private) == $tokenData["public"] ) {
- if ($now <= inval($tokenData["expires"])) {
- // valid
- return 1;
- } else {
- // time expired
- return -1;
- }
- } else {
- // INVALID TOKEN
- return -4;
- }
- } else {
- // mismatched data (publics)
- return -3;
- }
- } else {
- // Input values invalid
- return -2;
- }
- }
- function createToken($userID) {
- // {issued,expires,uuid,hash}
- $now = time();
- $private = ("token@" . $userID . ":" . time() . "/" . rand());
- $public = md5($private);
- $issued = strval($now);
- $expires = strval( ($now + $token_length) );
- $token_istatement->bind_param("ssss", $issued, $expires, $userID, $public);
- $token_istatement->execute();
- // Create an object to return this data
- $token = array();
- $token["user"] = $userID;
- $token["token-private"] = $private;
- $token["token-public"] = $public;
- $token["issued"] = $issued;
- $token["expires"] = $expires;
- return $token;
- }
- function validateLogin($username, $password) {
- $reply = array();
- $login_istatement->bind_param("s", $username);
- if($login_istatement->execute()){
- $result = $login_istatement->get_result();
- if($result->nom_rows > 0){
- while($row = $result->fetch_assoc()){
- // check if valid
- if ($row["password"]==$password) {
- // Valid Login
- $reply["status"] = 1;
- $reply["success"] = true;
- $reply["username"] = $username;
- $reply["uuid"] = $row["uuid"];
- $reply["robloxID"] = $row["robloxid"];
- return $reply;
- } else {
- // Invalid Login
- $reply["status"] = -1;
- $reply["success"] = false;
- return $reply;
- }
- }
- } else {
- // No Data
- $reply["status"] = -2;
- $reply["success"] = false;
- return $reply;
- }
- } else {
- // Error
- $reply["status"] = -3;
- $reply["success"] = false;
- return $reply;
- }
- }
- function createUser($username, $password, $robloxID, $R2FAid, $R2FApin) {
- $responce = array();
- $status = verifyR2FA($R2FAid, $R2FApin);
- if (!status) {
- return array("status"=>false, "reason"=>"unverified");
- }
- $uuid = md5( ( "user::" . md5( $username ) . ":" . $password . md5( time() ) ) );
- $token_istatement->bind_param("ssss", $uuid, $robloxID, $username, $password);
- $token_istatement->execute();
- return array("status"=>"okay", "reason"=>"account created");
- }
- // Main Segment
- $task = $_GET["o"];
- $mode = array();
- if (isset($_GET["m"])) {
- $m = $_GET["m"];
- $mode["type"] = $m;
- if ($m=="r") {
- $url = $_GET["url"];
- $mode["url"] = $url;
- }
- } else {
- // use defaults
- $mode["type"] = "d";
- }
- function reply($vals) {
- if ($mode["type"]=="d") {
- echo json_encode($vals);
- die( json_encode($vals) );
- } elseif ($mode["type"]=="r") {
- // Create a JS redirrect
- $url = $mode["url"];
- echo "<form id='r' action='$url' method='post'>";
- foreach ($vals as $a => $b) {
- echo "<input type='hidden' name='$a' value='$b' />";
- }
- echo "</form>";
- echo "You will soon be redirrected.<br>";
- echo "If your browser does not redirrect you, please click this link:";
- echo "<script>document.getElementById('r).submit();</script>";
- }
- }
- if ($task=="login") {
- $username = $_POST["username"];
- $password = md5($_POST["password"]);
- $status = validateLogin($username, $password);
- if ($stats["success"]) {
- $token = createToken($status["uuid"]);
- $_SESSION["session-public"] = $token["token-public"];
- $_SESSION["session-private"] = $token["token-private"];
- reply(array(
- "status"=>"okay"
- ));
- } else {
- reply(array(
- "status"=>"invalidLogin"
- ));
- }
- } elseif ($task=="newR2FA") {
- $data = newR2FA(); // {pin, id}
- reply($data);
- } elseif ($task=="R2FAStatus") {
- $id = $_GET["id"];
- $data = getR2FAData($id);
- if ($data["status"]==1) {
- reply(array("status"=>("verified")));
- } elseif ($data["status"]==0) {
- reply(array("status"=>("waiting")));
- }
- } elseif ($task=="signup") {
- $R2FA_id = $_POST["R2faid"];
- $R2FA_pin = $_POST["R2fapin"];
- $uername = $_POST["username"];
- $password = md5($_POST["password"]);
- $R2FA_data = getR2FAData($R2FA_id);
- if ($R2FA_data["status"]!=1) {
- reply(array("status"=>"failed","error-code"=>"0x2F","message"=>"Roblox account not assosiated!"));
- }
- $robloxID = $R2FA_data["userUuid"];
- $status = createUser($username, $password, $robloxID, $R2FA_id, $R2FA_pin);
- reply($status);
- }
- echo "WORKING";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement