=') && version_compare(phpversion(), '5.3', '<'))) {
die('PHP 5.2.x (Your version ' . phpversion() . ').');
}
define('AUTH_PASSWD_FILE_NAME', dirname(__FILE__) . '/.htpasswd');
set_include_path(dirname(__FILE__) . '/lib' . PATH_SEPARATOR . dirname(__FILE__) . '/lib/Pear');
require_once 'Zend/Loader.php';
require_once 'Zend/Loader/Autoloader.php';
Zend_Loader_Autoloader::getInstance()->setFallbackAutoloader(true);
switch (Qs_Request::getPostValue('action')) {
case 'getPublicKey':
session_start();
$privateKey = '';
$t = microtime(true);
$resource = openssl_pkey_new(array('private_key_bits' => 1024));
openssl_pkey_export($resource, $privateKey);
$details = openssl_pkey_get_details($resource);
$publicKey = $details['key'];
$_SESSION['privateKey'] = $privateKey;
header('Content-Encoding: gzip');
echo gzencode($publicKey, 9);
break;
case 'authenticate':
session_start();
if (!array_key_exists('privateKey', $_SESSION)) {
header('HTTP/1.0 405 Method Not Allowed');
echo 'Empty Session';
exit;
}
$privateKey = $_SESSION['privateKey'];
$encrypted = base64_decode(Qs_Request::getPostValue('encrypted'));
$decrypted = '';
$envelopeKey = base64_decode(Qs_Request::getPostValue('envelopeKey'));
$privateKeyResource = openssl_get_privatekey($privateKey);
if (!openssl_open($encrypted, $decrypted, $envelopeKey, $privateKeyResource)) {
header('HTTP/1.0 405 Method Not Allowed');
echo openssl_error_string();
exit;
}
if (false === ($data = unserialize($decrypted))) {
header('HTTP/1.0 405 Method Not Allowed');
echo 'Unserialize failed';
exit;
}
Ra_Log::setData($data);
require_once('File/Passwd/Authbasic.php');
$authbasic = new File_Passwd_Authbasic(AUTH_PASSWD_FILE_NAME);
$authbasic->setMode('md5');
$authbasic->load();
$responseData = array(
'isValid' => $authbasic->userExists($data['identity'])
&& $authbasic->verifyPasswd($data['identity'], $data['credential'])
);
if ($responseData['isValid']) {
Ra_Log::write('User "' . $data['identity'] . '" successfully authorized');
} else {
Ra_Log::write('User "' . $data['identity'] . '" authorization failed');
}
$responseText = serialize($responseData);
$signature = '';
openssl_sign($responseText, $signature, $privateKeyResource);
$response = array(
'data' => $responseText,
'signature' => $signature,
);
$buff = serialize($response);
openssl_free_key($privateKeyResource);
session_destroy();
echo $buff;
exit;
break;
default:
header("HTTP/1.0 404 Not Found");
echo 'Not Found';
break;
}
exit;
// --------------------------------------------------------------------------------------------------------------------------------------
// - GLOBAL FUNCTIONS
// --------------------------------------------------------------------------------------------------------------------------------------
function vdie()
{
header('Content-Type: text/html; charset=utf-8');
$backtrace = debug_backtrace();
ob_start();
echo $backtrace[0]['file'], ' (', $backtrace[0]['line'], '):
';
$vars = func_get_args();
foreach ($vars as $var) {
echo '';
if (is_scalar($var) || is_null($var)) {
var_dump($var);
} else {
print_r($var);
}
echo '';
}
echo '
BACKTRACE
';
array_shift($backtrace);
function _removeObjects(&$array)
{
foreach ($array as $key => &$value) {
if (is_array($value)) {
_removeObjects($value);
} elseif (is_object($value)) {
unset($array[$key]);
$array[$key] = get_class($value) . ' Object';
}
}
}
function getHttpHeader($header)
{
if (empty($header)) {
return false;
}
// Try to get it from the $_SERVER array first
$temp = 'HTTP_' . strtoupper(str_replace('-', '_', $header));
if (!empty($_SERVER[$temp])) {
return $_SERVER[$temp];
}
// This seems to be the only way to get the Authorization header on
// Apache
if (function_exists('apache_request_headers')) {
$headers = apache_request_headers();
if (!empty($headers[$header])) {
return $headers[$header];
}
}
return false;
}
_removeObjects($backtrace);
echo '';
print_r($backtrace);
echo '';
$html = ob_get_contents();
ob_end_clean();
if ('XMLHttpRequest' == getHttpHeader('X_REQUESTED_WITH')) {
$html = str_replace(array('
', '', '
'), array("\n", "\n", ''), $html);
$html = str_replace(array('
'), "\n" . str_repeat('-', 80) . "\n", $html);
}
echo $html;
exit();
}
class Ra_Log
{
protected static $_fileName;
protected static $_data = array(
'date' => '',
'clientIp' => '',
'serverName' => '',
'message' => '',
'url' => '',
);
public static function setData($data)
{
$data = array_intersect_key($data, self::$_data);
self::$_data = array_merge(self::$_data, $data);
}
public static function write($message)
{
if (null === self::$_fileName) {
self::$_fileName = date('Y-m-d') . '.txt';
}
$file = dirname(__FILE__) . '/log/' . self::$_fileName;
if (!file_exists(dirname($file))) {
$umask = umask(0);
mkdir(dirname($file), 0777, true);
umask($umask);
}
$fileExists = file_exists($file);
if ($handle = fopen($file, 'a+')) {
$data = self::$_data;
$data['date'] = date('Y-m-d H:i:s');
$data['message'] = $message;
fwrite($handle, implode("\t", $data) . "\n");
fclose($handle);
}
}
}