From: paulr <me@pjr.cc>
Date: Tue, 16 Nov 2010 15:41:05 +0000 (+1100)
Subject: Created a provisioning example
X-Git-Url: http://git.pjr.cc/?p=ga4php.git;a=commitdiff_plain;h=ddd5c8118fb9ad4f6e8f4ea7371f189e1b152064

Created a provisioning example
---

diff --git a/example/provisioning/dbfunctions.php b/example/provisioning/dbfunctions.php
new file mode 100644
index 0000000..2aa2c05
--- /dev/null
+++ b/example/provisioning/dbfunctions.php
@@ -0,0 +1,27 @@
+<?php
+
+function getDatabase() {
+	$dbobject = false;
+	if(file_exists("/tmp/gadata.sqlite")) {
+		try {
+			$dbobject = new PDO("sqlite:/tmp/gadata.sqlite");
+		} catch(PDOException $exep) {
+			error_log("execpt on db open");
+		}
+	} else {
+		try {
+			$dbobject = new PDO("sqlite:/tmp/gadata.sqlite");
+		} catch(PDOException $exep) {
+			error_log("execpt on db open");
+		}
+		$sql = 'CREATE TABLE "users" ("users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT,"users_fullname" TEXT,"users_tokendata" TEXT);';
+		$dbobject->query($sql);
+	}
+	
+	return $dbobject;
+}
+
+function closeDatabase($db) {
+	// doesnt do anything yet
+}
+?>
\ No newline at end of file
diff --git a/example/provisioning/index.php b/example/provisioning/index.php
new file mode 100644
index 0000000..c3577ed
--- /dev/null
+++ b/example/provisioning/index.php
@@ -0,0 +1,151 @@
+<?php 
+/*
+ * This example is simply an example of how a provisioning page may look
+ * which includes such funcationality as createing users, initialising their
+ * data, create a token for them, testing the token and resyncing it as needed
+ * 
+ */
+
+// Require our php libraries
+require_once("token.php");
+require_once("dbfunctions.php");
+require_once("input.php");
+
+// now lets get an instance of our class
+$myga = new myGA();
+global $myga;
+
+// this part of the page resonds to user input
+processInput();
+?>
+
+<html>
+<h1>Welcome to GA Provisioning!</h1>
+
+<?php 
+// in this part of the code we look for "success" or "fail" things
+if(isset($_REQUEST["success"])) {
+	echo "<br><font color=\"green\">".$_REQUEST["success"]."</font><br>";
+}
+if(isset($_REQUEST["failure"])) {
+	echo "<br><font color=\"red\">".$_REQUEST["failure"]."</font><br>";
+}
+?>
+
+<hr>
+
+
+
+<h2>Users</h2>
+<table border="1">
+<tr><th>Username/Login</th><th>Fullname</th><th>Has Token?</th><th>Key</th><th>Base 32 Key</th><th>Hex Key</th></tr>
+<?php
+// now we get our list of users - this part of the page just has a list of users
+// and the ability to create new ones. This isnt really in the scope of the
+// GA4PHP, but for this example, we need to be able to create users, so heres where
+// you do it.
+$db = getDatabase();
+$result = $db->query("select * from users");
+foreach($result as $row) {
+	if($myga->hasToken($row["users_username"])) {
+		$hastoken = "Yes";
+		$type = $myga->getTokenType($row["users_username"]);
+		if($type == "HOTP") {
+			$type = "- Counter Based";
+		} else {
+			$type = "- Time Based";
+		}
+		$hexkey = $myga->getKey($row["users_username"]);
+		$b32key = $myga->helperhex2b32($hexkey);
+		
+		$url = urlencode($myga->createURL($row["users_username"]));
+		$keyurl = "<img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=100x100\">";
+		
+	}
+	else {
+		$b32key = "";
+		$hexkey = "";
+		$type = "";
+		$hastoken = "no";
+		$keyurl = "";
+	}
+	
+	
+	// now we generate the qrcode for the user
+	
+	echo "<tr><td>".$row["users_username"]."</td><td>".$row["users_fullname"]."</td><td>$hastoken $type</td><td>$keyurl</td><td>$b32key</td><td>$hexkey</td></tr>";
+}
+closeDatabase($db);
+?>
+</table>
+Create a User:
+<form method="post" action="?action=createuser">
+Username/login: <input type="text" name="username">
+Full Name: <input type="text" name="fullname">
+<input type="submit" name="Add" value="Add">
+</form>
+
+
+<hr>
+
+
+
+<h2>Create Token</h2>
+This form allows you to provision a token for the user<br>
+<form method="post" action="?action=provision">
+User:<select name="user">
+<?php
+// here we list the users again for a select clause
+$db = getDatabase();
+$result = $db->query("select * from users");
+foreach($result as $row) {
+	if($myga->hasToken($row["users_username"])) $hastoken = "- Has a token";
+	else $hastoken = "- No token";
+	
+	$username = $row["users_username"];
+	
+	echo "<option value=\"$username\">$username $hastoken</option>";
+}
+closedatabase($db);
+?>
+</select>
+<br>
+Token Type
+<select name="tokentype">
+<option value="HOTP">Counter Based</option>
+<option value="TOTP">Time Based</option>
+</select>
+<input type="submit" name="Add" value="Add">
+</form>
+
+<hr>
+<h2>Test Authentication</h2>
+<form method="post" action="?action=auth">
