gPass/server/functions.php

<?php
/*
  Copyright (C) 2013-2017 Grégory Soutadé
  
  This file is part of gPass.
  
  gPass is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation, either version 3 of the License, or
  (at your option) any later version.
  
  gPass is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  
  You should have received a copy of the GNU General Public License
  along with gPass.  If not, see <http://www.gnu.org/licenses/>.
*/

/*
  login is stored as :
  url;login + 16 bytes padding * \0 + sha256(url;login + padding)[8:24]
  
  Password is salted (3 random characters) and encrypted

  All is encrypted with AES256-CBC and key PBKDF2(hmac_sha256, master key, server url, 1000)
  level is server configurable
  iv is PBKDF2(hmac_sha256, server url, master key, 1000)[0:16]
 */
$MAX_ENTRY_LEN = 512;
$USERS_PATH = "./users/";
$TARGET_DB_VERSION = 2;

function sanitize($val)
{
    return (isset($_POST[$val])) ? addslashes($_POST[$val]) : "";
}

// From http://php.net/manual/en/function.copy.php
function recurse_copy($src,$dst) {
    $dir = opendir($src);
    if ($dir == FALSE) return FALSE;
    if (!@mkdir($dst)) return FALSE;
    while(false !== ( $file = readdir($dir)) ) {
        if (( $file != '.' ) && ( $file != '..' )) {
            if ( is_dir($src . '/' . $file) ) {
                return recurse_copy($src . '/' . $file,$dst . '/' . $file);
            }
            else {
                copy($src . '/' . $file,$dst . '/' . $file);
            }
        }
    }
    closedir($dir);
    return TRUE;
} 

function create_user($user)
{
    global $USERS_PATH;

    if (strpos($user, "..") || strpos($user, "/") || $user[0] == "." || $user[0] == "_")
    {
        echo "<div class=\"error\">Invalid user</div>";
    }
    else
    {
        $user = $USERS_PATH . $user;

        if (file_exists($user))
        {
            echo "<div class=\"error\">User already exists</div>";
        }
        else
        {
            if (!recurse_copy("./ref", $user))
            {
                echo "<div class=\"error\">Cannot create user $user</div>";
            }
            else
            {
                return true;
            }
        }
    }

    return false;
}

function _migrate_0($user, $db)
{
    try {
        $db->query("ALTER TABLE gpass ADD access_token VARCHAR(32)");
        $db->query("ALTER TABLE gpass ADD shadow_login VARCHAR(32)");
        $db->query("ALTER TABLE gpass ADD salt VARCHAR(32)");

        $db->query("CREATE TABLE db_version(version INTEGER)");
        $db->query("INSERT INTO db_version (version) VALUES (1)");
    }
    catch(Exception $e)
    {
        $db->close();
        echo "<div class=\"error\">Unable to load database for user $user ! : $e</div>";
        return -1;
    }

    return 0;
}

function _migrate_1($user, $db)
{
    try {
        $db->query("CREATE TABLE conf(db_version INTEGER, last_access_time INTEGER)");
        $db->query("INSERT INTO conf VALUES(2, 0)");
    }
    catch(Exception $e)
    {
        $db->close();
        echo "<div class=\"error\">Unable to load database for user $user ! : $e</div>";
        return -1;
    }

    return 0;
}

function migrate_database($user, $db)
{
    global $TARGET_DB_VERSION;

    $migration_functions = ['_migrate_0', '_migrate_1'];

    $version = $db->querySingle("SELECT db_version FROM conf");
    if ($version == NULL || $version == -1)
    {
        $version = $db->querySingle("SELECT version FROM db_version");
        if ($version == NULL || $version == -1)
            $version = 0;
    }

    for($i=$version; $i<$TARGET_DB_VERSION; $i++)
    {
        if ($migration_functions[$i]($user, $db))
            return -1;
    }

    return 0;
}

function load_database($user)
{
    global $USERS_PATH;

    try {
        $db = new SQLite3($USERS_PATH . "$user/gpass.bdd", SQLITE3_OPEN_READWRITE);
    }
    catch(Exception $e)
    {
        echo "<div class=\"error\">Unable to load database for user $user !</div>";
        return null;
    }

    if (migrate_database($user, $db))
        return null;

    // New access need to reset crypto
    unset($_SESSION['td']);

    return $db;
}

function add_entry($user, $login, $password,
                   $shadow_login, $salt, $access_token)
{
    global $USE_SHADOW_LOGINS;

