2022-05-01 20:20:59 +00:00
< ? php
2023-10-02 00:29:59 +00:00
$config = json_decode ( file_get_contents ( " /var/www/usergen/secret/config.json " , true ));
2023-10-01 22:54:30 +00:00
ini_set ( 'display_errors' , 1 );
ini_set ( 'display_startup_errors' , 1 );
error_reporting ( E_ALL );
function flog ( $log_msg ) {
$log_filename = " /var/www/html " ;
$log_file_data = $log_filename . '/log_' . date ( 'd-M-Y' ) . '.log' ;
// if you don't add `FILE_APPEND`, the file will be erased each time you add a log
file_put_contents ( $log_file_data , $log_msg . " \n " , FILE_APPEND );
}
2022-05-01 20:20:59 +00:00
if ( isset ( $_REQUEST [ " act " ])){
// internal functions such as id request
2023-10-01 22:54:30 +00:00
flog ( " Ret ACT:16 ✨ " . $_REQUEST [ " act " ] . " FROM " . $_SERVER [ " REMOTE_ADDR " ]);
2022-05-01 20:20:59 +00:00
switch ( $_REQUEST [ " act " ]){
case " id " :
// return OAUTH app ID
header ( 'Content-type: application/json' );
echo json_encode ( array ( " id " => $config -> oauth -> key ));
exit ();
break ;
default :
break ;
}
} else if ( isset ( $_REQUEST [ " code " ])){
2023-10-01 22:54:30 +00:00
// Mastodon callback (Authorization Code from /oauth/authorize)
2022-05-01 20:20:59 +00:00
$MastCode = $_REQUEST [ " code " ];
2023-10-01 22:54:30 +00:00
// var_dump($_REQUEST);
}
if ( isset ( $_REQUEST [ " token " ])){
// Token passed, use for repeated OAUTH
/* TODO : Long - Term Auth
* Check if HT Token valid
* Generate Browser Token
* Encrypt Browser Token with Client Data ( User Agent + IP )
* $_SERVER [ " HTTP_USER_AGENT " ] + $_SERVER [ " REMOTE_ADDR " ]
*/
flog ( " token:35 ✨ " . $_REQUEST [ " token " ]);
2022-05-01 20:20:59 +00:00
}
?>
2023-09-29 06:15:06 +00:00
<! DOCTYPE html >
2022-05-01 20:20:59 +00:00
< HTML lang = " en " >
< Head >
< Title > HackersTown Server Access </ Title >
< meta charset = " utf-8 " >
< base href = " /auth " />
< meta name = " viewport " content = " width=device-width, initial-scale=1 " >
<!-- Javascript -->
< script src = " https://code.jquery.com/jquery-3.6.0.min.js " integrity = " sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4= " crossorigin = " anonymous " ></ script >
< script src = " https://code.jquery.com/color/jquery.color.plus-names-2.1.2.min.js " ></ script >
< script src = " https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js " integrity = " sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p " crossorigin = " anonymous " ></ script >
< script src = " https://cdn.jsdelivr.net/npm/jszip@3.9.1/dist/jszip.min.js " integrity = " sha256-aSPPIlJfSHQ5T7wunbPcp7tM0rlq5dHoUGeN8O5odMg= " crossorigin = " anonymous " ></ script >
2023-09-29 06:15:06 +00:00
< script src = " https://cdn.jsdelivr.net/npm/sweetalert2@11/dist/sweetalert2.all.min.js " crossorigin = " anonymous " ></ script >
2022-05-01 20:20:59 +00:00
< script src = " /base64url.js " ></ script >
< script src = " /ssh-util.js " ></ script >
