working example page
authorpaulr <me@pjr.cc>
Mon, 15 Nov 2010 03:44:33 +0000 (14:44 +1100)
committerpaulr <me@pjr.cc>
Mon, 15 Nov 2010 03:44:33 +0000 (14:44 +1100)
example/index.php
lib/lib.php

index 15c5adc..ca69203 100644 (file)
@@ -1,3 +1,56 @@
 <?php
 
-?>
\ No newline at end of file
+require_once("../lib/lib.php");
+
+$ga = new GoogleAuthenticator("/tmp/gaexpage.db");
+?>
+<html>
+<h1>Example Page for GA4PHP</h1>
+
+<?php
+if(isset($_REQUEST["action"])) {
+       switch($_REQUEST["action"]) {
+               case "createuser":
+                       $username = $_REQUEST["username"];
+                       $pr = preg_match('/^[a-zA-Z0-9@\.]+$/',"$username");
+                       echo "<hr>";
+                       if(strlen($username)<3) {
+                               echo "<font color=\"red\">Sorry, username must be at least 3 chars</font>";
+                       } else if($pr<1) {
+                               echo "<font color=\"red\">Sorry, username can only contain a-z, A-Z, 0-9 @ and .</font>";
+                       } else {
+                               $url = $ga->setupUser($username);
+                               echo "QRCode for user \"$username\" is <img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=120x120\">";
+                       }
+                       echo "<hr>";
+                       break;
+               case "authuser":
+                       $username = $_REQUEST["username"];
+                       $code = $_REQUEST["code"];
+                       if($ga->authenticateUser($username, $code)) {
+                               echo "<font color=\"green\">Passed!</font>";
+                       } else {
+                               echo "<font color=\"red\">Failed!</font>";
+                       }
+                       break;
+               default:
+                       // do nothing
+       }
+}
+
+?>
+
+Create a User:
+<form method="post" action="index.php?action=createuser">
+Username: <input type="text" name="username"><br>
+Type (ignored for now): <select name="ttype"><option value="HOTP">HOTP</option><option value="TOTP">TOTP</option></select><br>
+<input type="submit" name="go" value="go"><br>
+</form>
+<hr>
+<form method="post" action="index.php?action=authuser">
+Username: <input type="text" name="username"><br>
+Code: <input type="text" name="code"><br>
+<input type="submit" name="go" value="go"><br>
+</form>
+<hr>
+</html>
\ No newline at end of file
index 262149f..01340d9 100644 (file)
@@ -44,13 +44,15 @@ class GoogleAuthenticator {
                $sql = "select * from users where user_name='$username'";
                $res = $this->dbConnector->query($sql);
 
-               if($res->fetchCount()>0) {
-                       $this->errorText = "User Already Exists, $username";
-                       return false;
-               }
+               //if($res->fetchCount()>0) {
+                       //$this->errorText = "User Already Exists, $username";
+                       //return false;
+               //}
                
                // and finally create 'em
-               $this->dbConnector->query("insert into tokens values (NULL, '$key', 'HOTP','0')");
+               $hkey = $this->helperb322hex($key);
+               error_log("key for user $username is $hkey, $key");
+               $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP','0')");
                $id = $this->dbConnector->lastInsertID();
                $this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
 
@@ -95,7 +97,8 @@ class GoogleAuthenticator {
                //}
                
                // and finally create 'em
-               $this->dbConnector->query("insert into tokens values (NULL, '$key', 'HOTP', '0')");
+               $hkey = $this->helperb322hex($key);
+               $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP', '0')");
                $id = $this->dbConnector->lastInsertID();
                $this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
 
@@ -239,8 +242,8 @@ class GoogleAuthenticator {
        
        // create a url compatibile with google authenticator.
        function createURL($user, $key) {
-               $url = "otpauth://totp/$user?secret=$key";
-               echo "url: $url\n";
+               $url = "otpauth://hotp/$user?secret=$key";
+               //echo "url: $url\n";
                return $url;
        }
        
@@ -329,7 +332,7 @@ class GoogleAuthenticator {
        
            // HMAC
            $hash = hash_hmac ('sha1', $bin_counter, $key);
-           return $this->oath_truncate($hash);
+           return str_pad($this->oath_truncate($hash), 6, "0", STR_PAD_LEFT);
        }
        
        function oath_truncate($hash, $length = 6)