    $db = load_database($user);

    if ($db == null)
    {
        echo "Unknown user";
        return false;
    }

    if ($USE_SHADOW_LOGINS && (strlen($shadow_login) != 32 ||
    strlen($salt) != 32 || strlen($access_token) != 32))
    {
        $db->close();
        echo "Shadow login not configured";
        return false;
    }

    $count = $db->querySingle("SELECT COUNT(*) FROM gpass WHERE login='" . $login . "'");

    if ($count != NULL && $count != 0)
    {
        echo "Entry already exists";
        return false;
    }

    $result = $db->exec("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES
 ('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')");

 /*    error_log("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES */
 /* ('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')"); */
    $db->close();

    if (!$result)
    {
        echo "Error " . $db->lastErrorMsg();
        return false;
    }
    else
    {
        echo "OK";
        return true;
    }
}

function delete_entry($user, $login, $access_token)
{
    global $USE_SHADOW_LOGINS;
    
    $db = load_database($user);

    if ($db == null)
    {
        echo "Unknown user";
        return false;
    }

    if ($USE_SHADOW_LOGINS)
    {
        $db_ac = $db->querySingle("SELECT access_token FROM gpass WHERE login='" . $login . "'");
        if ($db_ac != NULL && strcmp($db_ac, $access_token))
            {
                $db->close();
                echo "Bad access token";
                return false;
            }
    }

    $result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");
    $db->close();

    if (!$result)
    {
        echo "Error " . $db->lastErrorMsg();
        return false;
    }
    else
    {
        echo "OK";
        return true;
    }
}

function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token)
{
    if (delete_entry($user, $old_login, $old_access_token))
        return add_entry($user, $mkey, $url, $login, $password, $shadow_login, $salt, $new_access_token);

    return false;
}

function list_entries($user)
{
    global $USE_SHADOW_LOGINS;

    $db = load_database($user);

    if ($db == null) return;

    $result = $db->query("SELECT * FROM gpass");

    $first = false;
    header('Content-Type: application/json');
    echo "{ \"entries\" : [\n";

    while (($row = $result->fetchArray()))
    {
        if ($first) echo ",";
        else $first = true;
        if (!strlen($row['shadow_login']) || !$USE_SHADOW_LOGINS)
            echo "{\"login\" : \"" . $row['login'] . "\", \"password\" : \"" . $row['password'] . "\" }\n";
        else
            echo "{\"shadow_login\" : \"" . $row['shadow_login'] . "\", \"salt\" : \"" . $row['salt'] . "\" }\n";
    }

    echo "]}";

    $db->close();
}

function get_secure_entries($user, $access_tokens)
{
    $db = load_database($user);

    if ($db == null) return;

    $query = "SELECT access_token, login, password FROM gpass WHERE access_token IN (";
    $first = false;

    foreach (preg_split("/,/", $access_tokens) as $ac)
    {
        /* error_log($ac); */
        if ($first) $query .= ", ";
        else $first = true;
        $query .= "'$ac'";
    }
    $query .= ")";

    //error_log($query);
    $result = $db->query($query);

    header('Content-Type: application/json');
    $first = false;
    echo "{ \"entries\" : [\n";

    while (($row = $result->fetchArray()))
    {
        if ($first) echo ",";
        else $first = true;
        echo "{\"access_token\" : \"" . $row['access_token'] . "\", \"login\" : \"" . $row['login'] . "\", \"password\" : \"" . $row['password'] . "\" }\n";
    }

    echo "]}";

    $db->close();
}

?>
Initial commit 2013-10-09 20:47:43 +02:00			`<?php`
			`/*`
Some comment and copyright updates 2017-07-19 19:12:56 +02:00			`Copyright (C) 2013-2017 Grégory Soutadé`
Initial commit 2013-10-09 20:47:43 +02:00
			`This file is part of gPass.`

			`gPass is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`gPass is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with gPass. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`/*`
			`login is stored as :`
Add new encryption scheme in server part. 2017-04-17 20:37:26 +02:00			`url;login + 16 bytes padding * \0 + sha256(url;login + padding)[8:24]`
Initial commit 2013-10-09 20:47:43 +02:00
			`Password is salted (3 random characters) and encrypted`

