From 56b0dc03375e2a8facb8ff20c05d9be07dd6bcda Mon Sep 17 00:00:00 2001
From: paulr <me@pjr.cc>
Date: Mon, 15 Nov 2010 14:44:33 +1100
Subject: [PATCH] working example page

---
 example/index.php |   55 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 lib/lib.php       |   21 +++++++++++--------
 2 files changed, 66 insertions(+), 10 deletions(-)

diff --git a/example/index.php b/example/index.php
index 15c5adc..ca69203 100644
--- a/example/index.php
+++ b/example/index.php
@@ -1,3 +1,56 @@
 <?php
 
-?>
\ No newline at end of file
+require_once("../lib/lib.php");
+
+$ga = new GoogleAuthenticator("/tmp/gaexpage.db");
+?>
+<html>
+<h1>Example Page for GA4PHP</h1>
+
+<?php
+if(isset($_REQUEST["action"])) {
+	switch($_REQUEST["action"]) {
+		case "createuser":
+			$username = $_REQUEST["username"];
+			$pr = preg_match('/^[a-zA-Z0-9@\.]+$/',"$username");
+			echo "<hr>";
+			if(strlen($username)<3) {
+				echo "<font color=\"red\">Sorry, username must be at least 3 chars</font>";
+			} else if($pr<1) {
+				echo "<font color=\"red\">Sorry, username can only contain a-z, A-Z, 0-9 @ and .</font>";
+			} else {
+				$url = $ga->setupUser($username);
+				echo "QRCode for user \"$username\" is <img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=120x120\">";
+			}
+			echo "<hr>";
+			break;
+		case "authuser":
+			$username = $_REQUEST["username"];
+			$code = $_REQUEST["code"];
+			if($ga->authenticateUser($username, $code)) {
+				echo "<font color=\"green\">Passed!</font>";
+			} else {
+				echo "<font color=\"red\">Failed!</font>";
+			}
+			break;
+		default:
+			// do nothing
+	}
+}
+
+?>
+
+Create a User:
+<form method="post" action="index.php?action=createuser">
+Username: <input type="text" name="username"><br>
+Type (ignored for now): <select name="ttype"><option value="HOTP">HOTP</option><option value="TOTP">TOTP</option></select><br>
+<input type="submit" name="go" value="go"><br>
+</form>
+<hr>
+<form method="post" action="index.php?action=authuser">
+Username: <input type="text" name="username"><br>
+Code: <input type="text" name="code"><br>
+<input type="submit" name="go" value="go"><br>
+</form>
+<hr>
+</html>
\ No newline at end of file
diff --git a/lib/lib.php b/lib/lib.php
index 262149f..01340d9 100644
--- a/lib/lib.php
+++ b/lib/lib.php
@@ -44,13 +44,15 @@ class GoogleAuthenticator {
 		$sql = "select * from users where user_name='$username'";
 		$res = $this->dbConnector->query($sql);
 
-		if($res->fetchCount()>0) {
-			$this->errorText = "User Already Exists, $username";
-			return false;
-		}
+		//if($res->fetchCount()>0) {
+			//$this->errorText = "User Already Exists, $username";
+			//return false;
+		//}
 		
 		// and finally create 'em
-		$this->dbConnector->query("insert into tokens values (NULL, '$key', 'HOTP','0')");
+		$hkey = $this->helperb322hex($key);
+		error_log("key for user $username is $hkey, $key");
+		$this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP','0')");
 		$id = $this->dbConnector->lastInsertID();
 		$this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
 
@@ -95,7 +97,8 @@ class GoogleAuthenticator {
 		//}
 		
 		// and finally create 'em
-		$this->dbConnector->query("insert into tokens values (NULL, '$key', 'HOTP', '0')");
+		$hkey = $this->helperb322hex($key);
+		$this->dbConnector->query("insert into tokens values (NULL, '$hkey', 'HOTP', '0')");
 		$id = $this->dbConnector->lastInsertID();
 		$this->dbConnector->query("insert into users values (NULL, '$username', '$id')");
 
@@ -239,8 +242,8 @@ class GoogleAuthenticator {
 	
 	// create a url compatibile with google authenticator.
 	function createURL($user, $key) {
-		$url = "otpauth://totp/$user?secret=$key";
-		echo "url: $url\n";
+		$url = "otpauth://hotp/$user?secret=$key";
+		//echo "url: $url\n";
 		return $url;
 	}
 	
@@ -329,7 +332,7 @@ class GoogleAuthenticator {
 	
 	    // HMAC
 	    $hash = hash_hmac ('sha1', $bin_counter, $key);
-	    return $this->oath_truncate($hash);
+	    return str_pad($this->oath_truncate($hash), 6, "0", STR_PAD_LEFT);
 	}
 	
 	function oath_truncate($hash, $length = 6)
-- 
1.7.0.4