<?php
-class GoogleAuthenticator {
+abstract class GoogleAuthenticator {
- // first we init google authenticator by passing it a filename
- // for its sqlite database.
- function __construct($file) {
- if(file_exists($file)) {
- try {
- $this->dbConnector = new PDO("sqlite:$file");
- } catch(PDOException $exep) {
- $this->errorText = $exep->getMessage();
- $this->dbConnector = false;
- }
- } else {
- $this->setupDB($file);
- }
-
- $this->dbFile = $file;
+ function __construct() {
}
- // creates the database (tables);
- function setupDB($file) {
-
- try {
- $this->dbConnector = new PDO("sqlite:$file");
- } catch(PDOException $exep) {
- $this->errorText = $exep->getMessage();
- $this->dbConnector = false;
- }
+ abstract function getData($username);
+ abstract function putData($username, $data);
+ abstract function getUsers();
- // here we create some tables and stuff
- $this->dbConnector->query('CREATE TABLE "users" ("user_id" INTEGER PRIMARY KEY AUTOINCREMENT,"user_name" TEXT NOT NULL,"user_tokenid" INTEGER)');
- $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)');
+ // a function to create an empty data structure, filled with some defaults
+ function createEmptyData() {
+ $data["tokenkey"] = ""; // the token key
+ $data["tokentype"] = "HOTP"; // the token type
+ $data["tokentimer"] = 30; // the token timer (For totp) and not supported by ga yet
+ $data["tokencounter"] = 1; // the token counter for hotp
+ $data["tokenalgorithm"] = "SHA1"; // the token algorithm (not supported by ga yet)
+
+ return $data;
}
- // creates "user" in the database and returns a url for
- // the phone. If user already exists, this returns false
- // if any error occurs, this returns false
- function setupUser($username) {
- $key = $this->createBase32Key();
+ // an internal funciton to get
+ function internalGetData($username) {
+ $data = $this->getData($username);
+ $deco = unserialize(base64_decode($data));
- // sql for inserting into db
- $sql = "select * from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
-
- if($res->fetchCount()>0) {
- $this->errorText = "User Already Exists, $username";
- return false;
+ if(!$deco) {
+ $deco = $this->createEmptyData();
}
- // and finally create 'em
- $this->dbConnector->query("insert into tokens values (NULL, '$key', 'HOTP','0')");
- $id = $this->dbConnector->lastInsertID();
- $this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
+ return $deco;
+ }
+
- $url = $this->createURL($username, $key);
+ function internalPutData($username, $data) {
+ $enco = base64_encode(serialize($data));
- return $url;
+ return $this->putData($username, $enco);
}
+
// set the token type the user it going to use.
// this defaults to HOTP - we only do 30s token
// so lets not be able to set that yet
return false;
}
- $sql = "select * from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
-
- foreach($res as $row) {
- $tid = $row["user_tokenid"];
- }
-
-
- // TODO MUST DO ERROR CHECK HERE, this line could be lethal
- $sql = "update tokens set token_type='$tokentype' where token_id='$tid'";
+ $data = $this->internalGetData($username);
+ $data["tokentype"] = $tokentype;
+ $this->internalPutData($username, $data);
return true;
}
// create "user" with insert
- function createUser($username, $key) {
- // sql for inserting into db
- $sql = "select * from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
-
- //if($res) if($res->fetchCount()>0) {
- //$this->errorText = "User Already Exists, $username";
- //return false;
- //}
+ function setUser($username, $ttype="HOTP", $key = "") {
+ if($key == "") $key = $this->createBase32Key();
+ $hkey = $this->helperb322hex($key);
- // and finally create 'em
- $this->dbConnector->query("insert into tokens values (NULL, '$key', 'HOTP', '0')");
- $id = $this->dbConnector->lastInsertID();
- $this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
-
- $url = $this->createURL($username, $key);
+ $token = $this->internalGetData($username);
+ $token["tokenkey"] = $hkey;
+ $token["tokentype"] = $ttype;
- return $url;
+ $this->internalPutData($username, $token);
+ return $key;
}
- // Replcate "user" in the database... All this really
- // does is to replace the key for the user. Returns false
- // if the user doesnt exist of the key is poop
- function replaceUser($username) {
- $key = $this->createBase32Key();
-
- // delete the user - TODO, clean up auth tokens
- $sql = "delete from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
-
- // sql for inserting into db - just making sure.
