janis/ma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update login.php

Browse Source
This commit is contained in:
jakani24
2024-04-26 14:36:34 +02:00
parent 586ae86027
commit 9e38fd27ab
1 changed files with 113 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
src/server/cyberhex-code/test/login.php
View File

@@ -1,5 +1,5 @@
<?php <?php
/*
require_once 'WebAuthn.php'; require_once 'WebAuthn.php';
try { try {
session_start(); session_start();
@@ -201,25 +201,18 @@ try {
header('Content-Type: application/json'); header('Content-Type: application/json');
print(json_encode($return)); print(json_encode($return));
} }
*/
?> ?>
<?php <?php
//with db: //with db:
/*
require_once 'WebAuthn.php'; require_once 'WebAuthn.php';
// Assuming you've already established a database connection here // Assuming you've already established a database connection here
try { try {
// Read input parameters session_start();
// read get argument and post body
$fn = filter_input(INPUT_GET, 'fn'); $fn = filter_input(INPUT_GET, 'fn');
$requireResidentKey = !!filter_input(INPUT_GET, 'requireResidentKey'); $requireResidentKey = !!filter_input(INPUT_GET, 'requireResidentKey');
$userVerification = filter_input(INPUT_GET, 'userVerification', FILTER_SANITIZE_SPECIAL_CHARS); $userVerification = filter_input(INPUT_GET, 'userVerification', FILTER_SANITIZE_SPECIAL_CHARS);
@@ -228,7 +221,6 @@ try {
$userName = filter_input(INPUT_GET, 'userName', FILTER_SANITIZE_SPECIAL_CHARS); $userName = filter_input(INPUT_GET, 'userName', FILTER_SANITIZE_SPECIAL_CHARS);
$userDisplayName = filter_input(INPUT_GET, 'userDisplayName', FILTER_SANITIZE_SPECIAL_CHARS); $userDisplayName = filter_input(INPUT_GET, 'userDisplayName', FILTER_SANITIZE_SPECIAL_CHARS);
// Validate and sanitize input
$userId = preg_replace('/[^0-9a-f]/i', '', $userId); $userId = preg_replace('/[^0-9a-f]/i', '', $userId);
$userName = preg_replace('/[^0-9a-z]/i', '', $userName); $userName = preg_replace('/[^0-9a-z]/i', '', $userName);
$userDisplayName = preg_replace('/[^0-9a-z öüäéèàÖÜÄÉÈÀÂÊÎÔÛâêîôû]/i', '', $userDisplayName); $userDisplayName = preg_replace('/[^0-9a-z öüäéèàÖÜÄÉÈÀÂÊÎÔÛâêîôû]/i', '', $userDisplayName);
@@ -238,11 +230,81 @@ try {
$post = json_decode($post, null, 512, JSON_THROW_ON_ERROR); $post = json_decode($post, null, 512, JSON_THROW_ON_ERROR);
} }
// Initialize WebAuthn if ($fn !== 'getStoredDataHtml') {
$rpId=$_SERVER['SERVER_NAME'];
$WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $rpId);
// Other configurations... // Formats
$formats = [];
//if (filter_input(INPUT_GET, 'fmt_android-key')) {
$formats[] = 'android-key';
//}
///if (filter_input(INPUT_GET, 'fmt_android-safetynet')) {
$formats[] = 'android-safetynet';
//}
//if (filter_input(INPUT_GET, 'fmt_apple')) {
$formats[] = 'apple';
//}
//if (filter_input(INPUT_GET, 'fmt_fido-u2f')) {
$formats[] = 'fido-u2f';
//}
//if (filter_input(INPUT_GET, 'fmt_none')) {
$formats[] = 'none';
//}
//if (filter_input(INPUT_GET, 'fmt_packed')) {
$formats[] = 'packed';
//}
//if (filter_input(INPUT_GET, 'fmt_tpm')) {
$formats[] = 'tpm';
//}
$rpId=$_SERVER['SERVER_NAME'];
$typeUsb = true;
$typeNfc = true;
$typeBle = true;
$typeInt = true;
$typeHyb = true;
// cross-platform: true, if type internal is not allowed
// false, if only internal is allowed
// null, if internal and cross-platform is allowed
$crossPlatformAttachment = null;
if (($typeUsb || $typeNfc || $typeBle || $typeHyb) && !$typeInt) {
$crossPlatformAttachment = true;
} else if (!$typeUsb && !$typeNfc && !$typeBle && !$typeHyb && $typeInt) {
$crossPlatformAttachment = false;
}
// new Instance of the server library.
