-
Notifications
You must be signed in to change notification settings - Fork 123
/
Copy pathauth_functions.php
129 lines (105 loc) · 2.64 KB
/
auth_functions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?php
//Get Username from Browser-Request
function get_user()
{
if (isset($_POST["user"])) {
$user = $_POST['user'];
}
elseif (isset($_GET["user"])) {
$user = $_GET['user'];
}
else
{
$user = "";
}
return $user;
}
//Get Password from Browser-Request
function get_pass()
{
if (isset($_POST["pass"])) {
$pass = $_POST['pass'];
}
elseif (isset($_GET["pass"])) {
$pass = $_GET['pass'];
}
else
{
$pass = "";
}
return $pass;
}
//Get Torque-ID from Browser-Request
function get_id()
{
$id = "";
if (isset($_POST["id"])) {
if (1 === preg_match('/[\da-f]{32}/i', $_POST['id'], $matches))
{
$id = $matches[0];
}
}
elseif (isset($_GET["id"])) {
if (1 === preg_match('/[\da-f]{32}/i', $_GET['id'], $matches))
{
$id = $matches[0];
}
}
return $id;
}
//True if User/Pass match those of creds.php
//If both $auth_user and $auth_pass are empty, all passwords are accepted.
function auth_user()
{
global $auth_user, $auth_pass;
$user = get_user();
$pass = get_pass();
//No User/Pass defined: Allow everything
if ( empty($auth_user) && empty($auth_pass) ) {
return true;
}
if ( ($user == $auth_user) && ($pass == $auth_pass) ) {
return true;
}
return false;
}
//True is Torque-ID matches any of the IDs or HASHes defined in creds.php
//If both IDs and HASHes are empty, all IDs are accepted.
function auth_id()
{
global $torque_id, $torque_id_hash;
// Prepare authentification of Torque Instance that uploads data to this server
// If $torque_id is defined, this will overwrite $torque_id_hash from creds.php
$session_id = get_id();
// Parse IDs from "creds.php", if IDs are defined these will overrule HASHES
$auth_by_hash_possible = false;
if (isset($torque_id) && !empty($torque_id))
{
if (!is_array($torque_id))
$torque_id = array($torque_id);
$torque_id_hash = array_map(md5,$torque_id);
$auth_by_hash_possible = true;
}
// Parse HASHES
elseif (isset($torque_id_hash) && !empty($torque_id_hash))
{
if (!is_array($torque_id_hash))
$torque_id_hash = array($torque_id_hash);
$auth_by_hash_possible = true;
}
// Authenticate torque instance: Check if we know its HASH
if ($auth_by_hash_possible)
{
if (in_array($session_id, $torque_id_hash) )
{
return true;
}
}
//No IDs/HASHEs defined: Allow everything
else
{
return true;
}
return false;
}
?>