From 30d86631e9cf0adda2fc14c01ea1bcc6c91356bf Mon Sep 17 00:00:00 2001 From: paulr Date: Tue, 16 Nov 2010 02:38:23 +1100 Subject: [PATCH] a stupid implementaiton of function passing into an object... rediculouse thing to do --- doco/datafunctions.txt | 42 ++++++++ doco/readme.txt | 5 + example/index.php | 59 ++++++++++-- example/tokenstore.php | 78 +++++++++++++++ lib/lib.php | 255 +++++++++++++----------------------------------- 5 files changed, 244 insertions(+), 195 deletions(-) create mode 100644 doco/datafunctions.txt create mode 100644 example/tokenstore.php diff --git a/doco/datafunctions.txt b/doco/datafunctions.txt new file mode 100644 index 0000000..2ee267e --- /dev/null +++ b/doco/datafunctions.txt @@ -0,0 +1,42 @@ +Put data Functions: + +Token type: +1) "settokentype" +2) ["username"] = username + ["tokentype] = tokentype +return true/false; + +Set Token: +1) "setusertoken" +2) ["username"] = username + ["tokentype"] = tokentype + ["tokenkey"] = tokenkey +return true/false; + +Delete Token: +1) "deleteusertoken" +2) "username" +return true/false + +Set Token Counter: +1) "settokencounter" +2) ["username"] = username + ["tokencounter"] = counter +return true/false + +======================================================= + +Get Data Functions: + +UserList: +1) "userlist" +2) "" +returns array + +GetToken: +1) "gettoken" +2) "username" +return: +["tokentype"] = token type +["tokenkey"] = token key +["tokencounter"] = token counter (for hotp) \ No newline at end of file diff --git a/doco/readme.txt b/doco/readme.txt index 8ee974e..9067210 100644 --- a/doco/readme.txt +++ b/doco/readme.txt @@ -21,6 +21,7 @@ codes. But looking at the App's available for smartphones that fullfilled some realistic criteria - easy to use, easy to provision. + READ THIS BIT ============= @@ -45,6 +46,10 @@ the purpose of which is to integrate into your exisint applications, those that are PHP. +Usage +===== +... TODO ... + Complications ============= diff --git a/example/index.php b/example/index.php index 78caa96..b750dbc 100644 --- a/example/index.php +++ b/example/index.php @@ -1,19 +1,42 @@ query($sql); +} + -$ga = new GoogleAuthenticator("/tmp/gaexpage.db"); ?>

Example Page for GA4PHP

+home
"; if(strlen($username)<3) { echo "Sorry, username must be at least 3 chars"; } else if($pr<1) { echo "Sorry, username can only contain a-z, A-Z, 0-9 @ and ."; } else { - $key = $ga->setupUser($username, $ttype); - $keyinhex = $ga->helperb322hex($key); - $url = urlencode($ga->createURL($username, $key, $ttype)); - echo "QRCode for user \"$username\" is or type in $key (google authenticator) or $keyinhex (for most other otp's)"; + //$key = $ga->setUser($username, "", $ttype); + //$keyinhex = $ga->helperb322hex($key); + //$url = urlencode($ga->createURL($username, $key, $ttype)); + //echo "QRCode for user \"$username\" is or type in $key (google authenticator) or $keyinhex (for most other otp's)"; + $sql = "insert into users values (NULL, '$username', 'TOTP', 'ASDF', '0')"; + $dbobject->query($sql); } echo "
"; break; + case "provisiontoken": + $username = $_REQUEST["username"]; + $ttype = $_REQUEST["ttype"]; + $key = $ga->setUser($username, "", $ttype); + $keyinhex = $ga->helperb322hex($key); + $url = urlencode($ga->createURL($username, $key, $ttype)); + echo "QRCode for user \"$username\" is or type in $key (google authenticator) or $keyinhex (for most other otp's), $ttype"; + break; case "authuser": $username = $_REQUEST["username"]; $code = $_REQUEST["code"]; @@ -65,6 +97,19 @@ if(isset($_REQUEST["action"])) {

