-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjwt.php
117 lines (105 loc) · 3.54 KB
/
jwt.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
require_once (__SITE_ROOT__ . '/classes/JWT.php');
// attack requires user - if not logged in, just display message and return
if(!isset($_SESSION['uid']) || !is_numeric($_SESSION['uid'])) {
echo '<p>Not logged in. Please <a href="index.php?page=login.php">login/register</a> first...</p>';
return;
}
try {
switch ($_SESSION["security-level"]){
case "0": // This code is insecure.
$lEnableSignatureValidation = FALSE;
$lKey = 'snowman';
break;
case "1": // This code is insecure.
$lEnableSignatureValidation = TRUE;
$lKey = 'snowman';
break;
case "2":
case "3":
case "4":
case "5": // This code is fairly secure
$lEnableSignatureValidation = TRUE;
$lKey = 'MIIBPAIBAAJBANBs46xCKgSt8vSgpGlDH0C8znhqhtOZQQjFCaQzcseGCVlrbI';
break;
}// end switch
}catch(Exception $e){
echo $CustomErrorHandler->getExceptionMessage($e, "Error setting up configuration on page jwt.php");
}// end try
// generate a token with the current user info
$authToken = generate_token($lKey);
function generate_token($key) {
$payload = array(
"iss" => "http://mutillidae.localhost",
"aud" => "http://mutillidae.localhost",
"iat" => time(),
"exp" => time() + (30 * 60),
"userid" => $_SESSION["uid"]
);
$jwt = JWT::encode($payload, $key);
return $jwt;
}
?>
<div class="page-title">Current User Information</div>
<?php include_once (__SITE_ROOT__.'/includes/back-button.inc');?>
<?php include_once (__SITE_ROOT__.'/includes/hints/hints-menu-wrapper.inc'); ?>
<!-- BEGIN HTML OUTPUT -->
<div id="loading-div">Loading user information, please wait...</div>
<div> </div>
<table id="idDisplayTable" style="display:none;">
<thead>
<tr>
<td colspan="2" class="form-header">Current User Information</td>
</tr>
<tr><td> </td></tr>
</thead>
<tbody id="idDisplayTableBody"></tbody>
</table>
<script type="text/javascript">
var authToken = "<?php echo $authToken ?>";
try{
var lXMLHTTP;
lXMLHTTP = new XMLHttpRequest();
lXMLHTTP.onreadystatechange=function() {
if (lXMLHTTP.readyState==4 && lXMLHTTP.status==200) {
var lUserDetailsJSON = JSON.parse(lXMLHTTP.response);
loadingdiv = document.getElementById("loading-div");
loadingdiv.style.display="none";
displayUserDetails(lUserDetailsJSON);
};
};
lXMLHTTP.open("POST", "./ajax/jwt.php", true);
lXMLHTTP.setRequestHeader("AuthToken", authToken);
lXMLHTTP.send();
}catch(e){
alert("Error trying execute AJAX call: " + e.message);
}//end try
var displayUserDetails = function(pUserInfoJSON){
try {
var laInfo = pUserInfoJSON;
if(laInfo) {
document.getElementById("idDisplayTable").style.display="";
addRow('CID', pUserInfoJSON['cid']);
addRow('User Name', pUserInfoJSON['username']);
addRow('First Name', pUserInfoJSON['firstname']);
addRow('Last Name', pUserInfoJSON['lastname']);
addRow('Signature', pUserInfoJSON['mysignature']);
addRow('Is Admin', pUserInfoJSON['is_admin']);
addRow('Password', '*********');
}
}catch(/*Exception*/ e){
alert("Error trying to parse JSON: " + e.message);
}// end try
};// end function
var addRow = function(pFieldName, pFieldValue) {
var lTBody = document.getElementById("idDisplayTableBody");
var row = lTBody.insertRow();
var newcell1 = row.insertCell(0);
var newcell2 = row.insertCell(1);
newcell1.innerText = pFieldName;
newcell1.setAttribute("class","sub-header");
newcell2.innerText = pFieldValue;
newcell2.setAttribute("class","sub-body");
newcell2.setAttribute("style","text-align:left");
}
</script>