-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
33 changed files
with
4,245 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
|
||
<?php | ||
|
||
include( "settings.php" ); | ||
|
||
|
||
global $enableYubikey, $passwordHashingPepper; | ||
|
||
?> | ||
|
||
|
||
<script type="text/javascript" src="sha1.js"></script> | ||
|
||
<script type="text/javascript"> | ||
|
||
|
||
function calcHMAC() { | ||
try { | ||
|
||
var hmacInput = document.getElementById("hmacInputText"); | ||
var pepperInput = document.getElementById("pepperInputText"); | ||
var hmacOutput = document.getElementById("hmacOutputText"); | ||
|
||
var shaObj = new jsSHA("SHA-1", "TEXT"); | ||
shaObj.setHMACKey( pepperInput.value, "TEXT" ); | ||
shaObj.update( hmacInput.value ); | ||
hmacOutput.value = shaObj.getHMAC("HEX"); | ||
|
||
} catch(e) { | ||
hmacOutput.value = e.message | ||
} | ||
} | ||
</script> | ||
|
||
<body onload="calcHMAC()"> | ||
|
||
<FORM> | ||
<INPUT TYPE="password" MAXLENGTH=20 SIZE=20 NAME="password" autofocus id="hmacInputText" onkeyup="calcHMAC()"> | ||
</FORM> | ||
|
||
|
||
|
||
<FORM ACTION="server.php" METHOD="post"> | ||
<?php | ||
|
||
if( $enableYubikey ) { | ||
?> | ||
<br> | ||
Yubikey:<br> | ||
<INPUT TYPE="password" MAXLENGTH=48 SIZE=48 NAME="yubikey"> | ||
|
||
<?php | ||
} | ||
?> | ||
|
||
<INPUT TYPE="hidden" NAME="action" VALUE="show_data"> | ||
<INPUT TYPE="Submit" VALUE="login"> | ||
|
||
<br> | ||
<br> | ||
Server-provided Pepper: | ||
<br> | ||
<input type="text" size="75" name="pepper" readonly value="<?php echo $passwordHashingPepper;?>" id="pepperInputText"> | ||
|
||
<br> | ||
hmac_sha1 of password with pepper as key:<br> | ||
<input type="text" size="75" name="passwordHMAC" id="hmacOutputText"> | ||
|
||
</FORM> | ||
|
||
|
||
</body> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
<?php | ||
|
||
include( "settings.php" ); | ||
|
||
global $passwordHashingPepper; | ||
|
||
if( isset( $_REQUEST[ "password" ] ) ) { | ||
$hash = hash_hmac( "sha1", | ||
$_REQUEST[ "password" ], | ||
$passwordHashingPepper ); | ||
|
||
$hash = hash_hmac( "sha1", | ||
$hash, | ||
$passwordHashingPepper ); | ||
|
||
echo "Password hash is: $hash"; | ||
} | ||
else { | ||
?> | ||
<FORM ACTION="passwordHashUtility.php" METHOD="post"> | ||
<INPUT TYPE="password" MAXLENGTH=200 SIZE=20 NAME="password"> | ||
<INPUT TYPE="Submit" VALUE="Generate Password Hash"> | ||
|
||
<?php | ||
|
||
} | ||
|
||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,172 @@ | ||
|
||
|
||
|
||
|
||
server.php | ||
?action=get_client_sequence_number | ||
&email=[email address] | ||
|
||
Return: | ||
sequence number | ||
OK | ||
|
||
Gets next valid sequence number associated with email, for client requests. | ||
Note that even if email is unknown to server, 0 will be returned so that first | ||
request can be submitted. | ||
|
||
|
||
|
||
server.php | ||
?action=get_server_sequence_number | ||
&server_name=[full server name] | ||
|
||
Return: | ||
sequence number | ||
OK | ||
|
||
Gets next valid sequence number associated with server name, for server | ||
requests. Note that even if server is unknown to server, 0 will be returned | ||
so that first request can be submitted. | ||
|
||
|
||
|
||
|
||
server.php | ||
?action=report_death | ||
&email=[email address] | ||
&name=[character name] | ||
&display_id=[object id] | ||
&self_rel_name=[word for You] | ||
&ancestor_list=[list] | ||
&server_name=[name] | ||
&sequence_number=[int] | ||
&hash_value=[hash value] | ||
|
||
Return: | ||
OK | ||
-or- | ||
DENIED | ||
|
||
Used by game servers to indicate that a given email finished a life and died | ||
|
||
DENIED is returned if there are no life tokens left. | ||
|
||
|
||
hash_value is computed on both ends with: | ||
|
||
HMAC_SHA1( $shared_secret, $sequence_number ) | ||
|
||
|
||
Where $shared_secret is a secret string known to both the fitnessServer and | ||
the game servers that have permission to spend tokens. | ||
|
||
If sequence number is <= previously used sequence number for this server, | ||
request will be rejected. | ||
|
||
Anscestor list is in following format: | ||
|
||
email Relation_Name,email Relation_Name,... | ||
|
||
(obviously, this list will be URL-encoded) | ||
|
||
Relation names like Great Granddaughter must have spaces replaced by _, like: | ||
Great_Granddaughter | ||
|
||
|
||
NOTE: in case of Eve or baby-suicide, Ancestor list will be blank | ||
|
||
|
||
|
||
|
||
|
||
server.php | ||
?action=get_score | ||
&email=[email address] | ||
&server_name=[name] | ||
&sequence_number=[int] | ||
&hash_value=[hash value] | ||
|
||
Return: | ||
score | ||
OK | ||
-or- | ||
DENIED | ||
|
||
Used by game servers to request a given user's current score. | ||
|
||
DENIED is returned if the email isn't known | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
==== | ||
These calls are called by game clients | ||
==== | ||
|
||
|
||
server.php | ||
?action=get_client_score | ||
&email=[email address] | ||
&sequence_number=[int] | ||
&hash_value=[hash value] | ||
|
||
Return: | ||
leaderboard_name | ||
score | ||
rank | ||
OK | ||
-or- | ||
DENIED | ||
|
||
Used by clients to request score information. | ||
|
||
DENIED is returned if the email isn't known or hash check fails | ||
|
||
|
||
|
||
hash_value is computed on both ends with: | ||
|
||
HMAC_SHA1( $ticket_id, $string_to_hash ) | ||
|
||
Where $ticket_id has hyphens removed and is all uppercase. | ||
|
||
|
||
|
||
|
||
server.php | ||
?action=get_client_score_details | ||
&email=[email address] | ||
&sequence_number=[int] | ||
&hash_value=[hash value] | ||
|
||
Return: | ||
leaderboard_name | ||
score | ||
rank | ||
name,relation,display_id,died_sec_ago,age,old_score,new_score | ||
name,relation,display_id,died_sec_ago,age,old_score,new_score | ||
name,relation,display_id,died_sec_ago,age,old_score,new_score | ||
.... | ||
name,relation,display_id,died_sec_ago,age,old_score,new_score | ||
OK | ||
-or- | ||
DENIED | ||
|
||
Used by clients to request detailed score information. | ||
|
||
DENIED is returned if the email isn't known or hash check fails | ||
|
||
Same results as get_client_score, followed by list of recent selves and | ||
offspring that contributed to the score | ||
|
||
|
||
|
||
|
||
hash_value is computed on both ends with: | ||
|
||
HMAC_SHA1( $ticket_id, $string_to_hash ) | ||
|
||
Where $ticket_id has hyphens removed and is all uppercase. |
Oops, something went wrong.