Create a User:

Username:
+
+
+
+

Provision Token

+
+Username:
Type:

diff --git a/example/tokenstore.php b/example/tokenstore.php new file mode 100644 index 0000000..017439c --- /dev/null +++ b/example/tokenstore.php @@ -0,0 +1,78 @@ +"; +// print_r($query); +// print_r($data); +// echo ""; + + switch($query) { + case "settokentype": + $ttype = $data["tokentype"]; + $tuser = $data["username"]; + $res = $dbobject->query("update users set users_tokentype='$ttype' where users_username='$tuser'"); + break; + case "setusertoken": + $ttype = $data["tokentype"]; + $tkey = $data["tokenkey"]; + $tuser = $data["username"]; + + // dont really care if it does or not + $res = $dbobject->query("delete from users where users_username = '$tuser'"); + + $sql = "insert into users values (NULL, '$tuser', '$ttype', '$tkey', '0')"; + error_log("would call: $sql"); + $res = $dbobject->query($sql); + break; + case "deleteusertoken": + $res = $dbobject->query("delete from users where users_username = '$data'"); + break; + case "settokencounter": + $tcount = $data["tokencounter"]; + $tuser = $data["username"]; + $res = $dbobject->query("update users set users_tokencounter='$tcount' where users_username='$tuser'"); + break; + default: + // do nothing + } +} + +function myGetData($query, $data) { + //echo "called get data:
";
+	//print_r($query);
+	//print_r($data);
+	//echo "
"; + global $dbobject; + + switch($query) { + case "userlist": + $sql = "select users_username from users"; + $res = $dbobject->query($sql); + $i = 0; + $names[0] = ""; + foreach($res as $row) { + //error_log("got username, ".$row["users_username"]); + $names[$i] = $row["users_username"]; + $i++; + } + return $names; + break; + case "gettoken": + $sql = "select * from users where users_username='$data'"; + $res = $dbobject->query($sql); + $i = 0; + $token = ""; + foreach($res as $row) { + $token["tokentype"] = $row["users_tokentype"]; + $token["tokenkey"] = $row["users_tokenkey"]; + $token["tokencounter"] = $row["users_tokencounter"]; + } + return $token; + default: + // nothing + } +} + +?> \ No newline at end of file diff --git a/lib/lib.php b/lib/lib.php index 57a4cbf..86bf7eb 100644 --- a/lib/lib.php +++ b/lib/lib.php @@ -1,5 +1,6 @@ dbConnector = new PDO("sqlite:$file"); - } catch(PDOException $exep) { - $this->errorText = $exep->getMessage(); - $this->dbConnector = false; - } - } else { - $this->setupDB($file); - } - - $this->dbFile = $file; - } - - // creates the database (tables); - function setupDB($file) { - - try { - $this->dbConnector = new PDO("sqlite:$file"); - } catch(PDOException $exep) { - $this->errorText = $exep->getMessage(); - $this->dbConnector = false; - } - - // here we create some tables and stuff - $this->dbConnector->query('CREATE TABLE "users" ("user_id" INTEGER PRIMARY KEY AUTOINCREMENT,"user_name" TEXT NOT NULL,"user_tokenid" INTEGER)'); - $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)'); - } - - // creates "user" in the database and returns a url for - // the phone. If user already exists, this returns false - // if any error occurs, this returns false - function setupUser($username, $tokentype="HOTP") { - $key = $this->createBase32Key(); - - // sql for inserting into db - $key = $this->createUser($username, $key, $tokentype); - return $key; + // $getDataFunction expects 1 argument which defines what data it wants + // and can be "userlist" or "usertoken:username" + // $putDataFunciton expects 2 arguments, $1 is data type, $2 is the data + // $1 can be "changetoken:username", "removetoken:username", $2 is the token + // data in some encoded form + // tokenDATA will be like HOTP;KEY;CID where CID is the current counter value + // why encode like this? i cant think of a good reason tbh, i should probably just + // use php's arry encoder functions + function __construct($getDataFunction, $putDataFunction) { + $this->putDataFunction = $putDataFunction; + $this->getDataFunction = $getDataFunction; } - // this could get ugly for large databases.. we'll worry about that if it ever happens. function getUserList() { - $res = $this->dbConnector->query("select user_name from users"); - $i = 0; - $ar = array(); - foreach($res as $row) { - //error_log("user: ".