-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathretrieve.php
More file actions
50 lines (40 loc) · 1.4 KB
/
retrieve.php
File metadata and controls
50 lines (40 loc) · 1.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
//Includes
require_once "commonlogic.php";
require_once "sqlio.php";
//SQL io helper
$sqlio = new SqlIO();
try
{
$expectedInputs = array("username", "site", "flower1", "flower2");
foreach($expectedInputs as $input)
if(empty($_POST[$input]))
throw new Exception("Missing input $input");
//Get post variables
$username = $_POST['username'];
$site = $_POST['site'];
$flower1 = $_POST['flower1'];
$flower2 = $_POST['flower2'];
if($sqlio->shouldBeBlocked())
throw new Exception("Too many requests.");
//Get insecure password hash for generation (not stored)
$passHash = getPassHash($flower1, $flower2);
//Get entry from database if it exists
$entry = null;
if($sqlio->doesEntryExist($username, $site))
$entry = $sqlio->retrieveEntry($username, $site);
else
throw new Exception("Wrong username or site id.");
//All seems okay. Generate the password and return it.
$data = generatePassword(md5($site), $passHash, $entry->min_length, $entry->max_length, $entry->avoid_dictionary_attacks!=null);
$sqlio->logSuccessRetrieval($entry->id);
return print json_encode(array("status" => "success", "data" => $data));
}
catch(Exception $e)
{
$msg = $e->getMessage();
try { $sqlio->logFailedRetrieval(); }
catch (Exception $e2) { $msg .= " - Also, could not log failure: " . $e2->getMessage(); }
return print json_encode(array("status" => "failure", "data" => $msg));
}
?>