--- /dev/null
+<?php
+/*
+ * This example rely's on the provisioning example, you must first create accounts in the provisioning
+ * example then use them here.
+ *
+ * This example is solely an example of how a login page might look and/or work
+ *
+ * If a user doesnt have a token assigned, they wont require it on the login page. This is an example
+ * of when your allowing the user to increase security of their OWN account, not the security of the
+ * site as such.
+ *
+ */
+
+require_once("../provisioning/dbfunctions.php");
+require_once("../provisioning/token.php");
+
+
+session_start();
+
+$myga = new myGA();
+
+// check if we're logged in
+if(isset($_SESSION["loginname"])) {
+ if($_SESSION["loginname"]!="") {
+
+ // handle logout
+ if(isset($_REQUEST["logout"])) {
+ error_log("session killer");
+ unset($_SESSION["loginname"]);
+ header("Location: index.php");
+ return;
+ }
+
+ // display the logged in page
+ displayLogedInPage();
+ return;
+ }
+}
+
+
+// here is where we process the login
+if(isset($_REQUEST["login"])) {
+ $db = getDatabase();
+
+ // get the data from the post request
+ error_log("begin login");
+ $username = $_REQUEST["username"];
+ $password = $_REQUEST["password"];
+ $tokencode = $_REQUEST["tokencode"];
+
+ // pull the password hash from the database
+ $sql = "select users_password from users where users_username='$username'";
+ error_log("running sql: $sql");
+ $res = $db->query($sql);
+
+ foreach($res as $row) {
+ $passhash = $row["users_password"];
+ }
+
+ // user entered a tokencode, fail the login and tell the user
+ // if they dont have a token code assigned to them
+ if($tokencode != "") {
+ if(!$myga->hasToken($username)) {
+ $msg = urlencode("Attempted to login with a token when username isnt assigned one");
+ header("Location: index.php?failure=$msg");
+ }
+ }
+
+ // check the password hash versus the login password
+ error_log("checking $passhash against $password (".sha1($password).")");
+ if($passhash == sha1($password)) $passright = true;
+ else {
+ header("Location: index.php?failure=LoginIncorrect");
+ return;
+ }
+
+ // now get myGA to check the token code
+ error_log("passed password auth");
+ if($myga->hasToken($username)) if(!$myga->authenticateUser($username, $tokencode)) {
+ header("Location: index.php?failure=LoginIncorrect");
+ return;
+ }
+
+ // and we're loged in
+ $_SESSION["loginname"] = "$username";
+
+ header("Location: index.php");
+ return;
+}
+
+
+
+
+// and our "your logged in" page
+function displayLogedInPage()
+{
+?>
+<html>
+<h1>Welcome</h1>
+Welcome <?php echo $_SESSION["loginname"]?>, you are logged in.
+Click <a href="index.php?logout">here</a> to log out.
+</html>
+<?php
+ echo "<pre>";
+ print_r($_REQUEST);
+ print_r($_SESSION);
+ echo "</pre>";
+
+ return;
+}
+
+
+
+
+?>
+<html>
+<h2>Welcome to Generic Site</h2>
+<i><b>Note:</b> if the user you've provisioned has not got a token code, its not required for login</i><br>
+Please login:
+<?php
+if(isset($_REQUEST["failure"])) {
+ echo "<hr><font color=\"red\">Login Failure: ".$_REQUEST["failure"]."</font><hr>";
+}
+?>
+<form method="post" action="index.php?login">
+<table>
+<tr><td>Username</td><td><input type="text" name="username"></td></tr>
+<tr><td>Password</td><td><input type="password" name="password"></td></tr>
+<tr><td>Pin Code</td><td><input type="text" name="tokencode"></td></tr>
+<tr><td><input type="submit" name="login" value="Login"></td></tr>
+</table>
+</form>
+<hr>
+<pre>
+<?php
+ print_r($_REQUEST);
+ print_r($_SESSION);
+?>
+</pre>
+</html>
\ No newline at end of file
?>
<hr>
-<b>How to user this page</b> - Create a user with the "Users" form. Once a user is created, then in the "Create Token" form,
+<b>How to use this page</b> - Create a user with the "Users" form. Once a user is created, then in the "Create Token" form,
select the user from the drop down box and then select a token type, then click "provision". In the main user list section
your user should now have a qrcode representing the key for that user. Pull our your mobile phone (with the google
authenticator app from the market) and scan in the code. Next, select the user who's authentication you wish to test from
<form method="post" action="?action=createuser">
Username/login: <input type="text" name="username">
Full Name: <input type="text" name="fullname">
+Password: <input type="password" name="password">
<input type="submit" name="Add" value="Add">
</form>
error_log("dat is $asdf");
switch($ttype) {
case "HOTP":
+ error_log("in hotp");
$st = $tlid;
$en = $tlid+20;
for($i=$st; $i<$en; $i++) {
$stest = $this->oath_hotp($tkey, $i);
- //error_log("code: $code, $stest, $tkey, $tid");
+ error_log("testing code: $code, $stest, $tkey, $tid");
if($code == $stest) {
$tokendata["tokencounter"] = $i;
$this->internalPutData($username, $tokendata);
return false;
break;
case "TOTP":
+ error_log("in totp");
$t_now = time();
$t_ear = $t_now - 45;
$t_lat = $t_now + 60;
//error_log("kmac: $t_now, $t_ear, $t_lat, $t_st, $t_en");
for($i=$t_st; $i<=$t_en; $i++) {
$stest = $this->oath_hotp($tkey, $i);
- //error_log("code: $code, $stest, $tkey\n");
+ error_log("testing code: $code, $stest, $tkey\n");
if($code == $stest) {
return true;
}
projects / ga4php.git / commitdiff