From: paulr Date: Mon, 15 Nov 2010 06:04:52 +0000 (+1100) Subject: fixed various issues around how google auth'er wants to see urls. X-Git-Url: http://git.pjr.cc/?a=commitdiff_plain;h=db6663c9a9c95424733e3b3c14822a4f0f654054;p=ga4php.git fixed various issues around how google auth'er wants to see urls. --- diff --git a/example/index.php b/example/index.php index 1699691..78caa96 100644 --- a/example/index.php +++ b/example/index.php @@ -1,6 +1,14 @@ @@ -13,14 +21,17 @@ if(isset($_REQUEST["action"])) { case "createuser": $username = $_REQUEST["username"]; $pr = preg_match('/^[a-zA-Z0-9@\.]+$/',"$username"); + $ttype = $_REQUEST["ttype"]; echo "
"; if(strlen($username)<3) { echo "Sorry, username must be at least 3 chars"; } else if($pr<1) { echo "Sorry, username can only contain a-z, A-Z, 0-9 @ and ."; } else { - $url = $ga->setupUser($username); - echo "QRCode for user \"$username\" is or type in $url (actually its just the code on the end of the url)"; + $key = $ga->setupUser($username, $ttype); + $keyinhex = $ga->helperb322hex($key); + $url = urlencode($ga->createURL($username, $key, $ttype)); + echo "QRCode for user \"$username\" is or type in $key (google authenticator) or $keyinhex (for most other otp's)"; } echo "
"; break; @@ -43,9 +54,6 @@ if(isset($_REQUEST["action"])) { echo "Failed!"; } break; - case "destroy": - unlink("/tmp/gaexpage.db"); - break; default: // do nothing } @@ -57,7 +65,7 @@ if(isset($_REQUEST["action"])) {

Create a User:

Username:
-Type (ignored for now):
+Type:


diff --git a/lib/lib.php b/lib/lib.php index 60ceaa7..8967ffe 100644 --- a/lib/lib.php +++ b/lib/lib.php @@ -43,28 +43,12 @@ class GoogleAuthenticator { // creates "user" in the database and returns a url for // the phone. If user already exists, this returns false // if any error occurs, this returns false - function setupUser($username) { + function setupUser($username, $tokentype="HOTP") { $key = $this->createBase32Key(); // sql for inserting into db - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - - //if($res->fetchCount()>0) { - //$this->errorText = "User Already Exists, $username"; - //return false; - //} - - // and finally create 'em - $hkey = $this->helperb322hex($key); - error_log("key for user $username is $hkey, $key"); - $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP','0')"); - $id = $this->dbConnector->lastInsertID(); - $this->dbConnector->query("insert into users values (NULL, '$username', '$id')"); - - $url = $this->createURL($username, $key); - - return $url; + $key = $this->createUser($username, $key, $tokentype); + return $key; } @@ -74,7 +58,7 @@ class GoogleAuthenticator { $i = 0; $ar = array(); foreach($res as $row) { - error_log("user: ".$row["user_name"]); + //error_log("user: ".$row["user_name"]); $ar[$i] = $row["user_name"]; $i++; } @@ -107,7 +91,7 @@ class GoogleAuthenticator { // create "user" with insert - function createUser($username, $key) { + function createUser($username, $key, $ttype="HOTP") { // sql for inserting into db $sql = "select * from users where user_name='$username'"; $res = $this->dbConnector->query($sql); @@ -119,13 +103,11 @@ class GoogleAuthenticator { // and finally create 'em $hkey = $this->helperb322hex($key); - $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP', '0')"); + $this->dbConnector->query("insert into tokens values (NULL, '$hkey', '$ttype', '0')"); $id = $this->dbConnector->lastInsertID(); $this->dbConnector->query("insert into users values (NULL, '$username', '$id')"); - $url = $this->createURL($username, $key); - - return $url; + return $key; } // Replcate "user" in the database... All this really @@ -246,7 +228,7 @@ class GoogleAuthenticator { $en = $tlid+20; for($i=$st; $i<$en; $i++) { $stest = $this->oath_hotp($tkey, $i); - //echo "code: $code, $stest, $tkey\n"; + error_log("code: $code, $stest, $tkey, $tid"); if($code == $stest) { $sql = "update tokens set token_lastid='$i' where token_id='$tid'"; $this->dbConnector->query($sql); @@ -256,6 +238,19 @@ class GoogleAuthenticator { return false; break; case "TOTP": + $t_now = time(); + $t_ear = $t_now - 45; + $t_lat = $t_now + 60; + $t_st = ((int)($t_ear/30)); + $t_en = ((int)($t_lat/30)); + error_log("kmac: $t_now, $t_ear, $t_lat, $t_st, $t_en"); + for($i=$t_st; $i<=$t_en; $i++) { + $stest = $this->oath_hotp($tkey, $i); + error_log("code: $code, $stest, $tkey\n"); + if($code == $stest) { + return true; + } + } break; default: echo "how the frig did i end up here?"; @@ -332,8 +327,14 @@ class GoogleAuthenticator { } // create a url compatibile with google authenticator. - function createURL($user, $key) { - $url = "otpauth://hotp/$user?secret=$key"; + function createURL($user, $key,$toktype = "HOTP") { + // oddity in the google authenticator... hotp needs to be lowercase. + $toktype = strtolower($toktype); + if($toktype == "hotp") { + $url = "otpauth://$toktype/$user?secret=$key&counter=1"; + } else { + $url = "otpauth://$toktype/$user?secret=$key"; + } //echo "url: $url\n"; return $url; }