We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 65ebe7ad authored by bmccalip's avatar bmccalip

First set of updates to integrate auth efforts with db

Checking is still not properly done in auth stage #2, but records are 
now being updated in the database.
parent bca59eb2
<?php
require_once('../database.php');
# Error constants
define("LFM_INVALID_SERVICE", 2);
define("LFM_INVALID_METHOD", 3);
......@@ -17,79 +19,89 @@ define("LFM_SUBSCRIPTION_REQD", 18);
# Error descriptions as per API documentation
$error_text = array(
LFM_INVALID_SERVICE => "Invalid service -This service does not exist",
LFM_INVALID_METHOD => "Invalid Method - No method with that name in this package",
LFM_INVALID_TOKEN => "Invalid authentication token supplied",
LFM_INVALID_FORMAT => "Invalid format - This service doesn't exist in that format",
LFM_INVALID_PARAMS => "Invalid parameters - Your request is missing a required parameter",
LFM_INVALID_RESOURCE => "Invalid resource specified",
LFM_TOKEN_ERROR => "There was an error granting the request token. Please try again later",
LFM_INVALID_SESSION => "Invalid session key - Please re-authenticate",
LFM_INVALID_APIKEY => "Invalid API key - You must be granted a valid key by last.fm",
LFM_SERVICE_OFFLINE => "Service Offline - This service is temporarily offline. Try again later.",
LFM_SUBSCRIPTION_ERROR => "Subscription Error - The user needs to be subscribed in order to do that",
LFM_INVALID_SIGNATURE => "Invalid method signature supplied",
LFM_SUBSCRIPTION_REQD => "This user has no free radio plays left. Subscription required."
LFM_INVALID_SERVICE => "Invalid service -This service does not exist",
LFM_INVALID_METHOD => "Invalid Method - No method with that name in this package",
LFM_INVALID_TOKEN => "Invalid authentication token supplied",
LFM_INVALID_FORMAT => "Invalid format - This service doesn't exist in that format",
LFM_INVALID_PARAMS => "Invalid parameters - Your request is missing a required parameter",
LFM_INVALID_RESOURCE => "Invalid resource specified",
LFM_TOKEN_ERROR => "There was an error granting the request token. Please try again later",
LFM_INVALID_SESSION => "Invalid session key - Please re-authenticate",
LFM_INVALID_APIKEY => "Invalid API key - You must be granted a valid key by last.fm",
LFM_SERVICE_OFFLINE => "Service Offline - This service is temporarily offline. Try again later.",
LFM_SUBSCRIPTION_ERROR => "Subscription Error - The user needs to be subscribed in order to do that",
LFM_INVALID_SIGNATURE => "Invalid method signature supplied",
LFM_SUBSCRIPTION_REQD => "This user has no free radio plays left. Subscription required."
);
# Resolves method= parameters to handler functions
$method_map = array(
"auth.gettoken" => method_auth_gettoken,
"auth.getsession" => method_auth_getsession
"auth.gettoken" => method_auth_gettoken,
"auth.getsession" => method_auth_getsession
);
function method_auth_gettoken() {
if (!isset($_GET['api_sig']) || !valid_api_sig($_GET['api_sig']))
report_failure(LFM_INVALID_SIGNATURE);
$key = md5(time() . rand());
print("<lfm status=\"ok\">\n");
print(" <token>$key</token></lfm>");
global $mdb2;
if (!isset($_GET['api_sig']) || !valid_api_sig($_GET['api_sig']))
report_failure(LFM_INVALID_SIGNATURE);
$key = md5(time() . rand());
$result = $mdb2->query('INSERT INTO Auth (token, expires) VALUES ('
. $mdb2->quote($key, 'text') . ", "
. $mdb2->quote(time() + 3600, 'integer')
. ")");
if (PEAR::isError($result))
report_failure(LFM_TOKEN_ERROR);
print("<lfm status=\"ok\">\n");
print(" <token>$key</token></lfm>");
}
function method_auth_getsession() {
if (!isset($_GET['api_sig']) || !valid_api_sig($_GET['api_sig']))
report_failure(LFM_INVALID_SIGNATURE);
if (!isset($_GET['token']) || !valid_token($_GET['token']))
report_failure(LFM_INVALID_TOKEN);
$session = md5(time() . rand());
print("<lfm status=\"ok\">\n");
print(" <session>\n");
print(" <name>A User</name>\n");
print(" <key>$session</key>\n");
print(" <subscriber>0</subscriber>\n");
print(" </session>\n");
print("</lfm>");
if (!isset($_GET['api_sig']) || !valid_api_sig($_GET['api_sig']))
report_failure(LFM_INVALID_SIGNATURE);
if (!isset($_GET['token']) || !valid_token($_GET['token']))
report_failure(LFM_INVALID_TOKEN);
$session = md5(time() . rand());
print("<lfm status=\"ok\">\n");
print(" <session>\n");
print(" <name>A User</name>\n");
print(" <key>$session</key>\n");
print(" <subscriber>0</subscriber>\n");
print(" </session>\n");
print("</lfm>");
}
function valid_api_key($key) {
return strlen($key) == 32;
return strlen($key) == 32;
}
function valid_api_sig($sig) {
return strlen($sig) == 32;
return strlen($sig) == 32;
}
function valid_token($token) {
return strlen($token) == 32;
return strlen($token) == 32;
}
function report_failure($code) {
global $error_text;
print("<lfm status=\"failed\">\n");
print(" <error code=\"$code\">".$error_text[$code]."</error></lfm>");
die();
global $error_text;
print("<lfm status=\"failed\">\n");
print(" <error code=\"$code\">".$error_text[$code]."</error></lfm>");
die();
}
if (!isset($_GET['method']) || !isset($method_map[$_GET['method']]))
report_failure(LFM_INVALID_METHOD);
report_failure(LFM_INVALID_METHOD);
if (!isset($_GET['api_key']) || !valid_api_key($_GET['api_key']))
report_failure(LFM_INVALID_APIKEY);
report_failure(LFM_INVALID_APIKEY);
$method = $method_map[$_GET['method']];
$method();
......