+User:<select name="user">
+<?php
+// here we list the users again for a select clause
+$db = getDatabase();
+$result = $db->query("select * from users");
+foreach($result as $row) {
+	if($myga->hasToken($row["users_username"])) $hastoken = "- Has a token";
+	else $hastoken = "- No token";
+	
+	$username = $row["users_username"];
+	
+	echo "<option value=\"$username\">$username $hastoken</option>";
+}
+closedatabase($db);
+?>
+<input type="text" name="tokencode">
+<input type="submit" name="Auth" value="Auth">
+</select>
+
+
+<pre>
+<?php 
+
+print_r($myga->internalGetData("asdf"));
+?>
+</pre>
+
+</html>
\ No newline at end of file
diff --git a/example/provisioning/input.php b/example/provisioning/input.php
new file mode 100644
index 0000000..11ab6b7
--- /dev/null
+++ b/example/provisioning/input.php
@@ -0,0 +1,40 @@
+<?php
+
+// this part of the example is the part that processes user inputs from forms
+function processInput() {
+	global $myga;
+	
+	if(isset($_REQUEST["action"])) {
+		switch($_REQUEST["action"]) {
+			case "createuser":
+				// "users_id" INTEGER PRIMARY KEY AUTOINCREMENT,"users_username" TEXT,"users_fullname" TEXT,"users_tokendata" TEXT
+				$username = $_REQUEST["username"];
+				$fullname = $_REQUEST["fullname"];
+				$sql = "insert into users values (NULL, '$username', '$fullname', '0')";
+				$db = getDatabase();
+				$db->query($sql);
+				closeDatabase($db);
+				
+				header("Location: index.php?success=created");
+				break;
+			case "provision":
+				$username = $_REQUEST["user"];
+				$tokentype = $_REQUEST["tokentype"];
+				$myga->setUser($username, $tokentype);
+				
+				header("Location: index.php?success=Provisioned");
+				break;
+			case "auth":
+				$username = $_REQUEST["user"];
+				$tokencode = $_REQUEST["tokencode"];
+				
+				if($myga->authenticateUser($username, $tokencode)) {
+					header("Location: index.php?success=Passed");
+				} else {
+					header("Location: index.php?failure=wrongcode");
+				}
+				break;
+		}
+	}
+}
+?>
\ No newline at end of file
diff --git a/example/provisioning/token.php b/example/provisioning/token.php
new file mode 100644
index 0000000..5c9d903
--- /dev/null
+++ b/example/provisioning/token.php
@@ -0,0 +1,84 @@
+<?php
+
+require_once("../../lib/lib.php");
+
+// define our token class
+class myGA extends GoogleAuthenticator {
+	function getData($username) {
+		
+		// get our database connection
+		$dbObject = getDatabase();
+		
+		// set the sql for retreiving the data
+		$sql = "select users_tokendata from users where users_username='$username'";
+		
+		// run the query
+		$result = $dbObject->query($sql);
+		
+		// check the result
+		if(!$result) return false;
+		
+		// now just retreieve all the data (there should only be one, but whatever)
+		$tokendata = false;
+		foreach($result as $row) {
+			$tokendata = $row["users_tokendata"];
+		}
+		
+		// now we have our data, we just return it. If we got no data
+		// we'll just return false by default
+		return $tokendata;
+		
+		// and there you have it, simple eh?
+	}
+	
+	
+	// now we need a function for putting the data back into our user table.
+	// in this example, we wont check anything, we'll just overwrite it.
+	function putData($username, $data) {
+		// get our database connection
+		$dbObject = getDatabase();
+		
+		// set the sql for updating the data
+		// token data is stored as a base64 encoded string, it should
+		// not need to be escaped in any way prior to storing in a database
+		// but feel free to call your databases "addslashes" (or whatever)
+		// function on $data prior to doing the SQL.
+		$sql = "update users set users_tokendata='$data' where users_username='$username'";
+		
+		// now execute the sql and return straight away - you should probably
+		// clean up after yourselves, but im going to assume pdo does this
+		// for us anyway in this exmaple
+		if($dbObject->query($sql)) {
+			return true;
+		} else {
+			return false;
+		}
+		
+		// even simpler!
+	}
+	
+	function getUsers() {
+		// get our database connection
+		$dbObject = getDatabase();
+		
+		// now the sql again
+		$sql = "select users_username from users";
+		
+		// run the query
+		$result = $dbObject->query($sql);
+		
+		// iterate over the results - we expect a simple array containing
+		// a list of usernames
+		$i = 0;
+		$users = array();
+		foreach($result as $row) {
+			$users[$i] = $row["username"];
+			$i++;
+		}
+		
+		// now return the list
+		return $users;
+	}
+}
+
+?>
\ No newline at end of file
diff --git a/lib/lib.php b/lib/lib.php
index 218c98f..2513ebc 100644
--- a/lib/lib.php
+++ b/lib/lib.php
@@ -58,7 +58,7 @@ abstract class GoogleAuthenticator {
 	
