RanchiMall/RanchiMallTasks
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create flo_auth.php

Browse Source
This commit is contained in:
tripathyr 2021-10-29 16:50:30 +05:30 committed by GitHub
parent 3d063c950b
commit d3fb966295
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 200 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
Proejct1_FLO_FB_Auth_Exchange/flo_auth.php Normal file
View File

@ -0,0 +1,200 @@
<?
ob_start();
session_start();
$_SESSION['id'] = session_id();
if (!isset($cookie_life_days)) {$cookie_life_days = 60;};
if (!isset($_SESSION['page_action'])) { $_SESSION['page_action']='verify_login'; };
if ($_REQUEST['page_action'] =='welcome') { $_SESSION['page_action']='welcome';} else
if ($_REQUEST['page_action'] =='verify_login') { $_SESSION['page_action']='verify_login';} else
if ($_REQUEST['page_action'] =='logout_request') { $_SESSION['page_action']='logout_request';};
if ($_SESSION['page_action']=='verify_login'){
if (isset($_COOKIE['exchange'])){
ob_end_clean();
ob_start();
$_SESSION['page_action']='welcome';
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
if (isset($_POST['flo_id'], $_POST['pub_key'], $_SESSION['id'], $_POST['sign'] )){
ob_start();
function callAPI($method, $url, $data){
$curl = curl_init();
switch ($method){
case "POST":
curl_setopt($curl, CURLOPT_POST, 1);
if ($data)
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
break;
case "PUT":
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PUT");
if ($data)
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
break;
default:
if ($data)
$url = sprintf("%s?%s", $url, http_build_query($data));
}
// OPTIONS:
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'APIKEY: 111111111111111111111',
'Content-Type: application/json',
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
// EXECUTE:
$result = curl_exec($curl);
if(!$result){die("Connection Failure");}
curl_close($curl);
return $result;
}
$floID = $_POST['flo_id'];
$pubKey = $_POST['pub_key'];
$s_id = $_SESSION['id'];
$sign = $_POST['sign'];
$data_array = array( "floID" => $floID, "pubKey" => $pubKey, "message" => $s_id, "sign" => $sign );
$make_call = callAPI('POST', 'https://flo-sign-validator.duckdns.org', json_encode($data_array));
$response = json_decode($make_call, true);
if ($response['success'] == 1) {
//store $s_id (session ID) in SQl
ob_end_clean();
ob_start();
setcookie("exchange[flo_id]", $floID, time () + (86400 * $cookie_life_days));
setcookie("exchange[session_id]", $s_id, time () + (86400 * $cookie_life_days));
setcookie("exchange[pub_key]", $pubKey,time () + (86400 * $cookie_life_days));
$_SESSION['page_action']='welcome';
header('Location: '.$_SERVER['PHP_SELF']);
exit();
} else {
echo '<script>alert("Signature Verification Failed")</script>';
}
}
echo <<<END
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="stylesheet" href="css/bootstrap.css">
<link rel="stylesheet" href="css/custom.css">
<link rel="stylesheet" href="css/mate.css">
<link href="https://fonts.googleapis.com/css?family=Open+Sans+Condensed:300" rel="stylesheet">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<script src="https://sairajzero.github.io/Standard_Operations/cdn/floCrypto.js"></script>
</head>
<div class="col-sm-4 ">
<div class="box p--2 mt--4">
<div class="row">
<h2 class="text-center">Login using FLO Private Key </h2>
<hr>
<div class="col-lg-12 lazy-form">
<label for="key_flo">Enter your FLO Private Key</label>
<input type="text" name="key_flo" id="key_flo">
</div>
<div class="col-lg-12">
<input type="submit" id="key_flo_submit" class="btn btn--primary-1 btn-white fb_log_in" value="Enter Key">
</div>
</div>
</div>
</div>
<form id="login" style="display: none;" method="POST">
<input type="text" name="flo_id" />
<input type="text" name="pub_key" />
<input type="text" name="sign" />
<input type="hidden" name="page_action" value="verify_login"/>
<input type="submit" name="submit" />
</form>
<script>
document.getElementById("key_flo_submit").onclick = function(evt) {
let privKey = document.getElementById("key_flo").value;
let pubKey = floCrypto.getPubKeyHex(privKey);
let floID = floCrypto.getFloID(pubKey);
let message = "{$_SESSION['id']}";
let sign = floCrypto.signData(message, privKey);
delete privKey;
let form = document.forms["login"];
form["flo_id"].value = floID;
form["pub_key"].value = pubKey;
form["sign"].value = sign;
form["submit"].click();
}
</script>
END;
}
if ($_SESSION['page_action']=='welcome'){
if (!isset($_COOKIE['exchange'])) {
$_SESSION['page_action']='verify_login';
ob_end_clean();
ob_start();
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
echo <<<END
<head>
<title>Exchange</title>
</head>
<body>
<h1>Welcome</h1>
<h5>Logged in as {$_COOKIE['exchange']['flo_id']}</h5>
<form action="">
<input type="hidden" name="page_action" value="logout_request"/>
<input type="submit" value="logout"/>
</form>
</body>
END;
}
if ($_SESSION['page_action']=='logout_request'){
if (isset($_COOKIE['exchange'])) {
unset($_COOKIE['exchange[flo_id]']);
setcookie('exchange[flo_id]', null, -1);
unset($_COOKIE['exchange[session_id]']);
setcookie('exchange[session_id]', null, -1);
unset($_COOKIE['exchange[pub_key]']);
setcookie('exchange[pub_key]', null, -1);
unset($_COOKIE['exchange']);
setcookie('exchange', null, -1);
}
ob_end_clean();
ob_start();
$_SESSION['page_action']='verify_login';
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
?>