From: paulr Date: Tue, 16 Nov 2010 15:41:05 +0000 (+1100) Subject: Created a provisioning example X-Git-Url: http://git.pjr.cc/?a=commitdiff_plain;h=ddd5c8118fb9ad4f6e8f4ea7371f189e1b152064;p=ga4php.git Created a provisioning example --- diff --git a/example/provisioning/dbfunctions.php b/example/provisioning/dbfunctions.php new file mode 100644 index 0000000..2aa2c05 --- /dev/null +++ b/example/provisioning/dbfunctions.php @@ -0,0 +1,27 @@ +query($sql); + } + + return $dbobject; +} + +function closeDatabase($db) { + // doesnt do anything yet +} +?> \ No newline at end of file diff --git a/example/provisioning/index.php b/example/provisioning/index.php new file mode 100644 index 0000000..c3577ed --- /dev/null +++ b/example/provisioning/index.php @@ -0,0 +1,151 @@ + + + +

Welcome to GA Provisioning!

+ +".$_REQUEST["success"]."
"; +} +if(isset($_REQUEST["failure"])) { + echo "
".$_REQUEST["failure"]."
"; +} +?> + +
+ + + +

Users

+ + +query("select * from users"); +foreach($result as $row) { + if($myga->hasToken($row["users_username"])) { + $hastoken = "Yes"; + $type = $myga->getTokenType($row["users_username"]); + if($type == "HOTP") { + $type = "- Counter Based"; + } else { + $type = "- Time Based"; + } + $hexkey = $myga->getKey($row["users_username"]); + $b32key = $myga->helperhex2b32($hexkey); + + $url = urlencode($myga->createURL($row["users_username"])); + $keyurl = ""; + + } + else { + $b32key = ""; + $hexkey = ""; + $type = ""; + $hastoken = "no"; + $keyurl = ""; + } + + + // now we generate the qrcode for the user + + echo ""; +} +closeDatabase($db); +?> +
Username/LoginFullnameHas Token?KeyBase 32 KeyHex Key
".$row["users_username"]."".$row["users_fullname"]."$hastoken $type$keyurl$b32key$hexkey
+Create a User: +
+Username/login: +Full Name: + +
+ + +
+ + + +

Create Token

+This form allows you to provision a token for the user
+
+User: +
+Token Type + + +
+ +
+

Test Authentication

+
+User: + + + + +
+internalGetData("asdf"));
+?>
+
+ + \ No newline at end of file diff --git a/example/provisioning/input.php b/example/provisioning/input.php new file mode 100644 index 0000000..11ab6b7 --- /dev/null +++ b/example/provisioning/input.php @@ -0,0 +1,40 @@ +query($sql); + closeDatabase($db); + + header("Location: index.php?success=created"); + break; + case "provision": + $username = $_REQUEST["user"]; + $tokentype = $_REQUEST["tokentype"]; + $myga->setUser($username, $tokentype); + + header("Location: index.php?success=Provisioned"); + break; + case "auth": + $username = $_REQUEST["user"]; + $tokencode = $_REQUEST["tokencode"]; + + if($myga->authenticateUser($username, $tokencode)) { + header("Location: index.php?success=Passed"); + } else { + header("Location: index.php?failure=wrongcode"); + } + break; + } + } +} +?> \ No newline at end of file diff --git a/example/provisioning/token.php b/example/provisioning/token.php new file mode 100644 index 0000000..5c9d903 --- /dev/null +++ b/example/provisioning/token.php @@ -0,0 +1,84 @@ +query($sql); + + // check the result + if(!$result) return false; + + // now just retreieve all the data (there should only be one, but whatever) + $tokendata = false; + foreach($result as $row) { + $tokendata = $row["users_tokendata"]; + } + + // now we have our data, we just return it. If we got no data + // we'll just return false by default + return $tokendata; + + // and there you have it, simple eh? + } + + + // now we need a function for putting the data back into our user table. + // in this example, we wont check anything, we'll just overwrite it. + function putData($username, $data) { + // get our database connection + $dbObject = getDatabase(); + + // set the sql for updating the data + // token data is stored as a base64 encoded string, it should + // not need to be escaped in any way prior to storing in a database + // but feel free to call your databases "addslashes" (or whatever) + // function on $data prior to doing the SQL. + $sql = "update users set users_tokendata='$data' where users_username='$username'"; + + // now execute the sql and return straight away - you should probably + // clean up after yourselves, but im going to assume pdo does this + // for us anyway in this exmaple + if($dbObject->query($sql)) { + return true; + } else { + return false; + } + + // even simpler! + } + + function getUsers() { + // get our database connection + $dbObject = getDatabase(); + + // now the sql again + $sql = "select users_username from users"; + + // run the query + $result = $dbObject->query($sql); + + // iterate over the results - we expect a simple array containing + // a list of usernames + $i = 0; + $users = array(); + foreach($result as $row) { + $users[$i] = $row["username"]; + $i++; + } + + // now return the list + return $users; + } +} + +?> \ No newline at end of file diff --git a/lib/lib.php b/lib/lib.php index 218c98f..2513ebc 100644 --- a/lib/lib.php +++ b/lib/lib.php @@ -58,7 +58,7 @@ abstract class GoogleAuthenticator { // create "user" with insert - function setUser($username, $key = "", $ttype="HOTP") { + function setUser($username, $ttype="HOTP", $key = "") { if($key == "") $key = $this->createBase32Key(); $hkey = $this->helperb322hex($key); @@ -76,6 +76,7 @@ abstract class GoogleAuthenticator { // TODO: change this to a pattern match for an actual key if(!isset($token["tokenkey"])) return false; if($token["tokenkey"] == "") return false; + return true; } @@ -219,7 +220,7 @@ abstract class GoogleAuthenticator { // oddity in the google authenticator... hotp needs to be lowercase. $data = $this->internalGetData($user); $toktype = $data["tokentype"]; - $key = $data["tokenkey"]; + $key = $this->helperhex2b32($data["tokenkey"]); $toktype = strtolower($toktype); if($toktype == "hotp") { $url = "otpauth://$toktype/$user?secret=$key&counter=1"; @@ -242,7 +243,23 @@ abstract class GoogleAuthenticator { return $key; } + + // returns a hex key + function getKey($username) { + $data = $this->internalGetData($username); + $key = $data["tokenkey"]; + + return $key; + } + + // get key type + function getTokenType($username) { + $data = $this->internalGetData($username); + $toktype = $data["tokentype"]; + return $toktype; + } + function helperb322hex($b32) { $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";