<?php
require_once("./lib/jcryption.php");
$keyLength = 256;
$jCryption = new jCryption();
if(isset($_GET["generateKeypair"]))
{
if (empty($_SESSION["e"])){
// logic added by ma.gi.a. di rossini to avoid the key generation
// every time we use this module
// asymmetric keys are once generated and saved in a file using array2string() -
// To get the keys from file we use string2array()
{
$keys = $jCryption->generateKeypair($keyLength);
// e scrivi un file con le chiavi
array2string($keys,$output,$parent);
// Store the string in a file
$f1 = fopen("lib/keypair.txt","w+");
}
else
{
// Read the file back from the disk
$f1 = fopen("lib/keypair.txt","r");
// Convert the content back to an array
string2array($newString, $keys);
}
// sets the keys in the session to have them ready when you submit the form
// please keep this structure.
// You'll need the hex value of the key for javascript
// and the int value of the key for PHP. e = public key, d = private key, n = modulo
$_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"],16
));
$_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"],16
));
$_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"],16
));
}
//returns the needed keys for the javascript part in a JSON string
//maxdigits is need for the javascript and calculated like ($keyLength * 2 / 16 + 3)
/* debug
$f1 = fopen("keyparhex.txt","w+");
fwrite($f1, '{"e":"'.$_SESSION["e"]["hex"].'","n":"'.$_SESSION["n"]["hex"].'","maxdigits":"'.intval($keyLength*2/16+3).'"}');
fclose($f1);
*/
echo '{"e":"'.$_SESSION["e"]["hex"].'","n":"'.$_SESSION["n"]["hex"].'","maxdigits":"'.intval($keyLength*2/16+3).'"}';
} else {
//
//here the decrypt function is called. The first parameter is the encrypted POST.
//Second parameter is the private key d in it's int form and third the modulo n.
//This function will return your orginal decrypted POST.
$var = $jCryption->decrypt($_POST['jCryption'], $_SESSION["d"]["int"], $_SESSION["n"]["int"]);
//unset($_SESSION["e"]);
//unset($_SESSION["d"]);
//unset($_SESSION["n"]);
// parse the query string from post - into variables
$posted = $_POST['jCryption'];
//debug
/*
$f1 = fopen("received.txt","w+");
fwrite($f1,"\r\n-posted-\r\n");
fwrite($f1,$posted);
fwrite($f1,"\r\n- var decrypted -\r\n");
fwrite($f1,$var);
fclose($f1);
*/
//echo "<br> decrypted data are:" .$var;
//$result["User"] = "rg";
//$result["Passw"] = "rr";
/* original code commented - with password we do IMAP authentication
if (preg_match('/\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b/i', $result["Passw"])) {
echo "true";
} else {
echo "false";
}
*/
$username = $result["User"];
$password = $result["Passw"];
$where_we_are = pathinfo($_SERVER['SCRIPT_FILENAME']) ;
$root= $where_we_are['dirname']."/";
// if not exists username file try with IMAP - not used in this example
{
// try imap autentication
$imap_host[] = "10.103.8.21"; // mailpp01.postel.it
$imap_port = "143";
$ldap_ok = 0;
require("lib/auth_imap.inc");
if(authValidateUser($username, $password))
{
// echo " Ldap ". $imap_host[0] . " AUTENTICATO - ";
$ldap_ok = 1;
$_SESSION['UUser'] = $username;
$_SESSION['LoggedIn'] = 2;
}
else
{
$msg_Ldap = " Ldap 10.103.8.21 NON autenticato ";
//echo $msg_Ldap;
}
}
// if exists username file
{
$msglocalfile = "Non autenticato su file $username";
$fp=fopen($root."user/".$username.".txt","r");
$username1=$info[0];
$password1=$info[1];
//if($password1==$_SESSION['password'])
if($password1 == $password) {
//$firstuser = $temp_username;
$username = $username1;
$msglocalfile = " Autenticato su file $username ";
$_SESSION['UUser'] = $username;
$_SESSION['LoggedIn'] = 2;
}else {
}
// remove comment in next line to have this info at top
//echo $msglocalfile;
}
// return from authentication
//echo " -- $username1 -- $password1";
if(isset($_SESSION['UUser']))
{
//$_SESSION['LoggedIn'] = 1;
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area as $username1.</p>";
echo ' <TEXTAREA ROWS=8 COLS=100 WRAP="off" name=textcode>';
echo '<!-- to redirect to index_step_1.php (application menu) uncomment the following lines -->'."\n\r flush();\n ob_flush();\n sleep(2);\n echo ".
'"<script type="text/javascript" > document.location.href="index_step_1.php"</script>";';
echo '</TEXTAREA>';
// display message ...
// flush();
// ob_flush();
// sleep(2);
// redirect
// - this not works sometime in IE - see Security tab, then choose Custom Level and the Meta Tag Refresh
// echo "<meta http-equiv='refresh' content='=2;index.php' />";
// - this give warning
// header("refresh: 10; index.php");
//echo "<script type='text/javascript'>document.location.href='index_step_1.php'</script> ";
//echo "true";
}
else
{
echo "<h1>Error</h1>";
//echo " root is $root" . $msglocalfile."<br>";
echo "<p>Sorry, la coppia di user/password($username - ******) non e' stata autenticata<br>";
echo " $msg_Ldap - $msglocalfile <br>";
echo "<a href=\"index.php\">premi qui per riprovare</a>.</p>";
// for test we can display sent password as decrypted -
// echo $password;
//echo "false";
}
}
/**
* This function converts an array into a separated string
*
* @param Array $myarray The array to convert to string
* @param String $output The reference to the output string
* @param String $parentkey It is a helper variable
*/
function array2string($myarray,&$output,&$parentkey){
foreach($myarray as $key=>$value){
$parentkey .= $key."·";
array2string($value,$output,$parentkey);
$parentkey = "";
}
else {
$output .= $parentkey.$key."·".$value."\n";
}
}
}
/**
* This function converts a separated string into an array
*
* @param String $string The string to convert into an Array
* @param Array $myarray The array to store the output
*/
function string2array($string,&$myarray){
foreach ($lines as $value){
$myarray[$items[0]] = $items[1];
}
else if (sizeof($items) == 3
){
$myarray[$items[0]][$items[1]] = $items[2];
}
}
}
?>