X-Git-Url: http://git.pjr.cc/?a=blobdiff_plain;f=lib%2Flib.php;h=faf2cf45a0c7fec41b0f3f25c2a0550bed977850;hb=62e6511826267382d3ccfb130c2db28aa5c316c2;hp=01340d960df01c7b2533d61f6f824e8aaca83993;hpb=56b0dc03375e2a8facb8ff20c05d9be07dd6bcda;p=ga4php.git diff --git a/lib/lib.php b/lib/lib.php index 01340d9..faf2cf4 100644 --- a/lib/lib.php +++ b/lib/lib.php @@ -1,5 +1,11 @@ createBase32Key(); // sql for inserting into db - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - - //if($res->fetchCount()>0) { - //$this->errorText = "User Already Exists, $username"; - //return false; - //} - - // and finally create 'em - $hkey = $this->helperb322hex($key); - error_log("key for user $username is $hkey, $key"); - $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP','0')"); - $id = $this->dbConnector->lastInsertID(); - $this->dbConnector->query("insert into users values (NULL, '$username', '$id')"); - - $url = $this->createURL($username, $key); + $key = $this->createUser($username, $key, $tokentype); + return $key; + } + + + // this could get ugly for large databases.. we'll worry about that if it ever happens. + function getUserList() { + $res = $this->dbConnector->query("select user_name from users"); + $i = 0; + $ar = array(); + foreach($res as $row) { + //error_log("user: ".$row["user_name"]); + $ar[$i] = $row["user_name"]; + $i++; + } - return $url; + return $ar; } // set the token type the user it going to use. @@ -86,7 +91,7 @@ class GoogleAuthenticator { // create "user" with insert - function createUser($username, $key) { + function createUser($username, $key, $ttype="HOTP") { // sql for inserting into db $sql = "select * from users where user_name='$username'"; $res = $this->dbConnector->query($sql); @@ -98,13 +103,11 @@ class GoogleAuthenticator { // and finally create 'em $hkey = $this->helperb322hex($key); - $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP', '0')"); + $this->dbConnector->query("insert into tokens values (NULL, '$hkey', '$ttype', '0')"); $id = $this->dbConnector->lastInsertID(); $this->dbConnector->query("insert into users values (NULL, '$username', '$id')"); - $url = $this->createURL($username, $key); - - return $url; + return $key; } // Replcate "user" in the database... All this really @@ -154,6 +157,22 @@ class GoogleAuthenticator { return true; } + + // have user? + function userExists($username) { + $sql = "select * from users where user_name='$username'"; + $res = $this->dbConnector->query($sql); + + $tid = -1; + foreach($res as $row) { + $tid = $row["user_tokenid"]; + } + + if($tid == -1) return false; + else return $tid; + } + + // self explanitory? function deleteUser($username) { $sql = "select * from users where user_name='$username'"; @@ -209,7 +228,7 @@ class GoogleAuthenticator { $en = $tlid+20; for($i=$st; $i<$en; $i++) { $stest = $this->oath_hotp($tkey, $i); - //echo "code: $code, $stest, $tkey\n"; + //error_log("code: $code, $stest, $tkey, $tid"); if($code == $stest) { $sql = "update tokens set token_lastid='$i' where token_id='$tid'"; $this->dbConnector->query($sql); @@ -219,6 +238,19 @@ class GoogleAuthenticator { return false; break; case "TOTP": + $t_now = time(); + $t_ear = $t_now - 45; + $t_lat = $t_now + 60; + $t_st = ((int)($t_ear/30)); + $t_en = ((int)($t_lat/30)); + //error_log("kmac: $t_now, $t_ear, $t_lat, $t_st, $t_en"); + for($i=$t_st; $i<=$t_en; $i++) { + $stest = $this->oath_hotp($tkey, $i); + //error_log("code: $code, $stest, $tkey\n"); + if($code == $stest) { + return true; + } + } break; default: echo "how the frig did i end up here?"; @@ -232,7 +264,61 @@ class GoogleAuthenticator { // many codes are called, we only check up to 20 codes in the future // so if the user is at 21, they'll always fail. function resyncCode($username, $code1, $code2) { - + // here we'll go from 0 all the way thru to 200k.. if we cant find the code, so be it, they'll need a new one + $sql = "select * from users where user_name='$username'"; + $res = $this->dbConnector->query($sql); + + $tid = -1; + foreach($res as $row) { + $tid = $row["user_tokenid"]; + } + + // for HOTP tokens we start at x and go to x+20 + + // for TOTP we go +/-1min TODO = remember that +/- 1min should + // be changed based on stepping if we change the expiration time + // for keys + + // $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)'); + + $sql = "select * from tokens where token_id='$tid'"; + $res = $this->dbConnector->query($sql); + + $tkey = ""; + $ttype = ""; + $tlid = ""; + foreach($res as $row) { + $tkey = $row["token_key"]; + $ttype = $row["token_type"]; + $tlid = $row["token_lastid"]; + } + + switch($ttype) { + case "HOTP": + $st = 0; + $en = 200000; + for($i=$st; $i<$en; $i++) { + $stest = $this->oath_hotp($tkey, $i); + //echo "code: $code, $stest, $tkey\n"; + if($code1 == $stest) { + $stest2 = $this->oath_hotp($tkey, $i+1); + if($code2 == $stest2) { + $sql = "update tokens set token_lastid='$i' where token_id='$tid'"; + $this->dbConnector->query($sql); + return true; + } + } + } + return false; + break; + case "TOTP": + break; + default: + echo "how the frig did i end up here?"; + } + + return false; + } // gets the error text associated with the last error @@ -241,8 +327,14 @@ class GoogleAuthenticator { } // create a url compatibile with google authenticator. - function createURL($user, $key) { - $url = "otpauth://hotp/$user?secret=$key"; + function createURL($user, $key,$toktype = "HOTP") { + // oddity in the google authenticator... hotp needs to be lowercase. + $toktype = strtolower($toktype); + if($toktype == "hotp") { + $url = "otpauth://$toktype/$user?secret=$key&counter=1"; + } else { + $url = "otpauth://$toktype/$user?secret=$key"; + } //echo "url: $url\n"; return $url; }