<?php
+/*
+ * TODO's:
+ * Implement TOTP fully
+ * Error checking, lots of error checking
+ * have a way of encapsulating token data stright into a single field so it could be added
+ * in some way to a preexisting app without modifying the DB as such... or by just adding
+ * a single field to a user table...
+ */
+
class GoogleAuthenticator {
// first we init google authenticator by passing it a filename
// creates "user" in the database and returns a url for
// the phone. If user already exists, this returns false
// if any error occurs, this returns false
- function setupUser($username) {
+ function setupUser($username, $tokentype="HOTP") {
$key = $this->createBase32Key();
// sql for inserting into db
- $sql = "select * from users where user_name='$username'";
- $res = $this->dbConnector->query($sql);
-
- //if($res->fetchCount()>0) {
- //$this->errorText = "User Already Exists, $username";
- //return false;
- //}
-
- // and finally create 'em
- $hkey = $this->helperb322hex($key);
- error_log("key for user $username is $hkey, $key");
- $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP','0')");
- $id = $this->dbConnector->lastInsertID();
- $this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
-
- $url = $this->createURL($username, $key);
+ $key = $this->createUser($username, $key, $tokentype);
+ return $key;
+ }
+
+
+ // this could get ugly for large databases.. we'll worry about that if it ever happens.
+ function getUserList() {
+ $res = $this->dbConnector->query("select user_name from users");
+ $i = 0;
+ $ar = array();
+ foreach($res as $row) {
+ //error_log("user: ".$row["user_name"]);
+ $ar[$i] = $row["user_name"];
+ $i++;
+ }
- return $url;
+ return $ar;
}
// set the token type the user it going to use.
// create "user" with insert
- function createUser($username, $key) {
+ function createUser($username, $key, $ttype="HOTP") {
// sql for inserting into db
$sql = "select * from users where user_name='$username'";
$res = $this->dbConnector->query($sql);
// and finally create 'em
$hkey = $this->helperb322hex($key);
- $this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP', '0')");
+ $this->dbConnector->query("insert into tokens values (NULL, '$hkey', '$ttype', '0')");
$id = $this->dbConnector->lastInsertID();
$this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
- $url = $this->createURL($username, $key);
-
- return $url;
+ return $key;
}
// Replcate "user" in the database... All this really
return true;
}
+
+ // have user?
+ function userExists($username) {
+ $sql = "select * from users where user_name='$username'";
+ $res = $this->dbConnector->query($sql);
+
+ $tid = -1;
+ foreach($res as $row) {
+ $tid = $row["user_tokenid"];
+ }
+
+ if($tid == -1) return false;
+ else return $tid;
+ }
+
+
// self explanitory?
function deleteUser($username) {
$sql = "select * from users where user_name='$username'";
$en = $tlid+20;
for($i=$st; $i<$en; $i++) {
$stest = $this->oath_hotp($tkey, $i);
- //echo "code: $code, $stest, $tkey\n";
+ //error_log("code: $code, $stest, $tkey, $tid");
if($code == $stest) {
$sql = "update tokens set token_lastid='$i' where token_id='$tid'";
$this->dbConnector->query($sql);
return false;
break;
case "TOTP":
+ $t_now = time();
+ $t_ear = $t_now - 45;
+ $t_lat = $t_now + 60;
+ $t_st = ((int)($t_ear/30));
+ $t_en = ((int)($t_lat/30));
+ //error_log("kmac: $t_now, $t_ear, $t_lat, $t_st, $t_en");
+ for($i=$t_st; $i<=$t_en; $i++) {
+ $stest = $this->oath_hotp($tkey, $i);
+ //error_log("code: $code, $stest, $tkey\n");
+ if($code == $stest) {
+ return true;
+ }
+ }
break;
default:
echo "how the frig did i end up here?";
// many codes are called, we only check up to 20 codes in the future
// so if the user is at 21, they'll always fail.
function resyncCode($username, $code1, $code2) {
-
+ // here we'll go from 0 all the way thru to 200k.. if we cant find the code, so be it, they'll need a new one
+ $sql = "select * from users where user_name='$username'";
+ $res = $this->dbConnector->query($sql);
+
+ $tid = -1;
+ foreach($res as $row) {
+ $tid = $row["user_tokenid"];
+ }
+
+ // for HOTP tokens we start at x and go to x+20
+
+ // for TOTP we go +/-1min TODO = remember that +/- 1min should
+ // be changed based on stepping if we change the expiration time
+ // for keys
+
+ // $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)');
+
+ $sql = "select * from tokens where token_id='$tid'";
+ $res = $this->dbConnector->query($sql);
+
+ $tkey = "";
+ $ttype = "";
+ $tlid = "";
+ foreach($res as $row) {
+ $tkey = $row["token_key"];
+ $ttype = $row["token_type"];
+ $tlid = $row["token_lastid"];
+ }
+
+ switch($ttype) {
+ case "HOTP":
+ $st = 0;
+ $en = 200000;
+ for($i=$st; $i<$en; $i++) {
+ $stest = $this->oath_hotp($tkey, $i);
+ //echo "code: $code, $stest, $tkey\n";
+ if($code1 == $stest) {
+ $stest2 = $this->oath_hotp($tkey, $i+1);
+ if($code2 == $stest2) {
+ $sql = "update tokens set token_lastid='$i' where token_id='$tid'";
+ $this->dbConnector->query($sql);
+ return true;
+ }
+ }
+ }
+ return false;
+ break;
+ case "TOTP":
+ break;
+ default:
+ echo "how the frig did i end up here?";
+ }
+
+ return false;
+
}
// gets the error text associated with the last error
}
// create a url compatibile with google authenticator.
- function createURL($user, $key) {
- $url = "otpauth://hotp/$user?secret=$key";
+ function createURL($user, $key,$toktype = "HOTP") {
+ // oddity in the google authenticator... hotp needs to be lowercase.
+ $toktype = strtolower($toktype);
+ if($toktype == "hotp") {
+ $url = "otpauth://$toktype/$user?secret=$key&counter=1";
+ } else {
+ $url = "otpauth://$toktype/$user?secret=$key";
+ }
//echo "url: $url\n";
return $url;
}