Add new encryption scheme in server part. 2017-04-17 20:37:26 +02:00			`All is encrypted with AES256-CBC and key PBKDF2(hmac_sha256, master key, server url, 1000)`
			`level is server configurable`
			`iv is PBKDF2(hmac_sha256, server url, master key, 1000)[0:16]`
Initial commit 2013-10-09 20:47:43 +02:00			`*/`
			`$MAX_ENTRY_LEN = 512;`
			`$USERS_PATH = "./users/";`
New version of database, add last_access_time field 2015-12-04 17:01:41 +01:00			`$TARGET_DB_VERSION = 2;`
Initial commit 2013-10-09 20:47:43 +02:00
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`function sanitize($val)`
Initial commit 2013-10-09 20:47:43 +02:00			`{`
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`return (isset($_POST[$val])) ? addslashes($_POST[$val]) : "";`
Initial commit 2013-10-09 20:47:43 +02:00			`}`

			`// From http://php.net/manual/en/function.copy.php`
			`function recurse_copy($src,$dst) {`
			`$dir = opendir($src);`
			`if ($dir == FALSE) return FALSE;`
			`if (!@mkdir($dst)) return FALSE;`
			`while(false !== ( $file = readdir($dir)) ) {`
			`if (( $file != '.' ) && ( $file != '..' )) {`
			`if ( is_dir($src . '/' . $file) ) {`
			`return recurse_copy($src . '/' . $file,$dst . '/' . $file);`
			`}`
			`else {`
			`copy($src . '/' . $file,$dst . '/' . $file);`
			`}`
			`}`
			`}`
			`closedir($dir);`
			`return TRUE;`
			`}`

			`function create_user($user)`
			`{`
			`global $USERS_PATH;`

			`if (strpos($user, "..") \|\| strpos($user, "/") \|\| $user[0] == "." \|\| $user[0] == "_")`
			`{`
			`echo "<div class=\"error\">Invalid user</div>";`
			`}`
			`else`
			`{`
			`$user = $USERS_PATH . $user;`

			`if (file_exists($user))`
			`{`
			`echo "<div class=\"error\">User already exists</div>";`
			`}`
			`else`
			`{`
			`if (!recurse_copy("./ref", $user))`
			`{`
			`echo "<div class=\"error\">Cannot create user $user</div>";`
			`}`
			`else`
			`{`
			`return true;`
			`}`
			`}`
			`}`

			`return false;`
			`}`

Introduce shadow logins 2015-02-09 18:57:49 +01:00			`function _migrate_0($user, $db)`
			`{`
			`try {`
			`$db->query("ALTER TABLE gpass ADD access_token VARCHAR(32)");`
			`$db->query("ALTER TABLE gpass ADD shadow_login VARCHAR(32)");`
			`$db->query("ALTER TABLE gpass ADD salt VARCHAR(32)");`

			`$db->query("CREATE TABLE db_version(version INTEGER)");`
			`$db->query("INSERT INTO db_version (version) VALUES (1)");`
			`}`
			`catch(Exception $e)`
			`{`
			`$db->close();`
			`echo "<div class=\"error\">Unable to load database for user $user ! : $e</div>";`
			`return -1;`
			`}`

			`return 0;`
			`}`

New version of database, add last_access_time field 2015-12-04 17:01:41 +01:00			`function _migrate_1($user, $db)`
			`{`
			`try {`
			`$db->query("CREATE TABLE conf(db_version INTEGER, last_access_time INTEGER)");`
			`$db->query("INSERT INTO conf VALUES(2, 0)");`
			`}`
			`catch(Exception $e)`
			`{`
			`$db->close();`
			`echo "<div class=\"error\">Unable to load database for user $user ! : $e</div>";`
			`return -1;`
			`}`

			`return 0;`
			`}`

Introduce shadow logins 2015-02-09 18:57:49 +01:00			`function migrate_database($user, $db)`
			`{`
			`global $TARGET_DB_VERSION;`

New version of database, add last_access_time field 2015-12-04 17:01:41 +01:00			`$migration_functions = ['_migrate_0', '_migrate_1'];`
Introduce shadow logins 2015-02-09 18:57:49 +01:00
New version of database, add last_access_time field 2015-12-04 17:01:41 +01:00			`$version = $db->querySingle("SELECT db_version FROM conf");`
Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`if ($version == NULL \|\| $version == -1)`
New version of database, add last_access_time field 2015-12-04 17:01:41 +01:00			`{`
			`$version = $db->querySingle("SELECT version FROM db_version");`
Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`if ($version == NULL \|\| $version == -1)`
New version of database, add last_access_time field 2015-12-04 17:01:41 +01:00			`$version = 0;`
			`}`
Introduce shadow logins 2015-02-09 18:57:49 +01:00
			`for($i=$version; $i<$TARGET_DB_VERSION; $i++)`
			`{`
			`if ($migration_functions[$i]($user, $db))`
			`return -1;`
			`}`

