<?php
+/*
+# Copyright (c) 2012, Gjøvik University College
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# * Neither the name of the Gjøvik University College nor the
+# names of its contributors may be used to endorse or promote products
+# derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY Gjøvik University College ''AS IS'' AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL Gjøvik University College BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
require_once('config.php');
$config = get_config();
function token_auth( )
{
- global $_GET;
+ global $_POST;
// TODO: Part of ping/pong requirement.
// Run a function to clear all authkeys older than 5 minutes.
expire_authkeys();
- if ( array_key_exists('session', $_GET )
- && array_key_exists('auth_key', $_GET ) )
+ if ( array_key_exists('session', $_POST )
+ && array_key_exists('auth_key', $_POST ) )
{
- if ( ! check_session($_GET['session'] ) ) simple_authfail();
- if ( ! check_authkey($_GET['auth_key'] ) ) simple_authfail();
+ if ( ! check_session($_POST['session'] ) ) simple_authfail();
+ if ( ! check_authkey($_POST['auth_key'] ) ) simple_authfail();
}
else simple_authfail();
}
$query = sprintf("SELECT session, sessid FROM %s WHERE `last` < DATE_SUB( NOW(), INTERVAL %d MINUTE)",
$config['sessionkeys_table'],
$config['sessionkey_lifetime']);
- $result = sql_dbquery( $config['provision_db'], $query );
+ $result = sql_dbquery( $config['hermes_db'], $query );
while ( $row = @mysql_fetch_row( $result ) )
{
remove_session( $row[0], $row[1] );
$config['sessionkeys_table'],
$config['sessionkey_lifetime']);
- sql_dbexec( $config['provision_db'], $query );
+ sql_dbexec( $config['hermes_db'], $query );
}
function update_authkey ( $session, $authid )
sql_clean($remote),
sql_clean($key),
sql_clean($key));
- if ( ! sql_dbexec( $config['provision_db'], $query ) )
+ if ( ! sql_dbexec( $config['hermes_db'], $query ) )
{
mysql_error();
}
$query = sprintf("DELETE FROM %s WHERE `session` = '%s'",
$config['sessionkeys_table'],
sql_clean($name));
- sql_dbexec( $config['provision_db'], $query );
+ sql_dbexec( $config['hermes_db'], $query );
return false;
}
sql_clean($host),
sql_clean($key));
- if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
+ if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
return $key;
}
$query = sprintf("DELETE FROM %s WHERE apikey = '%s'",
$config['apikeys_table'],
sql_clean($key) );
- if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
+ if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
return true;
}
$query = sprintf("SELECT host FROM %s WHERE apikey = '%s'",
$config['apikeys_table'],
sql_clean($key) );
- $row = sql_dbquery_single( $config['provision_db'], $query );
+ $row = sql_dbquery_single( $config['hermes_db'], $query );
if (!$row) return false;
$host = $row['host'];
$config['apikeys_table'],
$config['authorizations_table']);
$list = array();
- $result = sql_dbquery( $config['provision_db'], $query);
+ $result = sql_dbquery( $config['hermes_db'], $query);
if ( ! $result ) return $list;
while ( $row = @mysql_fetch_assoc( $result ) )
{
WHERE type = 'user'",
$config['authorizations_table']);
$list = array();
- $result = sql_dbquery( $config['provision_db'], $query);
+ $result = sql_dbquery( $config['hermes_db'], $query);
if ( ! $result ) return $list;
while ( $row = @mysql_fetch_assoc( $result ) )
{
sql_clean($authid),
$type,
$level, $level);
- if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
+ if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
return true;
}
$config['authorizations_table'],
sql_clean($authid) );
//print $query . "\n\n";
- if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
+ if ( ! sql_dbexec( $config['hermes_db'], $query ) ) return false;
return true;
}
$query = sprintf("SELECT access_level FROM %s WHERE authid = '%s'",
$config['authorizations_table'],
sql_clean($authid) );
- $row = sql_dbquery_single( $config['provision_db'], $query );
+ $row = sql_dbquery_single( $config['hermes_db'], $query );
if (!$row) return false;
$level = $row['access_level'];
return $level;
git.defcon.no / hermes / blobdiff