Merge branch 'master-wraith' into v1.0.4-work

backend/php/properties/php.properties.json

@@ -1,5 +1,5 @@
 {
 	"request.path": "../index.php",
-	"dump.path": "../dump.php",
+	"dump.path": "/../dump.php?frontend=",
 	"should.pay.toll": "false"
 }

backend/php/src/dump.php

@@ -11,7 +11,22 @@ header('Content-Disposition: attachment; filename=Clipperz_'.date("Ymd").'.html'
 	include "./objects/class.onetimepassword.php";
 	include "./objects/class.onetimepasswordstatus.php";
 
-	$htmlContent = file_get_contents("../index.html");
+	//$htmlContent = file_get_contents("../index.html");
+	switch ($_GET["frontend"]) {
+                case 'beta':
+                        $htmlContent = file_get_contents("beta/index.html");
+                        break;
+                case 'gamma':
+                        $htmlContent = file_get_contents("gamma/index.html");
+                        break;
+                case 'delta':
+                        $htmlContent = file_get_contents("delta/index.html");
+                        break;
+                default:
+                        exit ("Invalid Frontend");
+
+        }
+
 
 	session_start();
 
@@ -100,4 +115,4 @@ header('Content-Disposition: attachment; filename=Clipperz_'.date("Ymd").'.html'
 	session_write_close();
 	
 	echo str_replace("/*offline_data_placeholder*/", $data, $htmlContent);
-?>
+?>

backend/php/src/index.php

@@ -108,6 +108,7 @@ function digits($base) {
 
 function clipperz_hash($value) {
 	return hash("sha256", hash("sha256", $value, true));
+	//return hash("sha256", $value, false);
 }
 
 //-----------------------------------------------------------------------------
@@ -251,6 +252,8 @@ error_log("registration");
 error_log("handshake");
 			$srp_g = "2";
 			$srp_n = base2dec("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16);
+			// Define k:  k = H(N, g) in SRP-6a
+			$srp_k = base2dec(clipperz_hash($srp_n . $srp_g), 16);
 
 			$message = $parameters["message"];
 
@@ -287,9 +290,13 @@ error_log("handshake");
 					$_SESSION["v"] = "112233445566778899aabbccddeeff00112233445566778899aabbccddeeff00";
 				}
 
-				$_SESSION["b"] = clipperz_randomSeed();
+// This should now work with a random seed. Need to check.
+//				$_SESSION["b"] = clipperz_randomSeed();
 //				$_SESSION["b"] = "5761e6c84d22ea3c5649de01702d60f674ccfe79238540eb34c61cd020230c53";
-				$_SESSION["B"] = dec2base(bcadd(base2dec($_SESSION["v"], 16), bcpowmod($srp_g, base2dec($_SESSION["b"], 16), $srp_n)), 16);
+				$_SESSION["b"] = "23309839184091712110293815740584558132927982490099443826709662564655631314481";
+
+				// B = kv + g^b
+				$_SESSION["B"] = dec2base(bcmod( bcadd( bcmod( bcmul( $srp_k,  base2dec($_SESSION["v"], 16)), $srp_n), bcpowmod( $srp_g, $_SESSION["b"], $srp_n) ), $srp_n), 16);
 
 				$result["s"] = $_SESSION["s"];
 				$result["B"] = $_SESSION["B"];
@@ -297,11 +304,13 @@ error_log("handshake");
 			//=============================================================
 			} else if ($message == "credentialCheck") {
 error_log("credentialCheck");
-				$u = clipperz_hash(base2dec($_SESSION["B"],16));
 				$A = base2dec($_SESSION["A"], 16);
-				$S = bcpowmod(bcmul($A, bcpowmod(base2dec($_SESSION["v"], 16), base2dec($u, 16), $srp_n)), base2dec($_SESSION["b"], 16), $srp_n);
+				// u = H(A, B)
+				$u = base2dec(clipperz_hash($A . base2dec($_SESSION["B"],16)), 16);
+				// S = (Av^u) ^ b
+				$S = bcpowmod( bcmul( $A, bcpowmod( base2dec($_SESSION["v"], 16), $u, $srp_n) ), $_SESSION["b"], $srp_n );
 				$K = clipperz_hash($S);
-				$M1 = clipperz_hash($A.base2dec($_SESSION["B"],16).$K);
+				$M1 = clipperz_hash("597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" . clipperz_hash($_SESSION['C']) .  base2dec($_SESSION["s"],16) .  base2dec($_SESSION['A'],16) .  base2dec($_SESSION['B'],16) .  base2dec($K,16));
 
