<?php /* Copyright (C) 2013-2015 Grégory Soutadé This file is part of gPass. gPass is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. gPass is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with gPass. If not, see <http://www.gnu.org/licenses/>. */ include("conf.php"); function load_database() { global $REQUESTS_MIN_DELAY; try { $db = new SQLite3("./gpass.bdd", SQLITE3_OPEN_READWRITE); } catch(Exception $e) { die("<b>Unable to load database for user $user !</b><br/>"); return null; } list($usec, $sec) = explode(" ", microtime()); $usec = $usec + $sec*1000; try { $last_time = $db->querySingle("SELECT last_access_time FROM conf"); if ($last_time <= $usec && ($usec - $last_time) < $REQUESTS_MIN_DELAY) { // Brute force ?? $db->close(); return null; } $db->query("UPDATE conf SET last_access_time=$usec"); $db->close(); $db = new SQLite3("./gpass.bdd", SQLITE3_OPEN_READONLY); } catch(Exception $e) { $db->close(); die("<b>Unable to load database for user $user !</b><br/>"); return null; } return $db; } $PROTOCOL_VERSION = 4; $db = load_database(); $res = ""; $statement = $db->prepare("SELECT password FROM gpass WHERE login=:login"); echo "protocol=gpass-$PROTOCOL_VERSION\n"; if ($PBKDF2_LEVEL != 1000) echo "pbkdf2_level=$PBKDF2_LEVEL\n"; for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++) { $statement->bindValue(":login", addslashes($_POST["k$i"])); $result = $statement->execute(); $row = $result->fetchArray(SQLITE3_ASSOC); $result->finalize(); if (isset($row["password"])) { echo "matched_key=" . $i . "\n"; echo "pass=" . $row["password"] . "\n"; break; } } $statement->close(); echo "<end>"; ?>