- $sql = "select * from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
-
- if($res->fetchCount()>0) {
- $this->errorText = "User Already Exists, $username";
- return false;
- }
-
- // and finally create 'em
- $this->dbConnector->query("insert into tokens values (NULL, '$key', '0')");
- $id = $this->dbConnector->lastInsertID();
- $this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
-
- $url = $this->createURL($username, $key);
-
- return $url;
+
+ function hasToken($username) {
+ $token = $this->internalGetData($username);
+ // TODO: change this to a pattern match for an actual key
+ if(!isset($token["tokenkey"])) return false;
+ if($token["tokenkey"] == "") return false;
+ return true;
}
+
// sets the key for a user - this is assuming you dont want
// to use one created by the application. returns false
// if the key is invalid or the user doesn't exist.
function setUserKey($username, $key) {
- $sql = "select * from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
-
- foreach($res as $row) {
- $tid = $row["user_tokenid"];
- }
-
-
- // TODO MUST DO ERROR CHECK HERE, this line could be lethal
- $sql = "update tokens set token_key='$key' where token_id='$tid'";
-
- return true;
+ // consider scrapping this
+ $token = $this->internalGetData($username);
+ $token["tokenkey"] = $key;
+ $this->internalPutData($username, $token);
}
+
// self explanitory?
function deleteUser($username) {
- $sql = "select * from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
-
- foreach($res as $row) {
- $tid = $row["user_tokenid"];
- }
-
-
- // TODO MUST DO ERROR CHECK HERE, this line could be lethal
- $sql = "delete from tokens where token_id='$tid'";
- $this->dbConnector->query($sql);
-
- $sql = "delete from users where user_name='$username'";
- $this->dbConnector->query($sql);
+ // oh, we need to figure out how to do thi?
+ $data = $this->internalGetData($username);
+ $data["tokenkey"] = "";
+ $this->internalPutData($username);
}
// user has input their user name and some code, authenticate
// it
function authenticateUser($username, $code) {
- $sql = "select * from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
+
+ if(preg_match("/[0-9][0-9][0-9][0-9][0-9][0-9]/",$code)<1) return false;
+ error_log("begin auth user");
+ $tokendata = $this->internalGetData($username);
+ $asdf = print_r($tokendata, true);
+ error_log("dat is $asdf");
+
+ if($tokendata["tokenkey"] == "") {
+ $errorText = "No Assigned Token";
+ return false;
+ }
+
+ // TODO: check return value
+ $ttype = $tokendata["tokentype"];
+ $tlid = $tokendata["tokencounter"];
+ $tkey = $tokendata["tokenkey"];
- $tid = -1;
- foreach($res as $row) {
- $tid = $row["user_tokenid"];
+ $asdf = print_r($tokendata, true);
+ error_log("dat is $asdf");
+ switch($ttype) {
+ case "HOTP":
+ error_log("in hotp");
+ $st = $tlid;
+ $en = $tlid+20;
+ for($i=$st; $i<$en; $i++) {
+ $stest = $this->oath_hotp($tkey, $i);
+ error_log("testing code: $code, $stest, $tkey, $tid");
+ if($code == $stest) {
+ $tokendata["tokencounter"] = $i;
+ $this->internalPutData($username, $tokendata);
+ return true;
+ }
+ }
+ return false;
+ break;
+ case "TOTP":
+ error_log("in totp");
+ $t_now = time();
+ $t_ear = $t_now - 45;
+ $t_lat = $t_now + 60;
+ $t_st = ((int)($t_ear/30));
+ $t_en = ((int)($t_lat/30));
+ //error_log("kmac: $t_now, $t_ear, $t_lat, $t_st, $t_en");
+ for($i=$t_st; $i<=$t_en; $i++) {
+ $stest = $this->oath_hotp($tkey, $i);
+ error_log("testing code: $code, $stest, $tkey\n");
+ if($code == $stest) {
+ return true;
+ }
+ }
+ break;
+ default:
+ echo "how the frig did i end up here?";
}
+ return false;
+
+ }
+
+ // this function allows a user to resync their key. If too
+ // many codes are called, we only check up to 20 codes in the future
+ // so if the user is at 21, they'll always fail.
