<?php
require_once("../lib/lib.php");
+if(isset($_REQUEST["action"])) {
+ switch($_REQUEST["action"]) {
+ case "destroy":
+ unlink("/tmp/gaexpage.db");
+ break;
+ }
+}
+
$ga = new GoogleAuthenticator("/tmp/gaexpage.db");
?>
case "createuser":
$username = $_REQUEST["username"];
$pr = preg_match('/^[a-zA-Z0-9@\.]+$/',"$username");
+ $ttype = $_REQUEST["ttype"];
echo "<hr>";
if(strlen($username)<3) {
echo "<font color=\"red\">Sorry, username must be at least 3 chars</font>";
} else if($pr<1) {
echo "<font color=\"red\">Sorry, username can only contain a-z, A-Z, 0-9 @ and .</font>";
} else {
- $url = $ga->setupUser($username);
- echo "QRCode for user \"$username\" is <img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=120x120\"> or type in $url (actually its just the code on the end of the url)";
+ $key = $ga->setupUser($username, $ttype);
+ $keyinhex = $ga->helperb322hex($key);
+ $url = urlencode($ga->createURL($username, $key, $ttype));
+ echo "QRCode for user \"$username\" is <img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=120x120\"> or type in $key (google authenticator) or $keyinhex (for most other otp's)";
}
echo "<hr>";
break;
echo "<font color=\"red\">Failed!</font>";
}
break;
- case "destroy":
- unlink("/tmp/gaexpage.db");
- break;
default:
// do nothing
}
<h2>Create a User:</h2>
<form method="post" action="index.php?action=createuser">
Username: <input type="text" name="username"><br>
-Type (ignored for now): <select name="ttype"><option value="HOTP">HOTP</option><option value="TOTP">TOTP</option></select><br>
+Type: <select name="ttype"><option value="HOTP">HOTP</option><option value="TOTP">TOTP</option></select><br>
<input type="submit" name="go" value="go"><br>
</form>
<hr>
// creates "user" in the database and returns a url for
// the phone. If user already exists, this returns false
// if any error occurs, this returns false
- function setupUser($username) {
+ function setupUser($username, $tokentype="HOTP") {
$key = $this->createBase32Key();
// sql for inserting into db
- $sql = "select * from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
-
- //if($res->fetchCount()>0) {
- //$this->errorText = "User Already Exists, $username";
- //return false;
- //}
-
- // and finally create 'em
- $hkey = $this->helperb322hex($key);
- error_log("key for user $username is $hkey, $key");
- $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP','0')");
- $id = $this->dbConnector->lastInsertID();
- $this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
-
- $url = $this->createURL($username, $key);
-
- return $url;
+ $key = $this->createUser($username, $key, $tokentype);
+ return $key;
}
$i = 0;
$ar = array();
foreach($res as $row) {
- error_log("user: ".$row["user_name"]);
+ //error_log("user: ".$row["user_name"]);
$ar[$i] = $row["user_name"];
$i++;
}
// create "user" with insert
- function createUser($username, $key) {
+ function createUser($username, $key, $ttype="HOTP") {
// sql for inserting into db
$sql = "select * from users where user_name='$username'";
$res = $this->dbConnector->query($sql);
// and finally create 'em
$hkey = $this->helperb322hex($key);
- $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP', '0')");
+ $this->dbConnector->query("insert into tokens values (NULL, '$hkey', '$ttype', '0')");
$id = $this->dbConnector->lastInsertID();
$this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
- $url = $this->createURL($username, $key);
-
- return $url;
+ return $key;
}
// Replcate "user" in the database... All this really
$en = $tlid+20;
for($i=$st; $i<$en; $i++) {
$stest = $this->oath_hotp($tkey, $i);
- //echo "code: $code, $stest, $tkey\n";
+ error_log("code: $code, $stest, $tkey, $tid");
if($code == $stest) {
$sql = "update tokens set token_lastid='$i' where token_id='$tid'";
$this->dbConnector->query($sql);
return false;
break;
case "TOTP":
+ $t_now = time();
+ $t_ear = $t_now - 45;
+ $t_lat = $t_now + 60;
+ $t_st = ((int)($t_ear/30));
+ $t_en = ((int)($t_lat/30));
+ error_log("kmac: $t_now, $t_ear, $t_lat, $t_st, $t_en");
+ for($i=$t_st; $i<=$t_en; $i++) {
+ $stest = $this->oath_hotp($tkey, $i);
+ error_log("code: $code, $stest, $tkey\n");
+ if($code == $stest) {
+ return true;
+ }
+ }
break;
default:
echo "how the frig did i end up here?";
}
// create a url compatibile with google authenticator.
- function createURL($user, $key) {
- $url = "otpauth://hotp/$user?secret=$key";
+ function createURL($user, $key,$toktype = "HOTP") {
+ // oddity in the google authenticator... hotp needs to be lowercase.
+ $toktype = strtolower($toktype);
+ if($toktype == "hotp") {
+ $url = "otpauth://$toktype/$user?secret=$key&counter=1";
+ } else {
+ $url = "otpauth://$toktype/$user?secret=$key";
+ }
//echo "url: $url\n";
return $url;
}
projects / ga4php.git / commitdiff