< script src = " /keygen.js " ></ script >
< script src = " /fittext.js " ></ script >
< script src = " /index.js " ></ script >
2022-05-07 08:02:58 +00:00
<!-- Stylesheets -->
< link href = " https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css " rel = " stylesheet " integrity = " sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3 " crossorigin = " anonymous " >
< link href = " /style.css " rel = " stylesheet " />
2022-05-01 20:20:59 +00:00
</ Head >
< Body >
< div class = " row " >
< div class = " desktopOnly col-4 " ></ div >
< div id = " content " class = " col-4 center " >
< div class = " row " >
2023-09-29 06:15:06 +00:00
< ? php if ( file_exists ( " /var/www/usergen/DOMAIN_OVERRIDE " )){
echo " <a href= \" " . file_get_contents ( " /var/www/usergen/DOMAIN_OVERRIDE " ) . " \" > " ;
} else {
echo " <a href= \" https://tty.hackers.town \" > " ;
} ?>
2022-05-01 20:20:59 +00:00
< img src = " /Assets/HTown.png " class = " logo self-align-center mx-auto d-block " alt = " Hacker Town logo in ASCII art. Rendered as image to force correct visualization. " />
</ a >
</ div >
2023-09-29 06:15:06 +00:00
< ? php
2022-05-01 20:20:59 +00:00
// Query /oauth/token
$AuthToken = " " ;
$UserName = " " ;
$ErrorDesc = " " ;
2022-05-07 08:02:58 +00:00
$UserId = " " ;
2022-05-01 20:20:59 +00:00
$request = curl_init ();
curl_setopt ( $request , CURLOPT_POST , 1 );
curl_setopt ( $request , CURLOPT_URL , " https://hackers.town/oauth/token " );
curl_setopt ( $request , CURLOPT_RETURNTRANSFER , 1 );
2023-09-29 06:15:06 +00:00
$origin = " https://tty.hackers.town " ;
if ( file_exists ( " /var/www/usergen/DOMAIN_OVERRIDE " )){
$origin = str_replace ( " \n " , " " , file_get_contents ( " /var/www/usergen/DOMAIN_OVERRIDE " ));
}
$redirectUri = $origin . " /auth " ;
$options = " grant_type=authorization_code&code= " . $MastCode . " &client_id= " . $config -> oauth -> key . " &client_secret= " . $config -> oauth -> secret . " &scope=read:accounts&redirect_uri= " . $redirectUri ;
2022-05-01 20:20:59 +00:00
curl_setopt ( $request , CURLOPT_POSTFIELDS , $options );
$response = curl_exec ( $request );
curl_close ( $request );
2023-10-01 22:54:30 +00:00
flog ( " oauth_token:91 ✨ " . $response );
2022-05-01 20:20:59 +00:00
$Auth = json_decode ( $response );
if ( isset ( $Auth -> token_type )){
// Valid Auth?
$request = curl_init ();
curl_setopt ( $request , CURLOPT_URL , " https://hackers.town/api/v1/accounts/verify_credentials " );
curl_setopt ( $request , CURLOPT_RETURNTRANSFER , 1 );
curl_setopt ( $request , CURLOPT_HTTPHEADER , array (
" Authorization: " . $Auth -> token_type . " " . $Auth -> access_token
));
$response = curl_exec ( $request );
curl_close ( $request );
$User = json_decode ( $response );
2023-10-01 22:54:30 +00:00
flog ( " cred_verify:104 ✨ " . $response );
2022-05-01 20:20:59 +00:00
if ( isset ( $User -> id )){
// Congrats!
