-
Notifications
You must be signed in to change notification settings - Fork 3
/
enroll.php
117 lines (92 loc) · 3.56 KB
/
enroll.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
header('Access-Control-Allow-Origin: *');
$maxAccounts=1000;
function base64url_decode($data) {
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
function getPublicKey($server){
// remove anything which can change repertory
$server_folder = str_replace("..", "", $server);
$server_folder = str_replace("/", "", $server_folder);
// Get the key
$flie_path = "file:///var/www/html/".$server_folder."/pubkey.pem";
return openssl_pkey_get_public($flie_path);
}
function checkSign($uid, $signature, $pubkeyid){
if (openssl_verify($uid, $signature, $pubkeyid, OPENSSL_ALGO_SHA1)==1){
return "OK";
} else {
return "KO";
}
}
function saveAddress($uid, $token, $pubkeyid, $currency, $adresse, $maxAccounts){
if (checkSign($uid, $token, $pubkeyid)=="OK"){
// Connect to Cassandra
$cluster = Cassandra::cluster('127.0.0.1')->withCredentials("members_rw", "Private_access_members_rw")->build();
$keyspace = strtolower($currency);
$notAccepted = array("-", "_");
$keyspace = str_replace($notAccepted, "", $keyspace);
$session = $cluster->connect($keyspace);
$table="Members";
$dbg=',in,'.$maxAccounts.',' ;
$count=1;
$addr = $adresse;
$sql ="SELECT Adresses, Count from $table where Code = ?";
$options = array('arguments' => array($uid));
foreach ($session->execute(new Cassandra\SimpleStatement($sql), $options) as $row) {
$count = $row['Count']+1;
if ($row['adresses'] != ""){
$addr = $row['adresses'] . "," . $adresse;
}
$dbg = $dbg.'row found,';
}
$result = "KO";
if ($count < $maxAccounts) {
$dbg = $dbg.'count ok,';
$updateCount = "UPDATE $table SET Count=$count, Adresses=? WHERE Code=?";
$options = array('arguments' => array($addr,$uid));
if ($session->execute(new Cassandra\SimpleStatement($updateCount), $options)) {
$result = "OK";
}
}
$session->close();
return $result;
} else {
return "KO";
}
}
$data = json_decode($_POST['data'], true);
// Get the Server/currency uid and signature
$currency = filter_var($data['currency'], FILTER_SANITIZE_STRING);
$uid = filter_var($data['id'], FILTER_SANITIZE_STRING);
$sign = filter_var($data['signature'], FILTER_SANITIZE_STRING);
$signature = base64url_decode($sign);
$tok = filter_var($data['token'], FILTER_SANITIZE_STRING);
$token = base64url_decode($tok);
$adresse = filter_var($data['adresse'], FILTER_SANITIZE_STRING);
$check_or_enroll = !isset($data['adresse']);
// get the public key for the currency:
$pubkeyid = getPublicKey($currency);
// check if the file was found (=> valid currency)
if ($pubkeyid!==false) {
if ($check_or_enroll){
// Check validity
$result = checkSign($uid, $signature, $pubkeyid);
} else {
// Check inputs
$adresse = strtolower(preg_replace("/[^a-zA-Z0-9]+/", "",$adresse));
if (strlen($adresse) != 42) {
$result = "KO";
} else {
// Add address
$result = saveAddress($uid, $token, $pubkeyid, $currency, $adresse, $maxAccounts);
}
}
openssl_free_key($pubkeyid);
} else {
$result = "KO";
}
$res = array('adresse' => $adresse,'token'=>$data['signature'], 'result' => $result);
$json = json_encode($res);
echo $json;
?>