<?php
-?>
\ No newline at end of file
+require_once("../lib/lib.php");
+
+$ga = new GoogleAuthenticator("/tmp/gaexpage.db");
+?>
+<html>
+<h1>Example Page for GA4PHP</h1>
+
+<?php
+if(isset($_REQUEST["action"])) {
+ switch($_REQUEST["action"]) {
+ case "createuser":
+ $username = $_REQUEST["username"];
+ $pr = preg_match('/^[a-zA-Z0-9@\.]+$/',"$username");
+ echo "<hr>";
+ if(strlen($username)<3) {
+ echo "<font color=\"red\">Sorry, username must be at least 3 chars</font>";
+ } else if($pr<1) {
+ echo "<font color=\"red\">Sorry, username can only contain a-z, A-Z, 0-9 @ and .</font>";
+ } else {
+ $url = $ga->setupUser($username);
+ echo "QRCode for user \"$username\" is <img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=120x120\">";
+ }
+ echo "<hr>";
+ break;
+ case "authuser":
+ $username = $_REQUEST["username"];
+ $code = $_REQUEST["code"];
+ if($ga->authenticateUser($username, $code)) {
+ echo "<font color=\"green\">Passed!</font>";
+ } else {
+ echo "<font color=\"red\">Failed!</font>";
+ }
+ break;
+ default:
+ // do nothing
+ }
+}
+
+?>
+
+Create a User:
+<form method="post" action="index.php?action=createuser">
+Username: <input type="text" name="username"><br>
+Type (ignored for now): <select name="ttype"><option value="HOTP">HOTP</option><option value="TOTP">TOTP</option></select><br>
+<input type="submit" name="go" value="go"><br>
+</form>
+<hr>
+<form method="post" action="index.php?action=authuser">
+Username: <input type="text" name="username"><br>
+Code: <input type="text" name="code"><br>
+<input type="submit" name="go" value="go"><br>
+</form>
+<hr>
+</html>
\ No newline at end of file
$sql = "select * from users where user_name='$username'";
$res = $this->dbConnector->query($sql);
- if($res->fetchCount()>0) {
- $this->errorText = "User Already Exists, $username";
- return false;
- }
+ //if($res->fetchCount()>0) {
+ //$this->errorText = "User Already Exists, $username";
+ //return false;
+ //}
// and finally create 'em
- $this->dbConnector->query("insert into tokens values (NULL, '$key', 'HOTP','0')");
+ $hkey = $this->helperb322hex($key);
+ error_log("key for user $username is $hkey, $key");
+ $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP','0')");
$id = $this->dbConnector->lastInsertID();
$this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
//}
// and finally create 'em
- $this->dbConnector->query("insert into tokens values (NULL, '$key', 'HOTP', '0')");
+ $hkey = $this->helperb322hex($key);
+ $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP', '0')");
$id = $this->dbConnector->lastInsertID();
$this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
// create a url compatibile with google authenticator.
function createURL($user, $key) {
- $url = "otpauth://totp/$user?secret=$key";
- echo "url: $url\n";
+ $url = "otpauth://hotp/$user?secret=$key";
+ //echo "url: $url\n";
return $url;
}
// HMAC
$hash = hash_hmac ('sha1', $bin_counter, $key);
- return $this->oath_truncate($hash);
+ return str_pad($this->oath_truncate($hash), 6, "0", STR_PAD_LEFT);
}
function oath_truncate($hash, $length = 6)