$this->hotpHuntValue = $hotphuntvalue;
}
+ // pure abstract functions that need to be overloaded when
+ // creating a sub class
abstract function getData($username);
abstract function putData($username, $data);
abstract function getUsers();
$data["tokentimer"] = 30; // the token timer (For totp) and not supported by ga yet
$data["tokencounter"] = 1; // the token counter for hotp
$data["tokenalgorithm"] = "SHA1"; // the token algorithm (not supported by ga yet)
- $data["user1"] = ""; // a place for implementors to store their own data
+ $data["user"] = ""; // a place for implementors to store their own data
return $data;
}
- // an internal funciton to get
+ // custom data field manipulation bits
+ function setCustomData($username, $data) {
+ $data = $this->internalGetData($username);
+ $data["user"] = $key;
+ $this->internalPutData($username, $data);
+ }
+
+ function getCustomData($username) {
+ $data = $this->internalGetData($username);
+ $custom = $data["user"];
+ return $custom;
+
+ }
+
+ // an internal funciton to get data from the overloaded functions
+ // and turn them into php arrays.
function internalGetData($username) {
$data = $this->getData($username);
$deco = unserialize(base64_decode($data));
return $deco;
}
-
+ // the function used inside the class to put the data into the
+ // datastore using the overloaded data saving class
function internalPutData($username, $data) {
- $enco = base64_encode(serialize($data));
+ if($data == "") $enco = "";
+ else $enco = base64_encode(serialize($data));
return $this->putData($username, $enco);
}
// so lets not be able to set that yet
function setTokenType($username, $tokentype) {
$tokentype = strtoupper($tokentype);
- if($tokentype!="HOTP" and $tokentype!="TOTP") {
+ if($tokentype!="HOTP" && $tokentype!="TOTP") {
$errorText = "Invalid Token Type";
return false;
}
// create "user" with insert
function setUser($username, $ttype="HOTP", $key = "", $hexkey="") {
+ $ttype = strtoupper($ttype);
+ if($ttype != "HOTP" && $ttype !="TOTP") return false;
if($key == "") $key = $this->createBase32Key();
$hkey = $this->helperb322hex($key);
if($hexkey != "") $hkey = $hexkey;
return $key;
}
-
+ // a function to determine if the user has an actual token
function hasToken($username) {
$token = $this->internalGetData($username);
// TODO: change this to a pattern match for an actual key
// consider scrapping this
$token = $this->internalGetData($username);
$token["tokenkey"] = $key;
- $this->internalPutData($username, $token);
+ $this->internalPutData($username, $token);
+
+ // TODO error checking
+ return true;
}
// self explanitory?
function deleteUser($username) {
// oh, we need to figure out how to do thi?
- $data = $this->internalGetData($username);
- $data["tokenkey"] = "";
- $this->internalPutData($username);
+ $this->internalPutData($username, "");
}
+
+
// user has input their user name and some code, authenticate
// it
function authenticateUser($username, $code) {
switch($ttype) {
case "HOTP":
error_log("in hotp");
- $st = $tlid;
+ $st = $tlid+1;
$en = $tlid+$this->hotpSkew;
for($i=$st; $i<$en; $i++) {
$stest = $this->oath_hotp($tkey, $i);
- error_log("testing code: $code, $stest, $tkey, $tid");
+ //error_log("testing code: $code, $stest, $tkey, $tid");
if($code == $stest) {
$tokendata["tokencounter"] = $i;
$this->internalPutData($username, $tokendata);
// for keys
// $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)');
- $tokendata = internalGetData($username);
+ $tokendata = $this->internalGetData($username);
// TODO: check return value
$ttype = $tokendata["tokentype"];
$stest2 = $this->oath_hotp($tkey, $i+1);
if($code2 == $stest2) {
$tokendata["tokencounter"] = $i+1;
- internalPutData($username, $tokendata);
+ $this->internalPutData($username, $tokendata);
return true;
}
}
$data = $this->internalGetData($user);
$toktype = $data["tokentype"];
$key = $this->helperhex2b32($data["tokenkey"]);
- $counter = $data["tokencounter"];
+
+ // token counter should be one more then current token value, otherwise
+ // it gets confused
+ $counter = $data["tokencounter"]+1;
$toktype = strtolower($toktype);
if($toktype == "hotp") {
$url = "otpauth://$toktype/$user?secret=$key&counter=$counter";