Bezpieczne logowanie do mysql

SE/se-lib/Token.php

@@ -0,0 +1,56 @@
+<?php
+class Token {
+	private $passwd, $token, $time;
+	private $bn = false;
+
+	public function __construct($passwd, $bn = null) {
+		$this->passwd = $passwd;
+		if ($bn !== null) {
+			if ($bn === "JakOnZyjeToMyTezMozemy") $this->bn = true;
+			else die();
+		}
+		$this->time = floor(time()/60);
+	}
+
+	private static function chr($n) {
+		$n = $n % 62;
+		if ($n > 35) $n += 61;
+		elseif ($n > 9) $n += 55;
+		else $n += 48;
+		return chr($n);
+	}
+
+	public function genToken() {
+		$token = '';
+		for ($i = 0; $i < 8; $i++) $token .= self::chr(time() + rand(0, pow(2, 18) - 1));
+		$this->token = $token;
+		return $token;
+	}
+
+	private function genHash($token, $next = false) {
+		$time = $this->time;
+		if ($next) $time++;
+		$s = md5($this->passwd . $token . $time);
+		$s = md5(base64_encode(gzcompress($s . $time . $s)));
+		$w = 0;
+		for ($i = 0; $i<strlen($s); $i++) $w += pow(2, $i) * ord($s[$i]);
+		$r = '';
+		while ($w > 0) {
+			$r .= self::chr($w);
+			$w = floor($w / 62);
+		}
+		return $r;
+	}
+
+	public function verify($hash) {
+		if (($hash === $this->genHash($this->token)) || ($hash === $this->genHash($this->token, true))) return $this->passwd;
+		return "ThisAttemptHasBeenLogged";
+	}
+
+	public function getHash($token) {
+		if ($this->bn) return $this->genHash($token);
+		return null;
+	}
+
+}
+?>

SE/stuff/scripts/secureMysql/getHash.php

@@ -0,0 +1,21 @@
+#!/usr/bin/env php
+<?php
+$_SERVER['SERVER_NAME'] = gethostname();
+$curDir = dirname(__FILE__);
+if (!preg_match('/(^.*)stuff.*$/', $curDir, $matches)) die('ScriptLocationError');;
+@require_once $matches[1] .  'se-lib' . DIRECTORY_SEPARATOR . 'bootstrap.php';
+date_default_timezone_set('Europe/Warsaw');
+if (!isset($argv[1])) die("Server name/UD missing\n");
+
+try {
+	$arg = DB::getPDO()->quote($argv[1]);
+	$pass = DB::getPDO()->fetchValue("select `ADMIN_USERNAME_PASSWD` from SES_PROCESY5_A where `ID` = {$arg} or `SERVER_ADDRESS` = {$arg} limit 1");
+	if (!$pass) $pass = "chuj ci w dupe - brak serwera // wygeneruje bledny token";
+	Lib::loadClass('Token');
+	$tokenObj = new Token($pass, "JakOnZyjeToMyTezMozemy");
+	$token = readline("Token: ");
+	echo "Hash: {$tokenObj->getHash($token)}\n";
+} catch (Exception $e) {
+	echo "Unknown error";
+}
+?>

SE/stuff/scripts/secureMysql/getPass.php

@@ -0,0 +1,19 @@
+#!/usr/bin/env php
+<?php
+$_SERVER['SERVER_NAME'] = gethostname();
+$curDir = dirname(__FILE__);
+if (!preg_match('/(^.*)stuff.*$/', $curDir, $matches)) die('ScriptLocationError');;
+@require_once $matches[1] .  'se-lib' . DIRECTORY_SEPARATOR . 'bootstrap.php';
+date_default_timezone_set('Europe/Warsaw');
+
+try {
+	Lib::loadClass('Token');
+	$tokenObj = new Token(Config::getConfFile('default_db')['pass']);
+	$token = $tokenObj->genToken();
+	error_log($token);
+	$hash = readline();
+	echo $tokenObj->verify($hash);
+} catch (Exception $e) {
+	echo "Unknown error";
+}
+?>

SE/stuff/scripts/secureMysql/login.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+mysql -uroot -p$(./getPass.php) 2>/dev/null || echo "Login error"