$row["user_name"]); - $ar[$i] = $row["user_name"]; - $i++; - } - - return $ar; + $func = $this->getDataFunction; + return $func("userlist", ""); } // set the token type the user it going to use. @@ -78,153 +54,62 @@ class GoogleAuthenticator { return false; } - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - - foreach($res as $row) { - $tid = $row["user_tokenid"]; - } - - - // TODO MUST DO ERROR CHECK HERE, this line could be lethal - $sql = "update tokens set token_type='$tokentype' where token_id='$tid'"; + $put["username"] = $username; + $put["tokentype"] = $tokentype; + $func = $this->putDataFunction; + $func("settokentype", $put); return true; } // create "user" with insert - function createUser($username, $key, $ttype="HOTP") { - // sql for inserting into db - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - - //if($res) if($res->fetchCount()>0) { - //$this->errorText = "User Already Exists, $username"; - //return false; - //} - - // and finally create 'em + function setUser($username, $key = "", $ttype="HOTP") { + if($key == "") $key = $this->createBase32Key(); $hkey = $this->helperb322hex($key); - $this->dbConnector->query("insert into tokens values (NULL, '$hkey', '$ttype', '0')"); - $id = $this->dbConnector->lastInsertID(); - $this->dbConnector->query("insert into users values (NULL, '$username', '$id')"); - - return $key; - } - - // Replcate "user" in the database... All this really - // does is to replace the key for the user. Returns false - // if the user doesnt exist of the key is poop - function replaceUser($username) { - $key = $this->createBase32Key(); - - // delete the user - TODO, clean up auth tokens - $sql = "delete from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - // sql for inserting into db - just making sure. - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - - if($res->fetchCount()>0) { - $this->errorText = "User Already Exists, $username"; - return false; - } + $token["username"] = $username; + $token["tokenkey"] = $hkey; + $token["tokentype"] = $ttype; - // and finally create 'em - $this->dbConnector->query("insert into tokens values (NULL, '$key', '0')"); - $id = $this->dbConnector->lastInsertID(); - $this->dbConnector->query("insert into users values (NULL, '$username', '$id')"); - - $url = $this->createURL($username, $key); + $func = $this->putDataFunction; + $func("setusertoken", $token); - return $url; + return $key; } + // sets the key for a user - this is assuming you dont want // to use one created by the application. returns false // if the key is invalid or the user doesn't exist. function setUserKey($username, $key) { - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - - foreach($res as $row) { - $tid = $row["user_tokenid"]; - } - - - // TODO MUST DO ERROR CHECK HERE, this line could be lethal - $sql = "update tokens set token_key='$key' where token_id='$tid'"; - - return true; + // consider scrapping this } // have user? function userExists($username) { - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - - $tid = -1; - foreach($res as $row) { - $tid = $row["user_tokenid"]; - } - - if($tid == -1) return false; - else return $tid; + // need to think about this } // self explanitory? function deleteUser($username) { - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - - foreach($res as $row) { - $tid = $row["user_tokenid"]; - } - - - // TODO MUST DO ERROR CHECK HERE, this line could be lethal - $sql = "delete from tokens where token_id='$tid'"; - $this->dbConnector->query($sql); - - $sql = "delete from users where user_name='$username'"; - $this->dbConnector->query($sql); + $func = $this->putDataFunction; + $func("deleteusertoken", $username); } // user has input their user name and some code, authenticate // it function authenticateUser($username, $code) { - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - $tid = -1; - foreach($res as $row) { - $tid = $row["user_tokenid"]; - } - - // for HOTP tokens we start at x and go to x+20 - - // for TOTP we go +/-1min TODO = remember that +/- 1min should - // be changed based on stepping if we change the expiration time - // for keys - - // $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)'); - - $sql = "select * from tokens where token_id='$tid'"; - $res = $this->dbConnector->query($sql); - - $tkey = ""; - $ttype = ""; - $tlid = ""; - foreach($res as $row) { - $tkey = $row["token_key"]; - $ttype = $row["token_type"]; - $tlid = $row["token_lastid"]; - } + $func = $this->getDataFunction; + $tokendata = $func("gettoken", $username); + // TODO: check return value + $ttype = $tokendata["tokentype"]; + $tlid = $tokendata["tokencounter"]; + $tkey = $tokendata["tokenkey"]; switch($ttype) { case "HOTP": $st = $tlid; @@ -233,8 +118,11 @@ class GoogleAuthenticator { $stest = $this->oath_hotp($tkey, $i); //error_log("code: $code, $stest, $tkey, $tid"); if($code == $stest) { - $sql = "update tokens set token_lastid='$i' where token_id='$tid'"; - $this->dbConnector->query($sql); + $tokenset["username"] = $username; + $tokenset["tokencounter"] = $i; + + $func = $this->putDataFunction; + $func("settokencounter", $tokenset); return true; } } @@ -268,14 +156,6 @@ class GoogleAuthenticator { // so if the user is at 21, they'll always fail. function resyncCode($username, $code1, $code2) { // here we'll go from 0 all the way thru to 200k.. if we cant find the code, so be it, they'll need a new one - $sql = "select * from users where user_name='$username'"; - $res = $this->dbConnector->query($sql); - - $tid = -1; - foreach($res as $row) { - $tid = $row["user_tokenid"]; - } - // for HOTP tokens we start at x and go to x+20 // for TOTP we go +/-1min TODO = remember that +/- 1min should @@ -284,17 +164,13 @@ class GoogleAuthenticator { // $this->dbConnector->query('CREATE TABLE "tokens" ("token_id" INTEGER PRIMARY KEY AUTOINCREMENT,"token_key" TEXT NOT NULL, "token_type" TEXT NOT NULL, "token_lastid" INTEGER NOT NULL)'); - $sql = "select * from tokens where token_id='$tid'"; - $res = $this->dbConnector->query($sql); + $func = $this->getDataFunction; + $tokendata = $func("gettoken", $username); - $tkey = ""; - $ttype = ""; - $tlid = ""; - foreach($res as $row) { - $tkey = $row["token_key"]; - $ttype = $row["token_type"]; - $tlid = $row["token_lastid"]; - } + // TODO: check return value + $ttype = $tokendata["tokentype"]; + $tlid = $tokendata["tokencounter"]; + $tkey = $tokendata["tokenkey"]; switch($ttype) { case "HOTP": @@ -306,8 +182,11 @@ class GoogleAuthenticator { if($code1 == $stest) { $stest2 = $this->oath_hotp($tkey, $i+1); if($code2 == $stest2) { - $sql = "update tokens set token_lastid='$i' where token_id='$tid'"; - $this->dbConnector->query($sql); + $tokenset["username"] = $username; + $tokenset["tokencounter"] = $i+1; + + $func = $this->putDataFunction; + $func("settokencounter", $tokenset); return true; } } @@ -453,8 +332,8 @@ class GoogleAuthenticator { // some private data bits. + private $getDatafunction; + private $putDatafunction; private $errorText; - private $dbFile; - private $dbConnector; } ?> \ No newline at end of file -- 1.7.0.4