Jul 312012
Next in the series of GCM scripts that I use, here is the script that stores registration information on the server. I have this saved as my index.php file so it is served up whenever someone navigates to my server. See http://skipstechtalk.net/2012/07/20/my-google-cloud-messaging-gcm-php-script/ for the script for actually sending GCM messages. There will also be one more script for saving device registrations.
<?php $action = $_REQUEST['action']; if ($action=='formsubmitted' || $action =='reg') { $salt = getSalt(); $encryptedPassword=hash('sha512', $salt.$_REQUEST[password]); for($i=0; $i<5000; $i++){ $encryptedPassword=hash('sha512', $salt.$encryptedPassword); } $dbuser = 'mydbusername'; $dbname = 'phcadb'; $dbpasswd = 'mydbpassword'; $dbhost = 'my.dbhost.net'; $dbh = @mysql_connect($dbhost, $dbuser, $dbpasswd); if (!$dbh) { echo "Could not connect to MySQL server on " . $dbhost; die(); } if (!@mysql_select_db($dbname, $dbh)) { echo "Could not connect to database " . $dbname; die(); } if ($_REQUEST[username] == "" | $_REQUEST[password] == "") { die ('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><br />' . '<html>' . '<head>' . '</head>' . '<body>' . '<h1>PowerHome Connector for Android</h1><br />' . "Username and password may not be blank.<br /><a href='https://phc-a.net'>Click here to try again.</a>" . '</body>' . '</html>' ); } //first see if the user already exists $sql = "SELECT * FROM user WHERE username = '$_REQUEST[username]'"; $result = query($sql); if (mysql_num_rows($result) == 0) { $sql = "INSERT INTO user (username,passwordHash,salt,registration_date,email) VALUES ('$_REQUEST[username]','$encryptedPassword','$salt', curdate(), '$_REQUEST[email]')"; $result = query($sql); echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><br />'; echo "<html>\n"; echo "<head>\n"; echo "</head>\n"; echo "<body>\n"; echo "<h1>PowerHome Connector for Android</h1><br />\n"; echo "username = " . $_REQUEST[username] . "<br />"; echo "password = " . $_REQUEST[password] . "<br />"; echo "salt = $salt<br />"; echo "encrypted password = $encryptedPassword<br />"; echo 'All done!<br />Now you can setup GCM notifications on your Android phone with the PowerHome Connector for Android app.<br />See <a href="http://skipstechtalk.net/powerhome-connector-for-android-usage-instructions-and-screenshots/">skipstechtalk.net</a> for a tutorial for setting up your PowerHome formulas.'; echo '</body>\n'; echo '</html>\n'; } else { header('x', true, 401); echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><br />'; echo '<html>'; echo '<head>'; echo '</head>'; echo '<body>'; echo '<h1>PowerHome Connector for Android</h1><br />'; echo "Sorry, but the username $_REQUEST[username] has already been used. Please try a different username.<br /><a href='https://phc-a.net'>Click here to try again.</a>"; echo '</body>'; echo '</html>'; } } else { echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><br />'; echo "<html>\n"; echo "<head>\n"; echo "</head>\n"; echo "<body>\n"; echo "<h1>PowerHome Connector for Android</h1><br />\n"; echo 'Create an account so you can use the PowerHome Connector for Android app on your Android phone.<br /><br />' . 'Please use a username and password that you are not using anywhere else. ' . 'Passwords are stored in a database on this server, but are hashed 5000 times with a random salt, so it should be secure, but you never know. ' . 'That is why I suggest you use a username and password that you do not use anywhere else. ' . 'There is no personal information stored in the database. Just your login information and a registration id which routes the messages to your phone. ' . 'If someone does figure out how to copy the database, even though they will not have access to any personal information, you do not want them having your paypal password. ' . 'So, please, go the safe route and use a different password from any other website. <br/><br />' . 'Do remember your username and password because you will need them to send messages from PowerHome and you will need to enter it into your phone too.<br /><br />' . 'You may also include your email address which will be used to help you recover your username and password should you forget them. I promise I will not use it for anything else.<br /><br />' . 'You may register as many phones as you want with this account. This will allow you to send messages to each phone. You cannot select some messages for one phone and some messages for another. ' . 'It is an all or nothing deal.<br /><br />' . '<b>None of the messages sent from your PowerHome application to this server are saved on this server</b>.<br /><br />' . 'For instructions on installing and using the PowerHome Connector for Android App, please see <a href="http://skipstechtalk.net/powerhome-connector-for-android/">http://skipstechtalk.net/powerhome-connector-for-android/</a><br /><br />'; echo '<FORM METHOD="POST" ACTION="?action=formsubmitted">'; echo 'Username (required): <INPUT TYPE="text" NAME="username" SIZE="30"><br />'; echo 'Password (Required): <INPUT TYPE="text" NAME="password" SIZE="30"><br />'; echo 'Email (optional): <INPUT TYPE="text" NAME="email" SIZE="30"><br />'; echo '<INPUT TYPE="submit">'; echo '</body>'; echo '</html>'; } //function md5crypt($password){ function getSalt(){ // create a salt that ensures crypt creates an md5 hash $base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZ' .'abcdefghijklmnopqrstuvwxyz0123456789+/'; $salt=''; for($i=0; $i<20; $i++){ $salt.=$base64_alphabet[rand(0,63)]; } return $salt; } function query($query) { if(!($result = mysql_query($query))) { //can't execute query echo ( "Couldn't query table!<br>\n"); echo ( "MySQL Reports: " . mysql_error() . "<br>\n"); exit(); } return $result; } ?> |