 //$result["B"] = $_SESSION["B"];
 //$result["u"] = $u;
@@ -310,6 +319,20 @@ error_log("credentialCheck");
 //$result["K"] = $K;
 //$result["M1"] = $M1;
 //$result["_M1"] = $parameters["parameters"]["M1"];
+ 
+// error_log("credentialCheck calculated: ". $M1);
+// error_log("credentialCheck S: ". $S);
+// error_log("credentialCheck A: ". $A);
+// error_log("credentialCheck B: ". $_SESSION["B"]);
+// error_log("credentialCheck base2dec: ". base2dec($_SESSION["B"],16));
+// error_log("credentialCheck K: ". base2dec($K,16));
+// error_log("credentialCheck n: ". $srp_n);
+// error_log("credentialCheck u: ". $u);
+// error_log("credentialCheck v: ". base2dec($_SESSION['v'],16));
+// error_log("credentialCheck expected: ". $parameters["parameters"]["M1"]);
+
+
+//User -> Host:  M = H(H(N) xor H(g), H(I), s, A, B, K)
 
 				if ($M1 == $parameters["parameters"]["M1"]) {
 					$_SESSION["K"] = $K;
@@ -386,7 +409,11 @@ error_log("message");
 						$recordStats["updateDate"] = $record->update_date;
 						$recordsStats[$record->reference] = $recordStats;
 					}
-					$result["recordsStats"] = $recordsStats;
+					if ( isset( $recordsStats ) ) {
+						$result["recordsStats"] = $recordsStats;
+					} else {
+						$result["recordsStats"] = NULL;
+					}
 
 					$result["statistics"] =	$user->statistics;
 					$result["version"] =	$user->version;
@@ -520,7 +547,11 @@ error_log("message");
 
 					$user->Save();
 
-					$recordToDeleteReferenceList = $parameters["parameters"]["records"]["deleted"];
+					if (isset( $parameters["parameters"]["records"]["deleted"] ) ) {
+						$recordToDeleteReferenceList = $parameters["parameters"]["records"]["deleted"];
+					} else {
+						$recordToDeleteReferenceList = NULL;
+					}
 					$recordList = array();
 					$c = count($recordToDeleteReferenceList);
 					for ($i=0; $i<$c; $i++) {

backend/php/src/objects/class.database.php

@@ -17,17 +17,10 @@
 		$databaseUser = $GLOBALS['configuration']['user'];
 		$databasePassword = $GLOBALS['configuration']['pass'];
 		$databasePort = $GLOBALS['configuration']['port'];
-		$this->connection = mysql_connect ($serverName.":".$databasePort, $databaseUser, $databasePassword);
-		if ($this->connection)
+		$this->connection = mysqli_connect ($serverName, $databaseUser, $databasePassword , $databaseName, $databasePort);
+		if (!$this->connection)
 		{
-			if (!mysql_select_db ($databaseName))
-			{
-				throw new Exception('I cannot find the specified database "'.$databaseName.'". Please edit configuration.php.');
-			}
-		}
-		else
-		{
-			throw new Exception('I cannot connect to the database. Please edit configuration.php with your database configuration.');
+			throw new Exception('I cannot find the specified database "'.$databaseName.'". Please edit configuration.php.');
 		}
 	}
 
@@ -43,19 +36,19 @@
 
 	public static function Reader($query, $connection)
 	{
-		$cursor = mysql_query($query, $connection);
+		$cursor = mysqli_query($connection, $query);
 		return $cursor;
 	}
 
 	public static function Read($cursor)
 	{
-		return mysql_fetch_assoc($cursor);
+		return mysqli_fetch_assoc($cursor);
 	}
 
 	public static function NonQuery($query, $connection)
 	{
-		mysql_query($query, $connection);
-		$result = mysql_affected_rows($connection);
+		mysqli_query($connection, $query);
+		$result = mysqli_affected_rows($connection);
 		if ($result == -1)
 		{
 			return false;
@@ -66,14 +59,14 @@
 
 	public static function Query($query, $connection)
 	{
-		$result = mysql_query($query, $connection);
-		return mysql_num_rows($result);
+		$result = mysqli_query($connection, $query);
+		return mysqli_num_rows($result);
 	}
 
 	public static function InsertOrUpdate($query, $connection)
 	{
-		$result = mysql_query($query, $connection);
-		return intval(mysql_insert_id($connection));
+		$result = mysqli_query($connection, $query);
+		return intval(mysqli_insert_id($connection));
 	}
 }
 ?>

backend/php/src/objects/class.pog_base.php

@@ -92,10 +92,10 @@ class POG_Base
 		return $objectList;
 	}
 
-	private function CreateObjects($mysql_result, $objectClass, $lazyLoad = true)
+	private function CreateObjects($mysqli_result, $objectClass, $lazyLoad = true)
 	{
 		$objectList = array();
-		while ($row = mysql_fetch_assoc($mysql_result))
+		while ($row = mysqli_fetch_assoc($mysqli_result))
 		{
 			$pog_object = new $objectClass();
 			$this->PopulateObjectAttributes($row, $pog_object);
@@ -140,4 +140,4 @@ class POG_Base
 		return false;
 	}
 }
-?>
+?>