// make sure that $rpId is the domain name.
$WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $rpId, $formats);
// add root certificates to validate new registrations
//if (filter_input(INPUT_GET, 'solo')) {
$WebAuthn->addRootCertificates('rootCertificates/solo.pem');
//}
//if (filter_input(INPUT_GET, 'apple')) {
$WebAuthn->addRootCertificates('rootCertificates/apple.pem');
//}
//if (filter_input(INPUT_GET, 'yubico')) {
$WebAuthn->addRootCertificates('rootCertificates/yubico.pem');
//}
//if (filter_input(INPUT_GET, 'hypersecu')) {
$WebAuthn->addRootCertificates('rootCertificates/hypersecu.pem');
//}
//if (filter_input(INPUT_GET, 'google')) {
$WebAuthn->addRootCertificates('rootCertificates/globalSign.pem');
$WebAuthn->addRootCertificates('rootCertificates/googleHardware.pem');
//}
//if (filter_input(INPUT_GET, 'microsoft')) {
$WebAuthn->addRootCertificates('rootCertificates/microsoftTpmCollection.pem');
//}
//if (filter_input(INPUT_GET, 'mds')) {
$WebAuthn->addRootCertificates('rootCertificates/mds');
//}
}
// Handle different functions // Handle different functions
if ($fn === 'getCreateArgs') { if ($fn === 'getCreateArgs') {
@@ -253,19 +315,43 @@ try {
// Save challenge to session or somewhere else if needed // Save challenge to session or somewhere else if needed
} else if ($fn === 'getGetArgs') { } else if ($fn === 'getGetArgs') {
// Get get arguments $ids = [];
// Retrieve credential IDs from the database based on $userId
$ids = []; // Fetch credential IDs from the database if ($requireResidentKey) {
$getArgs = $WebAuthn->getGetArgs($ids, 60*4); if (!isset($_SESSION['registrations']) || !is_array($_SESSION['registrations']) || count($_SESSION['registrations']) === 0) {
throw new Exception('we do not have any registrations in session to check the registration');
}
} else {
// load registrations from session stored there by processCreate.
// normaly you have to load the credential Id's for a username
// from the database.
if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) {
foreach ($_SESSION['registrations'] as $reg) {
if ($reg->userId === $userId) {
$ids[] = $reg->credentialId;
}
}
}
if (count($ids) === 0) {
throw new Exception('no registrations in session for userId ' . $userId);
}
}
$getArgs = $WebAuthn->getGetArgs($ids, 60*4, $typeUsb, $typeNfc, $typeBle, $typeHyb, $typeInt, $userVerification);
header('Content-Type: application/json'); header('Content-Type: application/json');
print(json_encode($getArgs)); print(json_encode($getArgs));
// Save challenge to session or somewhere else if needed // save challange to session. you have to deliver it to processGet later.
$_SESSION['challenge'] = $WebAuthn->getChallenge();
}else if ($fn === 'processGet') { }else if ($fn === 'processGet') {
// Process get // Process get
// Retrieve registration data from the database based on credential ID // Retrieve registration data from the database based on credential ID
$id = base64_decode($post->id); $id = base64_decode($post->id);
$stmt = $conn->prepare("SELECT * FROM registrations WHERE credentialId = ?"); $stmt = $conn->prepare("SELECT * FROM user WHERE credential_id = ?");
$stmt->execute([$id]); $stmt->execute([$id]);
$registration = $stmt->fetch(PDO::FETCH_ASSOC); $registration = $stmt->fetch(PDO::FETCH_ASSOC);
@@ -278,7 +364,7 @@ try {
$signature = base64_decode($post->signature); $signature = base64_decode($post->signature);
$userHandle = base64_decode($post->userHandle); $userHandle = base64_decode($post->userHandle);
$challenge = $_SESSION['challenge'] ?? ''; $challenge = $_SESSION['challenge'] ?? '';
$credentialPublicKey = $registration['publicKey']; $credentialPublicKey = $registration['public_key'];
// Process the get request // Process the get request
$WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required'); $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, null, $userVerification === 'required');
@@ -298,5 +384,5 @@ try {
header('Content-Type: application/json'); header('Content-Type: application/json');
print(json_encode($return)); print(json_encode($return));
} }
*/
?> ?>