+ function resyncCode($username, $code1, $code2) {
+ // here we'll go from 0 all the way thru to 200k.. if we cant find the code, so be it, they'll need a new one
// for HOTP tokens we start at x and go to x+20
// for TOTP we go +/-1min TODO = remember that +/- 1min should
// for keys
// $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)');
+ $tokendata = internalGetData($username);
- $sql = "select * from tokens where token_id='$tid'";
- $res = $this->dbConnector->query($sql);
+ // TODO: check return value
+ $ttype = $tokendata["tokentype"];
+ $tlid = $tokendata["tokencounter"];
+ $tkey = $tokendata["tokenkey"];
- $tkey = "";
- $ttype = "";
- $tlid = "";
- foreach($res as $row) {
- $tkey = $row["token_key"];
- $ttype = $row["token_type"];
- $tlid = $row["token_lastid"];
+ if($tkey == "") {
+ $this->errorText = "No Assigned Token";
+ return false;
}
switch($ttype) {
case "HOTP":
- $st = $tlid;
- $en = $tlid+20;
+ $st = 0;
+ $en = 200000;
for($i=$st; $i<$en; $i++) {
$stest = $this->oath_hotp($tkey, $i);
//echo "code: $code, $stest, $tkey\n";
- if($code == $stest) {
- $sql = "update tokens set token_lastid='$i' where token_id='$tid'";
- $this->dbConnector->query($sql);
- return true;
+ if($code1 == $stest) {
+ $stest2 = $this->oath_hotp($tkey, $i+1);
+ if($code2 == $stest2) {
+ $tokendata["tokencounter"] = $i+1;
+ internalPutData($username, $tokendata);
+ return true;
+ }
}
}
return false;
}
return false;
-
- }
-
- // this function allows a user to resync their key. If too
- // many codes are called, we only check up to 20 codes in the future
- // so if the user is at 21, they'll always fail.
- function resyncCode($username, $code1, $code2) {
-
}
// gets the error text associated with the last error
}
// create a url compatibile with google authenticator.
- function createURL($user, $key) {
- $url = "otpauth://totp/$user?secret=$key";
- echo "url: $url\n";
+ function createURL($user) {
+ // oddity in the google authenticator... hotp needs to be lowercase.
+ $data = $this->internalGetData($user);
+ $toktype = $data["tokentype"];
+ $key = $this->helperhex2b32($data["tokenkey"]);
+ $toktype = strtolower($toktype);
+ if($toktype == "hotp") {
+ $url = "otpauth://$toktype/$user?secret=$key&counter=1";
+ } else {
+ $url = "otpauth://$toktype/$user?secret=$key";
+ }
+ //echo "url: $url\n";
return $url;
}
return $key;
}
+
+ // returns a hex key
+ function getKey($username) {
+ $data = $this->internalGetData($username);
+ $key = $data["tokenkey"];
+
+ return $key;
+ }
+
+ // get key type
+ function getTokenType($username) {
+ $data = $this->internalGetData($username);
+ $toktype = $data["tokentype"];
+ return $toktype;
+ }
+
function helperb322hex($b32) {
$alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
// HMAC
$hash = hash_hmac ('sha1', $bin_counter, $key);
- return $this->oath_truncate($hash);
+ return str_pad($this->oath_truncate($hash), 6, "0", STR_PAD_LEFT);
}
function oath_truncate($hash, $length = 6)
// some private data bits.
+ private $getDatafunction;
+ private $putDatafunction;
private $errorText;
- private $dbFile;
- private $dbConnector;
+ private $errorCode;
+
+ /*
+ * error codes
+ * 1: Auth Failed
+ * 2: No Key
+ * 3: input code was invalid (user input an invalid code - must be 6 numerical digits)
+ * 4: user doesnt exist?
+ * 5: key invalid
+ */
}
?>
\ No newline at end of file