My1/blowuprks.php

## blowuprks.php
<?php
$dbhost="use";
$dbname="your";
$dbuser="own";
$dbpass="database";
$table="table";

function bin2uuid($bin) {
    $uuidReadable = unpack("H*",$bin);
    $uuidReadable = preg_replace("/([0-9a-f]{8})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{12})/", "$1-$2-$3-$4-$5", $uuidReadable);
    $uuidReadable = array_merge($uuidReadable)[0];
    return $uuidReadable;
}

$link = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname) or die("nocon");

require_once '../WebAuthn.php';

$rk=true;
$uv=true;
$timeout=180;
//dont ask for attestation, it's just slowing us down.
$formats=array('none');

$WebAuthn = new \WebAuthn\WebAuthn('My1s RK Blowup Test', $_SERVER["HTTP_HOST"], $formats);

if(isset($_POST["reg"])||isset($_GET["reg"]) && !isset($_POST["regdata"])) {
    if(!isset($_GET["num"])) {
        $num=1;
    }
    else {
        $num=$_GET["num"];
    }
    $uid="RK Blowup Test $num";
    $uname="User $num";
    $dname="Display $num";
    $exist=[];
    $args = $WebAuthn->getCreateArgs($uid, $uname, $dname, $timeout, $rk,$uv,$exist);
    //$pargs=json_encode($args,JSON_PRETTY_PRINT);
    $createArgs = json_encode($args);


    session_start();
    $_SESSION['challenge'] = $WebAuthn->getChallenge();
    $_SESSION['uid']=$uid;
}
if(isset($_POST["regdata"])) {
    session_start();
    $r=json_decode($_POST["regdata"]);
    $challenge=$_SESSION["challenge"];
    $uid=$_SESSION["uid"];
    $clientDataJSON = base64_decode($r->clientDataJSON);
    $attestationObject = base64_decode($r->attestationObject);
    $data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $challenge);
    $data->credentialId=base64_encode($data->credentialId);
    $data->AAGUID=bin2uuid($data->AAGUID);
    $data->signatureCounter=($data->signatureCounter === NULL ? 0 : $data->signatureCounter);
    //var_dump($data);
    $cols="uid,credid,pk".($data->signatureCounter ? ",counter" : '').($data->certificate ? ",cert" : '').($data->AAGUID!=="00000000-0000-0000-0000-000000000000" ? ",aaguid" : '');

    $vals="'$uid','{$data->credentialId}','{$data->credentialPublicKey}'".($data->signatureCounter ? ",'{$data->signatureCounter}'" : '').($data->certificate ? ",'{$data->certificate}'" : '').($data->AAGUID!=="00000000-0000-0000-0000-000000000000" ? ",'{$data->AAGUID}'" : '');

    $q="insert into webauthn ($cols) values ($vals)";
    //echo $q;
    mysqli_query($link,$q) or die(mysqli_error($link));
    header("Location: blowuprks.php?reg&num=".($_GET["num"]+1));
}

echo <<<end
<html>
<head>
<title>My1s WebAuthn test</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
Current number is $num
end;
if(isset($createArgs)) {
echo <<<end
<form id="regform" method="post">
<input type="text" name="uv" value="$uv" readonly>
<input type="text size="100" name="regdata" id="regdata"/>
</form>

<button onclick="webreg()">Sign Up</button>
<script>
var args=$createArgs;

function recursiveBase64StrToArrayBuffer(r){if("object"==typeof r)for(let t in r)if("string"==typeof r[t]){let n=r[t];if("?BINARY?B?"===n.substring(0,"?BINARY?B?".length)&&"?="===n.substring(n.length-"?=".length)){n=n.substring("?BINARY?B?".length,n.length-"?=".length);let f=window.atob(n),o=f.length,i=new Uint8Array(o);for(var e=0;e<o;e++)i[e]=f.charCodeAt(e);r[t]=i.buffer}}else recursiveBase64StrToArrayBuffer(r[t])}function arrayBufferToBase64(r){for(var e="",t=new Uint8Array(r),n=t.byteLength,f=0;f<n;f++)e+=String.fromCharCode(t[f]);return window.btoa(e)}

recursiveBase64StrToArrayBuffer(args);
function webreg() {
    navigator.credentials.create(args)
        .then(result => {
            r={};
            r.clientDataJSON = result.response.clientDataJSON  ? arrayBufferToBase64(result.response.clientDataJSON) : null;
            r.attestationObject = result.response.attestationObject ? arrayBufferToBase64(result.response.attestationObject) : null;
            document.getElementById("regdata").value=JSON.stringify(r);
            document.getElementById("regform").submit();
        })
        .catch(e => {
            window.exc=e;
            console.log(e.message);
        });
}
webreg();
</script>
end;
}
echo <<<end
</body>
</html>
end;
	<?php
	$dbhost="use";
	$dbname="your";
	$dbuser="own";
	$dbpass="database";
	$table="table";

	function bin2uuid($bin) {
	$uuidReadable = unpack("H*",$bin);
	$uuidReadable = preg_replace("/([0-9a-f]{8})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{12})/", "$1-$2-$3-$4-$5", $uuidReadable);
	$uuidReadable = array_merge($uuidReadable)[0];
	return $uuidReadable;
	}

