1<?php 2/* 3CVS username+password authentication service for .php.net sites. 4Usage: 5$post = http_build_query( 6 [ 7 "token" => getenv("TOKEN"), 8 "username" => $username, 9 "password" => $password, 10 ] 11); 12 13$opts = [ 14 "method" => "POST", 15 "header" => "Content-type: application/x-www-form-urlencoded", 16 "content" => $post, 17]; 18 19$ctx = stream_context_create(["http" => $opts]); 20 21$s = file_get_contents("https://master.php.net/fetch/cvsauth.php", false, $ctx); 22 23$a = @unserialize($s); 24if (!is_array($a)) { 25 echo "Unknown error\n"; 26 exit; 27} 28if (isset($a["errno"])) { 29 echo "Authentication failed: ", $a["errstr"], "\n"; 30 exit; 31} 32 33echo $a["SUCCESS"], "\n"; 34*/ 35 36require 'functions.inc'; 37require 'cvs-auth.inc'; 38 39# Error constants 40define("E_UNKNOWN", 0); 41define("E_USERNAME", 1); 42define("E_PASSWORD", 2); 43 44function exit_forbidden($why) { 45 switch($why) { 46 case E_USERNAME: 47 echo serialize(["errstr" => "Incorrect username", "errno" => E_USERNAME]); 48 break; 49 50 case E_PASSWORD: 51 echo serialize(["errstr" => "Incorrect password", "errno" => E_PASSWORD]); 52 break; 53 54 case E_UNKNOWN: 55 default: 56 echo serialize(["errstr" => "Unknown error", "errno" => E_UNKNOWN]); 57 } 58 exit; 59} 60 61function exit_success() { 62 echo serialize(["SUCCESS" => "Username and password OK"]); 63 exit; 64} 65 66// Create required variables and kill MQ 67$fields = ["token", "username", "password"]; 68foreach($fields as $field) { 69 if (isset($_POST[$field])) { 70 $$field = $_POST[$field]; 71 } else { 72 exit_forbidden(E_UNKNOWN); 73 } 74} 75 76# token required since this should only get accessed from .php.net sites 77if (!isset($_REQUEST['token']) || md5($_REQUEST['token']) != "73864a7c89d97a13368fc213075036d1") { 78 exit_forbidden(E_UNKNOWN); 79} 80 81if (!verify_username($username)) { 82 exit_forbidden(E_USERNAME); 83} 84 85if (!verify_password($username, $password)) { 86 exit_forbidden(E_PASSWORD); 87} 88 89exit_success(); 90 91 92