 	
 	// create "user" with insert
-	function setUser($username, $key = "", $ttype="HOTP") {
+	function setUser($username, $ttype="HOTP", $key = "") {
 		if($key == "") $key = $this->createBase32Key();
 		$hkey = $this->helperb322hex($key);
 		
@@ -76,6 +76,7 @@ abstract class GoogleAuthenticator {
 		// TODO: change this to a pattern match for an actual key
 		if(!isset($token["tokenkey"])) return false;
 		if($token["tokenkey"] == "") return false;
+		return true;
 	}
 	
 	
@@ -219,7 +220,7 @@ abstract class GoogleAuthenticator {
 		// oddity in the google authenticator... hotp needs to be lowercase.
 		$data = $this->internalGetData($user);
 		$toktype = $data["tokentype"];
-		$key = $data["tokenkey"];
+		$key = $this->helperhex2b32($data["tokenkey"]);
 		$toktype = strtolower($toktype);
 		if($toktype == "hotp") {
 			$url = "otpauth://$toktype/$user?secret=$key&counter=1";
@@ -242,7 +243,23 @@ abstract class GoogleAuthenticator {
 		
 		return $key;
 	}
+	
+	// returns a hex key
+	function getKey($username) {
+		$data = $this->internalGetData($username);
+		$key = $data["tokenkey"];
+		
+		return $key;
+	}
+		
+	// get key type
+	function getTokenType($username) {
+		$data = $this->internalGetData($username);
+		$toktype = $data["tokentype"];
 		
+		return $toktype;
+	}
+	
 	
 	function helperb322hex($b32) {
         $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";