changed default token type to totp

diff --git a/authserver/authd/authd.php b/authserver/authd/authd.php
index e0f7296..15416c0 100644 (file)
--- a/authserver/authd/authd.php
+++ b/authserver/authd/authd.php
@@ -2,11 +2,6 @@
 
 // TODO: SO MUCH ERROR CHECKING ITS NOT FUNNY
 
-if(file_exists("config.php")) {
-       require_once("config.php");
-} else {
-       // config file doesnt exist, we must abort sensibly
-}
 
 // get out master library for ga4php
 require_once("../lib/lib.php");
@@ -47,7 +42,8 @@ if($pid == -1) {
                                        $otkid = $row["users_otk"];
                                }
                                if($otkid!="") {
-                                       unlink("otks/$otkid.png");
+                                       global $BASE_DIR;
+                                       unlink("$BASE_DIR/authserver/authd/otks/$otkid.png");
                                }
                                
                                $sql = "update users set users_tokendata='',users_otk='' where users_username='$username'";
@@ -106,13 +102,14 @@ if($pid == -1) {
                                        } else if($username != $msg["username"]) {
                                                msg_send($cl_queue, MSG_GET_OTK_PNG, false);
                                        } else {
-                                               $hand = fopen("otks/$otk.png", "rb");
-                                               $data = fread($hand, filesize("otks/$otk.png"));
+                                               global $BASE_DIR;
+                                               $hand = fopen("$BASE_DIR/authserver/authd/otks/$otk.png", "rb");
+                                               $data = fread($hand, filesize("$BASE_DIR/authserver/authd/otks/$otk.png"));
                                                fclose($hand);
-                                               unlink("otks/$otk.png");
+                                               unlink("$BASE_DIR/authserver/authd/otks/$otk.png");
                                                $sql = "update users set users_otk='' where users_username='$username'";
                                                $dbo->query($sql);
-                                               error_log("senting otk, fsize: ".filesize("otks/$otk.png")." $otk ");
+                                               error_log("senting otk, fsize: ".filesize("$BASE_DIR/authserver/authd/otks/$otk.png")." $otk ");
                                                msg_send($cl_queue, MSG_GET_OTK_PNG, $data);
                                        }
                                }
@@ -123,8 +120,9 @@ if($pid == -1) {
                                if(!isset($msg["username"])) {
                                        msg_send($cl_queue, MSG_ADD_USER_TOKEN, false); 
                                } else {
+                                       global $BASE_DIR;
                                        $username = $msg["username"];
-                                       $tokentype="HOTP";
+                                       $tokentype="TOTP";
                                        if(isset($msg["tokentype"])) {
                                                $tokentype=$msg["tokentype"];
                                        }
@@ -136,9 +134,9 @@ if($pid == -1) {
                                        $myga->setUser($username, $tokentype, "", $hexkey);
                                        
                                        $url = $myga->createUrl($username);
-                                       mkdir("otks");
+                                       if(!file_exists("$BASE_DIR/authserver/authd/otks")) mkdir("$BASE_DIR/authserver/authd/otks");
                                        $otk = generateRandomString();
-                                       system("qrencode -o otks/$otk.png $url");
+                                       system("qrencode -o $BASE_DIR/authserver/authd/otks/$otk.png $url");
                                        
                                        $sql = "update users set users_otk='$otk' where users_username='$username'";
                                        $dbo = getDatabase();

diff --git a/authserver/lib/lib.php b/authserver/lib/lib.php
index 02be059..52f09ca 100644 (file)
--- a/authserver/lib/lib.php
+++ b/authserver/lib/lib.php
@@ -17,6 +17,10 @@ define("MSG_GET_OTK_PNG", 10);
 define("MSG_GET_OTK_ID", 11);
 define("MSG_DELETE_USER_TOKEN", 12);
 
+// BASE_DIR = 
+$BASE_DIR = realpath(dirname(__FILE__)."/../../");
+global $BASE_DIR;
+
 // messy
 require_once(dirname(__FILE__)."/../../lib/ga4php.php");
 
@@ -35,15 +39,16 @@ function generateRandomString()
 
 function getDatabase() {
        $dbobject = false;
-       if(file_exists("gaasdata.sqlite")) {
+       global $BASE_DIR;
+       if(file_exists("$BASE_DIR/authserver/authd/gaasdata.sqlite")) {
                try {
-                       $dbobject = new PDO("sqlite:gaasdata.sqlite");
+                       $dbobject = new PDO("sqlite:$BASE_DIR/authserver/authd/gaasdata.sqlite");
                } catch(PDOException $exep) {
                        error_log("execpt on db open");
                }
        } else {
                try {
-                       $dbobject = new PDO("sqlite:gaasdata.sqlite");
+                       $dbobject = new PDO("sqlite:$BASE_DIR/authserver/authd/gaasdata.sqlite");
                } catch(PDOException $exep) {
                        error_log("execpt on db open");
                }

diff --git a/authserver/www/admin.php b/authserver/www/admin.php
index b35a227..5f2364d 100644 (file)
--- a/authserver/www/admin.php
+++ b/authserver/www/admin.php
@@ -36,6 +36,8 @@ On this page, you create users and manage their tokens and passwords. A few note
 and edit anyone, including you
 <li> OTK/One-Time-Keys are the QRcode for provisioning a GA token, it can only be viewed once
 and once viewed is deleted. If you need a new one, you need to delete the user and re-create.
+<li> TOTP tokens are time based tokens that change every 30 seconds, HOTP tokens are event tokens
+that change everytime they are used or generated
        <?php 
 } 
 
@@ -81,12 +83,16 @@ foreach($users as $user) {
        if($user["haspass"]) $haspass = "Yes <a href=\"?action=deletepass&username=$username\">Delete Password</a>";
        else $haspass = "No";
        
-       if($user["hastoken"]) $hastoken = "Yes <a href=\"?action=recreatehotptoken&username=$username\">Re-Create (hotp)</a> <a href=\"?action=recreatetotptoken&username=$username\">Re-Create (totp)</a> <a href=\"?action=deletetoken&username=$username\">Delete</a>";
-       else $hastoken = "No <a href=\"?action=recreatehotptoken&username=$username\">Create (hotp)</a> <a href=\"?action=recreatetotptoken&username=$username\">Create (totp)</a>";
-       
-       if($user["otk"]!="") $otk = "<a href=\"?action=getotk&username=$username&otk=".$user["otk"]."\">Get</a>";
+       if($user["otk"]=="deleted") $otk = "OTK Was Not Picked Up";
+       else if($user["otk"]!="") $otk = "<a href=\"?action=getotk&username=$username&otk=".$user["otk"]."\">Get</a>";
        else $otk = "Already Claimed";
        
+       if($user["hastoken"]) $hastoken = "Yes <a href=\"?action=recreatehotptoken&username=$username\">Re-Create (HOTP)</a> <a href=\"?action=recreatetotptoken&username=$username\">Re-Create (TOTP)</a> <a href=\"?action=deletetoken&username=$username\">Delete</a>";
+       else {
+               $hastoken = "No <a href=\"?action=recreatehotptoken&username=$username\">Create (HOTP)</a> <a href=\"?action=recreatetotptoken&username=$username\">Create (TOTP)</a>";
+               if($user["otk"]!="deleted")$otk = "No Token Exists";
+       }
+       
        $delete = "<a href=\"?action=delete&username=$username\">Delete</a>";
        
        echo "<tr>";