$AuthToken = $Auth -> access_token ;
$UserName = $User -> display_name ;
2022-05-07 08:02:58 +00:00
$UserId = $User -> id ;
2022-05-01 20:20:59 +00:00
} else {
// invalid auth
$AuthToken = " BadUser " ;
$ErrorDesc = " User Not Found " ;
}
} else {
// invalid auth
2022-05-07 08:02:58 +00:00
if ( isset ( $_COOKIE [ " oa_retries " ])){
$retries = $_COOKIE [ " oa_retries " ];
if ( $retries >= 3 ){
$AuthToken = " BadUser " ;
$ErrorDesc = " Invalid OAuth " ;
setcookie ( " oa_retries " , 0 , time () + 3600 );
} else {
$retries ++ ;
setcookie ( " oa_retries " , $retries , time () + 3600 );
$AuthToken = " BadOauthRetry " ;
$ErrorDesc = " Invalid OAuth Retry " ;
}
} else {
$AuthToken = " BadOauth " ;
$ErrorDesc = " Invalid OAuth Retry " ;
setcookie ( " oa_retries " , 1 , time () + 3600 );
}
2022-05-01 20:20:59 +00:00
}
// revoke token after usage
?>
2023-10-01 22:54:30 +00:00
< div id = " usertoken " >< ? php echo $AuthToken ; ?> </div>
2022-05-01 20:20:59 +00:00
< div class = " row " < ? php if ( strpos ( $AuthToken , " Bad " ) === false ){
echo " hidden " ;
} ?> >
< span >
Invalid
</ span >
< span >
try again
</ span >
2022-05-07 08:02:58 +00:00
< div id = " ErrorResult " class = " message " >
2022-05-01 20:20:59 +00:00
< ? php echo $ErrorDesc ; ?>
</ div >
</ div >< div class = " row button " < ? php if ( strpos ( $AuthToken , " Bad " ) === false ){
echo " hidden " ;
} ?> >
< button class = " col keyButton " onclick = " beginOauth() " > Retry </ button >
</ div >
< div class = " row " < ? php if ( strpos ( $AuthToken , " Bad " ) !== false ){
echo " hidden " ;
} ?> >
< span >
2023-09-29 06:15:06 +00:00
< ? php
2022-05-01 20:20:59 +00:00
$Welcomes = array ( " Welcome " , " Dobrodošli " , " Vitejte " , " Welkom " , " Tervetuloa " , " Willkommen " , " Fáilte " , " Benvenuto " , " Bienvenidos " , " Välkommen " , " ようこそ " );
echo $Welcomes [ array_rand ( $Welcomes )];
?>
</ span >
< span id = " resizer " >
< ? php echo $UserName ; ?>
</ span >
< div class = " message " >
Setup an account SSH key
</ div >
</ div >
< div class = " row button " < ? php if ( strpos ( $AuthToken , " Bad " ) !== false ){
echo " hidden " ;
} ?> >
2022-05-07 08:02:58 +00:00
< button class = " col keyButton " onclick = " generateSSH('<?php echo $UserName ; ?>', '<?php echo $UserId ; ?>', '<?php echo $AuthToken ; ?>') " > Generate </ button >
2022-05-07 23:45:13 +00:00
< button class = " col keyButton " onclick = " uploadSSH('<?php echo $UserId ; ?>', '<?php echo $AuthToken ; ?>' ) " > Upload </ button >
< button class = " col keyButton debug " onclick = " testSwal() " > Test Popup </ button >
< form id = " uploadForm " enctype = " multipart/form-data " >
< input id = " keyfile " type = " file " style = " display: none; " />
</ form >
2022-05-01 20:20:59 +00:00
</ div >
< div class = " row copyright " >
2023-09-29 06:15:06 +00:00
< ? php
2022-05-01 20:20:59 +00:00
if ( file_exists ( " /etc/ttyserver/canary " )){
echo " Canary " ;
}
?>
< br >
2023-09-29 06:15:06 +00:00
< button class = " footerbutton " onclick = " displayFingerprints() " > SSH Fingerprints </ button >
< br >
2022-06-26 00:55:33 +00:00
< a href = " https://git.corrupt.link/liz/tilde-oauth " > View Source on Git </ a >
2022-05-01 20:20:59 +00:00
</ div >
</ div >
< div class = " desktopOnly col-4 " ></ div >
</ div >
</ Body >
2023-09-29 06:15:06 +00:00
</ HTML >