$data["tokentimer"] = 30; // the token timer (For totp) and not supported by ga yet
$data["tokencounter"] = 1; // the token counter for hotp
$data["tokenalgorithm"] = "SHA1"; // the token algorithm (not supported by ga yet)
+ $data["user1"] = ""; // a place for implementors to store their own data
return $data;
}
function authenticateUser($username, $code) {
if(preg_match("/[0-9][0-9][0-9][0-9][0-9][0-9]/",$code)<1) return false;
- error_log("begin auth user");
+ //error_log("begin auth user");
$tokendata = $this->internalGetData($username);
- $asdf = print_r($tokendata, true);
- error_log("dat is $asdf");
+ //$asdf = print_r($tokendata, true);
+ //error_log("dat is $asdf");
if($tokendata["tokenkey"] == "") {
$errorText = "No Assigned Token";
$tlid = $tokendata["tokencounter"];
$tkey = $tokendata["tokenkey"];
- $asdf = print_r($tokendata, true);
- error_log("dat is $asdf");
+ //$asdf = print_r($tokendata, true);
+ //error_log("dat is $asdf");
switch($ttype) {
case "HOTP":
error_log("in hotp");
return false;
break;
case "TOTP":
+ // ignore it?
break;
default:
echo "how the frig did i end up here?";
$data = $this->internalGetData($user);
$toktype = $data["tokentype"];
$key = $this->helperhex2b32($data["tokenkey"]);
+ $counter = $data["tokencounter"];
$toktype = strtolower($toktype);
if($toktype == "hotp") {
- $url = "otpauth://$toktype/$user?secret=$key&counter=1";
+ $url = "otpauth://$toktype/$user?secret=$key&counter=$counter";
} else {
$url = "otpauth://$toktype/$user?secret=$key";
}
* This file is designed as a "script" extension to freeradius (or some such tool) for radius authentication.
* Also provided is a simple web interface for managing users in freeradius.
*
- * I cant figure out how to make it work with freeradius. I dont want to do password auth at all, in fact i want the login
- * password to *BE* the pin code, but i cant find a way of doing that with freeradius, which is a shame.
+ * The simple web interface should also provide a mechanism for configuring freeradius itself
+ *
*/
?>
\ No newline at end of file
<?php
+/*
+ * This is the web component of the GA4PHP radius server. This web app should be able to configure freeradius and itself.
+ *
+ * This app will try to do the following:
+ * 1) initialise tokens
+ * 2) pull accounts from some backend (such as AD)
+ * 3) allow users to self-enroll.
+ *
+ * I wonder if we can store data in the backend database itself? that would be interesting
+ * then user admin would be less disconnected. I.e. if a user was deleted from AD, their token
+ * data should disappear with them.
+ */
\ No newline at end of file
projects / ga4php.git / commitdiff