From: paulr <me@pjr.cc>
Date: Tue, 16 Nov 2010 13:45:55 +0000 (+1100)
Subject: Added some methods and made a todo file
X-Git-Url: http://git.pjr.cc/?p=ga4php.git;a=commitdiff_plain;h=3e8d21f3e93a304c7212e75810f6389cc2cb5bb8

Added some methods and made a todo file
---

diff --git a/doco/TODO.txt b/doco/TODO.txt
new file mode 100644
index 0000000..a0e158c
--- /dev/null
+++ b/doco/TODO.txt
@@ -0,0 +1,8 @@
+The Almighty TODO list:
+
+1) Error checking, lots of error checking and sanity checking Then i need to setup error codes and stuff.
+2) a "hasToken" method for determining if a user has a token or not
+3) implement googles key integrity algorithm thing
+
+Maybe:
+Move to exceptions
diff --git a/doco/readme.txt b/doco/readme.txt
index 8c8c9a8..6e8da30 100644
--- a/doco/readme.txt
+++ b/doco/readme.txt
@@ -1,3 +1,8 @@
+/* Note: This readme is moderately out of day, go see the GA4PHP
+Wiki - http://code.google.com/p/ga4php/w/list But i'll keep the
+file around for historical reasons */
+
+
 The GA4PHP Project
 ==================
 
diff --git a/lib/lib.php b/lib/lib.php
index da5eace..218c98f 100644
--- a/lib/lib.php
+++ b/lib/lib.php
@@ -1,22 +1,5 @@
 <?php
 
-
-/*
- * TODO's:
- * Implement TOTP fully
- * Error checking, lots of error checking
- * have a way of encapsulating token data stright into a single field so it could be added
- *    in some way to a preexisting app without modifying the DB as such... or by just adding
- *    a single field to a user table...
- * Remove all reliance on the SQLite database. Data should come from the encasultating application
- *    which will be expected to provde two function calls where it can get/store data - DONE
- */
-
-/*
- * The way we should really be doing things is to have an array that encapsulates "normal" data (or a class?)
- * and then just manipulate it, then use a checkin function to push the data base into the db...
- */
-
 abstract class GoogleAuthenticator {
 	
 	function __construct() {
@@ -88,6 +71,14 @@ abstract class GoogleAuthenticator {
 	}
 	
 	
+	function hasToken($username) {
+		$token = $this->internalGetData($username);
+		// TODO: change this to a pattern match for an actual key
+		if(!isset($token["tokenkey"])) return false;
+		if($token["tokenkey"] == "") return false;
+	}
+	
+	
 	// sets the key for a user - this is assuming you dont want
 	// to use one created by the application. returns false
 	// if the key is invalid or the user doesn't exist.
@@ -99,12 +90,6 @@ abstract class GoogleAuthenticator {
 	}
 	
 	
-	// have user?
-	function userExists($username) {
-		// need to think about this
-	}
-	
-	
 	// self explanitory?
 	function deleteUser($username) {
 		// oh, we need to figure out how to do thi?
@@ -117,6 +102,7 @@ abstract class GoogleAuthenticator {
 	// it
 	function authenticateUser($username, $code) {
 
+		if(preg_match("/[0-9][0-9][0-9][0-9][0-9][0-9]/",$code)<1) return false;
 		error_log("begin auth user");
 		$tokendata = $this->internalGetData($username);
 		$asdf = print_r($tokendata, true);
@@ -229,8 +215,11 @@ abstract class GoogleAuthenticator {
 	}
 	
 	// create a url compatibile with google authenticator.
-	function createURL($user, $key,$toktype = "HOTP") {
+	function createURL($user) {
 		// oddity in the google authenticator... hotp needs to be lowercase.
+		$data = $this->internalGetData($user);
+		$toktype = $data["tokentype"];
+		$key = $data["tokenkey"];
 		$toktype = strtolower($toktype);
 		if($toktype == "hotp") {
 			$url = "otpauth://$toktype/$user?secret=$key&counter=1";
@@ -355,5 +344,15 @@ abstract class GoogleAuthenticator {
 	private $getDatafunction;
 	private $putDatafunction;
 	private $errorText;
+	private $errorCode;
+	
+	/*
+	 * error codes
+	 * 1: Auth Failed
+	 * 2: No Key
+	 * 3: input code was invalid (user input an invalid code - must be 6 numerical digits)
+	 * 4: user doesnt exist?
+	 * 5: key invalid
+	 */
 }
 ?>
\ No newline at end of file