	$link = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname) or die("nocon");

	require_once '../WebAuthn.php';

	$rk=true;
	$uv=true;
	$timeout=180;
	//dont ask for attestation, it's just slowing us down.
	$formats=array('none');

	$WebAuthn = new \WebAuthn\WebAuthn('My1s RK Blowup Test', $_SERVER["HTTP_HOST"], $formats);

	if(isset($_POST["reg"])\|\|isset($_GET["reg"]) && !isset($_POST["regdata"])) {
	if(!isset($_GET["num"])) {
	$num=1;
	}
	else {
	$num=$_GET["num"];
	}
	$uid="RK Blowup Test $num";
	$uname="User $num";
	$dname="Display $num";
	$exist=[];
	$args = $WebAuthn->getCreateArgs($uid, $uname, $dname, $timeout, $rk,$uv,$exist);
	//$pargs=json_encode($args,JSON_PRETTY_PRINT);
	$createArgs = json_encode($args);


	session_start();
	$_SESSION['challenge'] = $WebAuthn->getChallenge();
	$_SESSION['uid']=$uid;
	}
	if(isset($_POST["regdata"])) {
	session_start();
	$r=json_decode($_POST["regdata"]);
	$challenge=$_SESSION["challenge"];
	$uid=$_SESSION["uid"];
	$clientDataJSON = base64_decode($r->clientDataJSON);
	$attestationObject = base64_decode($r->attestationObject);
	$data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $challenge);
	$data->credentialId=base64_encode($data->credentialId);
	$data->AAGUID=bin2uuid($data->AAGUID);
	$data->signatureCounter=($data->signatureCounter === NULL ? 0 : $data->signatureCounter);
	//var_dump($data);
	$cols="uid,credid,pk".($data->signatureCounter ? ",counter" : '').($data->certificate ? ",cert" : '').($data->AAGUID!=="00000000-0000-0000-0000-000000000000" ? ",aaguid" : '');

	$vals="'$uid','{$data->credentialId}','{$data->credentialPublicKey}'".($data->signatureCounter ? ",'{$data->signatureCounter}'" : '').($data->certificate ? ",'{$data->certificate}'" : '').($data->AAGUID!=="00000000-0000-0000-0000-000000000000" ? ",'{$data->AAGUID}'" : '');

	$q="insert into webauthn ($cols) values ($vals)";
	//echo $q;
	mysqli_query($link,$q) or die(mysqli_error($link));
	header("Location: blowuprks.php?reg&num=".($_GET["num"]+1));
	}

	echo <<<end
	<html>
	<head>
	<title>My1s WebAuthn test</title>
	<meta name="viewport" content="width=device-width, initial-scale=1">
	</head>
	<body>
	Current number is $num
	end;
	if(isset($createArgs)) {
	echo <<<end
	<form id="regform" method="post">
	<input type="text" name="uv" value="$uv" readonly>
	<input type="text size="100" name="regdata" id="regdata"/>
	</form>

	<button onclick="webreg()">Sign Up</button>
	<script>
	var args=$createArgs;

	function recursiveBase64StrToArrayBuffer(r){if("object"==typeof r)for(let t in r)if("string"==typeof r[t]){let n=r[t];if("?BINARY?B?"===n.substring(0,"?BINARY?B?".length)&&"?="===n.substring(n.length-"?=".length)){n=n.substring("?BINARY?B?".length,n.length-"?=".length);let f=window.atob(n),o=f.length,i=new Uint8Array(o);for(var e=0;e<o;e++)i[e]=f.charCodeAt(e);r[t]=i.buffer}}else recursiveBase64StrToArrayBuffer(r[t])}function arrayBufferToBase64(r){for(var e="",t=new Uint8Array(r),n=t.byteLength,f=0;f<n;f++)e+=String.fromCharCode(t[f]);return window.btoa(e)}

	recursiveBase64StrToArrayBuffer(args);
	function webreg() {
	navigator.credentials.create(args)
	.then(result => {
	r={};
	r.clientDataJSON = result.response.clientDataJSON ? arrayBufferToBase64(result.response.clientDataJSON) : null;
	r.attestationObject = result.response.attestationObject ? arrayBufferToBase64(result.response.attestationObject) : null;
	document.getElementById("regdata").value=JSON.stringify(r);
	document.getElementById("regform").submit();
	})
	.catch(e => {
	window.exc=e;
	console.log(e.message);
	});
	}
	webreg();
	</script>
	end;
	}
	echo <<<end
	</body>
	</html>
	end;