backend/php/src/setup/index.php

@@ -164,24 +164,26 @@ if(count($_POST) > 0 && $_SESSION['diagnosticsSuccessful']==false)
 		if ($errors == 0)
 		{
 			AddTrace('File Structure....OK!');
-			if (!mysql_connect ($GLOBALS['configuration']['host'].":".$GLOBALS['configuration']['port'], $GLOBALS['configuration']['user'], $GLOBALS['configuration']['pass']))
+			#if (!mysql_connect ($GLOBALS['configuration']['host'].":".$GLOBALS['configuration']['port'], $GLOBALS['configuration']['user'], $GLOBALS['configuration']['pass']))
+			if (!mysqli_connect ($GLOBALS['configuration']['host'], $GLOBALS['configuration']['user'], $GLOBALS['configuration']['pass'],$GLOBALS['configuration']['db'], $GLOBALS['configuration']['port']))
 			{
 				$errors++;
 				AddError('Cannot connect to the specified database server. Edit configuration.php');
+				AddError('Cannot find the specified database "'.$GLOBALS['configuration']['db'].'". Edit configuration.php');
 			}
 			if (isset($GLOBALS['configuration']['db_encoding']) && $GLOBALS['configuration']['db_encoding'] == 1 && !Base64::IsBase64FunctionInstalled())
 			{
 				$errors++;
 				AddError('$configuration[db_encoding] needs to be set to 0 until you install the base64 plugin. Set db_encoding to 0 by editing configuration.php, run setup again and go to the "Manage Plugins" tab. Install the base64 plugin. Then you can set db_encoding = 1');
 			}
-			if ($errors == 0)
-			{
-				if (!@mysql_select_db ($GLOBALS['configuration']['db']))
-				{
-					$errors++;
-					AddError('Cannot find the specified database "'.$GLOBALS['configuration']['db'].'". Edit configuration.php');
-				}
-			}
+#			if ($errors == 0)
+#			{
+#				if (!@mysql_select_db ($GLOBALS['configuration']['db']))
+#				{
+#					$errors++;
+#					AddError('Cannot find the specified database "'.$GLOBALS['configuration']['db'].'". Edit configuration.php');
+#				}
+#			}
 		}
 
 		/**

backend/php/src/setup/setup_library/setup_misc.php

@@ -276,10 +276,10 @@
 	{
 		$link = '';
 		$content = file_get_contents($objectFilePath);
-		$contentParts = split("<b>",$content);
+		$contentParts = explode("<b>",$content);
 		if (isset($contentParts[1]))
 		{
-			$contentParts2 = split("</b>",$contentParts[1]);
+			$contentParts2 = explode("</b>",$contentParts[1]);
 		}
 		if (isset($contentParts2[0]))
 		{
@@ -287,8 +287,8 @@
 		}
 		if (isset($className))
 		{
-			$linkParts1 = split("\*\/", $contentParts[1]);
-			$linkParts2 = split("\@link", $linkParts1[0]);
+			$linkParts1 = explode("\*\/", $contentParts[1]);
+			$linkParts2 = explode("\@link", $linkParts1[0]);
 			if (isset($linkParts2[1]))
 			{
 				$link = $linkParts2[1];
@@ -313,10 +313,10 @@
 	function GetObjectName($objectFilePath)
 	{
 		$content = file_get_contents($objectFilePath);
-		$contentParts = split("<b>",$content);
+		$contentParts = explode("<b>",$content);
 		if (isset($contentParts[1]))
 		{
-			$contentParts2 = split("</b>",$contentParts[1]);
+			$contentParts2 = explode("</b>",$contentParts[1]);
 		}
 		if (isset($contentParts2[0]))
 		{
@@ -593,10 +593,10 @@
 
 		//extract sql
 		$content = file_get_contents($objectFilePath);
-		$contentParts = split("<b>",$content);
+		$contentParts = explode("<b>",$content);
 		if (isset($contentParts[1]))
 		{
-			$contentParts2 = split("</b>",$contentParts[1]);
+			$contentParts2 = explode("</b>",$contentParts[1]);
 		}
 		if (isset($contentParts2[0]))
 		{
@@ -604,8 +604,8 @@
 		}
 		if (isset($className))
 		{
-			$sqlParts = split(";",$contentParts[0]);
-			$sqlPart = split("CREATE",$sqlParts[0]);
+			$sqlParts = explode(";",$contentParts[0]);
+			$sqlPart = explode("CREATE",$sqlParts[0]);
 			$sql = "CREATE ".$sqlPart[1].";";
 
 			//execute sql
@@ -2354,4 +2354,4 @@
 		}
 		return 0;
 	}
-?>
+?>