			`return 0;`
			`}`

Initial commit 2013-10-09 20:47:43 +02:00			`function load_database($user)`
			`{`
			`global $USERS_PATH;`

			`try {`
			`$db = new SQLite3($USERS_PATH . "$user/gpass.bdd", SQLITE3_OPEN_READWRITE);`
			`}`
			`catch(Exception $e)`
			`{`
			`echo "<div class=\"error\">Unable to load database for user $user !</div>";`
			`return null;`
			`}`

Introduce shadow logins 2015-02-09 18:57:49 +01:00			`if (migrate_database($user, $db))`
			`return null;`

Initial commit 2013-10-09 20:47:43 +02:00			`// New access need to reset crypto`
			`unset($_SESSION['td']);`

			`return $db;`
			`}`

Introduce shadow logins 2015-02-09 18:57:49 +01:00			`function add_entry($user, $login, $password,`
			`$shadow_login, $salt, $access_token)`
Initial commit 2013-10-09 20:47:43 +02:00			`{`
Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`global $USE_SHADOW_LOGINS;`

Initial commit 2013-10-09 20:47:43 +02:00			`$db = load_database($user);`

Add add_entry and delete_entry 2013-10-22 18:33:44 +02:00			`if ($db == null)`
			`{`
			`echo "Unknown user";`
Initial commit 2013-10-09 20:47:43 +02:00			`return false;`
Add add_entry and delete_entry 2013-10-22 18:33:44 +02:00			`}`
Initial commit 2013-10-09 20:47:43 +02:00
Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`if ($USE_SHADOW_LOGINS && (strlen($shadow_login) != 32 \|\|`
			`strlen($salt) != 32 \|\| strlen($access_token) != 32))`
			`{`
			`$db->close();`
			`echo "Shadow login not configured";`
			`return false;`
			`}`

Initial commit 2013-10-09 20:47:43 +02:00			`$count = $db->querySingle("SELECT COUNT(*) FROM gpass WHERE login='" . $login . "'");`

Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`if ($count != NULL && $count != 0)`
Initial commit 2013-10-09 20:47:43 +02:00			`{`
Add add_entry and delete_entry 2013-10-22 18:33:44 +02:00			`echo "Entry already exists";`
Initial commit 2013-10-09 20:47:43 +02:00			`return false;`
			`}`

Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`$result = $db->exec("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES`
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')");`
Initial commit 2013-10-09 20:47:43 +02:00
Display an error message when a query failed (previous : silent fail...) 2015-09-05 09:21:45 +02:00			`/* error_log("INSERT INTO gpass ('login', 'password', 'shadow_login', 'salt', 'access_token') VALUES */`
			`/* ('" . $login . "', '" . $password . "', '" . $shadow_login . "', '" . $salt . "', '" . $access_token . "')"); */`
Server side modifications Fix bad implementation of PKDBF2 and HMAC New protocol version (2) 2013-12-07 10:14:38 +01:00			`$db->close();`

Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`if (!$result)`
Display an error message when a query failed (previous : silent fail...) 2015-09-05 09:21:45 +02:00			`{`
			`echo "Error " . $db->lastErrorMsg();`
			`return false;`
			`}`
			`else`
			`{`
			`echo "OK";`
			`return true;`
			`}`
Initial commit 2013-10-09 20:47:43 +02:00			`}`

Introduce shadow logins 2015-02-09 18:57:49 +01:00			`function delete_entry($user, $login, $access_token)`
Initial commit 2013-10-09 20:47:43 +02:00			`{`
Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`global $USE_SHADOW_LOGINS;`

Initial commit 2013-10-09 20:47:43 +02:00			`$db = load_database($user);`

Add add_entry and delete_entry 2013-10-22 18:33:44 +02:00			`if ($db == null)`
			`{`
			`echo "Unknown user";`
			`return false;`
			`}`
Initial commit 2013-10-09 20:47:43 +02:00
Database access optimization if there is no shadow logins 2017-04-17 20:37:26 +02:00			`if ($USE_SHADOW_LOGINS)`
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`{`
Database access optimization if there is no shadow logins 2017-04-17 20:37:26 +02:00			`$db_ac = $db->querySingle("SELECT access_token FROM gpass WHERE login='" . $login . "'");`
Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`if ($db_ac != NULL && strcmp($db_ac, $access_token))`
Database access optimization if there is no shadow logins 2017-04-17 20:37:26 +02:00			`{`
			`$db->close();`
			`echo "Bad access token";`
			`return false;`
			`}`
			`}`

Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`$result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");`
Database access optimization if there is no shadow logins 2017-04-17 20:37:26 +02:00			`$db->close();`

Checks for right shadow login when adding an entry Use exec() instead of query() when it's necessary for SQL queries 2017-04-17 20:37:26 +02:00			`if (!$result)`
Database access optimization if there is no shadow logins 2017-04-17 20:37:26 +02:00			`{`
			`echo "Error " . $db->lastErrorMsg();`
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`return false;`
			`}`
			`else`
			`{`
Database access optimization if there is no shadow logins 2017-04-17 20:37:26 +02:00			`echo "OK";`
			`return true;`
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`}`
Initial commit 2013-10-09 20:47:43 +02:00			`}`

Introduce shadow logins 2015-02-09 18:57:49 +01:00			`function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token)`
Initial commit 2013-10-09 20:47:43 +02:00			`{`
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`if (delete_entry($user, $old_login, $old_access_token))`
			`return add_entry($user, $mkey, $url, $login, $password, $shadow_login, $salt, $new_access_token);`
Initial commit 2013-10-09 20:47:43 +02:00
			`return false;`
			`}`

Full JS : first pass, all seems to work execpt add/delete/update 2013-10-19 16:34:12 +02:00			`function list_entries($user)`
Initial commit 2013-10-09 20:47:43 +02:00			`{`
Don't use shadow if the flag is not defined 2017-04-17 20:37:26 +02:00			`global $USE_SHADOW_LOGINS;`

Initial commit 2013-10-09 20:47:43 +02:00			`$db = load_database($user);`

			`if ($db == null) return;`

			`$result = $db->query("SELECT * FROM gpass");`

Introduce shadow logins 2015-02-09 18:57:49 +01:00			`$first = false;`
			`header('Content-Type: application/json');`
			`echo "{ \"entries\" : [\n";`
Add add_entry and delete_entry 2013-10-22 18:33:44 +02:00
Full JS : first pass, all seems to work execpt add/delete/update 2013-10-19 16:34:12 +02:00			`while (($row = $result->fetchArray()))`
Initial commit 2013-10-09 20:47:43 +02:00			`{`
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`if ($first) echo ",";`
			`else $first = true;`
Don't use shadow if the flag is not defined 2017-04-17 20:37:26 +02:00			`if (!strlen($row['shadow_login']) \|\| !$USE_SHADOW_LOGINS)`
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`echo "{\"login\" : \"" . $row['login'] . "\", \"password\" : \"" . $row['password'] . "\" }\n";`
			`else`
			`echo "{\"shadow_login\" : \"" . $row['shadow_login'] . "\", \"salt\" : \"" . $row['salt'] . "\" }\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`}`
Introduce shadow logins 2015-02-09 18:57:49 +01:00
			`echo "]}";`

			`$db->close();`
			`}`

			`function get_secure_entries($user, $access_tokens)`
			`{`
			`$db = load_database($user);`

			`if ($db == null) return;`

			`$query = "SELECT access_token, login, password FROM gpass WHERE access_token IN (";`
			`$first = false;`

			`foreach (preg_split("/,/", $access_tokens) as $ac)`
			`{`
			`/* error_log($ac); */`
			`if ($first) $query .= ", ";`
			`else $first = true;`
			`$query .= "'$ac'";`
			`}`
			`$query .= ")";`

Display an error message when a query failed (previous : silent fail...) 2015-09-05 09:21:45 +02:00			`//error_log($query);`
Introduce shadow logins 2015-02-09 18:57:49 +01:00			`$result = $db->query($query);`

			`header('Content-Type: application/json');`
			`$first = false;`
			`echo "{ \"entries\" : [\n";`

			`while (($row = $result->fetchArray()))`
			`{`
			`if ($first) echo ",";`
			`else $first = true;`
			`echo "{\"access_token\" : \"" . $row['access_token'] . "\", \"login\" : \"" . $row['login'] . "\", \"password\" : \"" . $row['password'] . "\" }\n";`
			`}`

			`echo "]}";`

			`$db->close();`
Initial commit 2013-10-09 20:47:43 +02:00			`}`

			`?>`