<?php
require_once('../../database.php');
?>
<html>
<body>
<?php if (isset($_POST['username'], $_POST['api_key'], $_POST['token'])) { ?>
<?php
$result = $mdb2->query('UPDATE Auth SET '
. 'username = ' . $mdb2->quote($_POST['username'], 'text') . ' '
. 'WHERE '
. 'token = ' . $mdb2->quote($_POST['token']));
if (PEAR::isError($result))
die("Database error");
?>
<p>Thank you very much, <?php print($_POST['username']); ?>. Your authorization has been recorded.</p>
<p>You may now close the browser.</p>
......@@ -14,10 +27,21 @@
<?php } else { ?>
<?php
$result = $mdb2->query('SELECT * FROM Auth WHERE ('
. 'token = ' . $mdb2->quote($_GET['token'], 'text') . ')');
if (PEAR::isError($result))
die("Database error");
if (!$result->numRows())
die("Invalid key");
?>
<form method="post" action="">
<p>Your Username: <input type="text" name="username" /></p>
<p>Your Password: <input type="password" name="password" /></p>
<p>
<input type="submit" value="Submit" />
<input type="hidden" name="api_key" value="<?php print($_GET['api_key']); ?>" />
......
<?
if(!file_exists("config.php")) {
if(!file_exists(dirname(__FILE__) . "/config.php")) {
die("Please run the <a href='install.php'>Install</a> script to configure your installation");
}
require_once("config.php")
require_once('config.php');
require_once('MDB2.php');
$mdb2 =& MDB2::connect($connect_string);
......
......@@ -11,7 +11,7 @@ if (isset($_POST['install'])) {
$dbms = $_POST['dbms'];
if($dbms == "sqlite") {
$filename = $_POST['filename'];
$connect_string = "sqlite://" . $_POST['filename'];
$connect_string = "sqlite:///" . $filename;
} else {
$connect_string = $dbms . "://" . $_POST['username'] . ":" . $_POST['password'] . "@" . $_POST['hostname'] . ":" . $_POST['port'] . "/" . $_POST['dbname'];
}
......@@ -23,9 +23,9 @@ if (isset($_POST['install'])) {
//Create tables
$mdb2->query("CREATE TABLE Users (username VARCHAR(64) PRIMARY KEY,
password VARCHAR(255) NOT NULL,
email VARCHAR(255),
fullname VARCHAR(255),
password VARCHAR(32) NOT NULL,
email VARCHAR(255),
fullname VARCHAR(255),
bio TEXT,
homepage VARCHAR(255),
location VARCHAR(255),
......@@ -36,7 +36,13 @@ if (isset($_POST['install'])) {
sk VARCHAR(32),
expires TIMESTAMP,
username VARCHAR(255) REFERENCES Users(username))");
// Test user configuration
$res = $mdb2->query("INSERT INTO Users
(username, password, created)
VALUES
('testuser', '" . md5(md5('password')) . "', " . time() . ")");
$mdb2->disconnect();
//Write out the configuration
......@@ -74,7 +80,7 @@ if (isset($_POST['install'])) {
<h1>Gobbler Installer</h1>
<form method="post">
Database Management System: <br />
<input type="radio" name="dbms" value="sqlite" onclick='showSqlite()' checked>SQLite</input><br />
<input type="radio" name="dbms" value="sqlite" onclick='showSqlite()' checked>SQLite (use an absolute path)</input><br />
<input type="radio" name="dbms" value="mysql" onclick='showNetworkDBMS()'>MySQL</input><br />
<input type="radio" name="dbms" value="pgsql" onclick='showNetworkDBMS()'>PostgreSQL</input><br />
<br />
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment