diff options
Diffstat (limited to 'vendor/sonata-project/google-authenticator/sample')
9 files changed, 383 insertions, 0 deletions
diff --git a/vendor/sonata-project/google-authenticator/sample/example.php b/vendor/sonata-project/google-authenticator/sample/example.php new file mode 100644 index 0000000..50366d2 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/example.php @@ -0,0 +1,41 @@ +<?php + +declare(strict_types=1); + +/* + * This file is part of the Sonata Project package. + * + * (c) Thomas Rabaix <thomas.rabaix@sonata-project.org> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +include_once __DIR__.'/../src/FixedBitNotation.php'; +include_once __DIR__.'/../src/GoogleAuthenticator.php'; +include_once __DIR__.'/../src/GoogleQrUrl.php'; + +$secret = 'XVQ2UIGO75XRUKJO'; +$code = '846474'; + +$g = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); + +echo 'Current Code is: '; +echo $g->getCode($secret); + +echo "\n"; + +echo "Check if $code is valid: "; + +if ($g->checkCode($secret, $code)) { + echo "YES \n"; +} else { + echo "NO \n"; +} + +$secret = $g->generateSecret(); +echo "Get a new Secret: $secret \n"; +echo "The QR Code for this secret (to scan with the Google Authenticator App: \n"; + +echo \Sonata\GoogleAuthenticator\GoogleQrUrl::generate('chregu', $secret, 'GoogleAuthenticatorExample'); +echo "\n"; diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php b/vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php new file mode 100644 index 0000000..f3e06d4 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php @@ -0,0 +1,23 @@ + +<h1>please otp</h1> +<p> +<form method="post" action="./"> +<?php if ($debug) { + ?> + <br/> + (Set $debug in index.php to false, if you don't want to have the OTP prefilled (for real life application, for example ;))<br/> +<?php +} +?> + +otp: <input name="otp" +value="<?php +if ($debug) { + $g = new GoogleAuthenticator(); + echo $g->getCode($user->getSecret()); +} +?>"/><br/> +<input type="checkbox" name="remember" id="remember" /><label for="remember"> Remember verification for this computer for 1 day.</label> <br/> +<input type="submit"/> + +</form> diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php b/vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php new file mode 100644 index 0000000..2a19032 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php @@ -0,0 +1,19 @@ + +<p> +Hello <?php echo $user->getUsername(); ?> +</p> +<?php +if (!isset($_GET['showqr'])) { + ?> + +<p> +<a href="?showqr=1">Show QR Code</a> +</p> + +<?php +} +?> + +<p> +<a href="?logout=1">Logout</a> +</p> diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php b/vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php new file mode 100644 index 0000000..8d23fd3 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php @@ -0,0 +1,6 @@ +<p> +Wrong username or password or token. +</p> +<p> +<a href="./">try again</a> +</p> diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/login.php b/vendor/sonata-project/google-authenticator/sample/tmpl/login.php new file mode 100644 index 0000000..fd81623 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/login.php @@ -0,0 +1,8 @@ + +<h1>please login</h1> +<p> +<form method="post" action="./"> +username: <input name="username"/><br/> +password: <input name="password" type="password"/><br/> +<input type="submit"/> +</form> diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php b/vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php new file mode 100644 index 0000000..774a298 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php @@ -0,0 +1,11 @@ +<h1>Please scan this </h1> + +<p> with <a href="http://www.google.com/support/a/bin/answer.py?hl=en&answer=1037451">the Google Authenticator App</a></p> + +<p> +<?php +$link = \Sonata\GoogleAuthenticator\GoogleQrUrl::generate($user->getUsername(), $secret, 'GoogleAuthenticatorExample'); +?> + +<a href="<?php echo $link; ?>"><img style="border: 0; padding:10px" src="<?php echo $link; ?>"/></a> +</p> diff --git a/vendor/sonata-project/google-authenticator/sample/users.dat b/vendor/sonata-project/google-authenticator/sample/users.dat new file mode 100644 index 0000000..fdcc130 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/users.dat @@ -0,0 +1 @@ +{"chregu":{"password":"foobar"}}
\ No newline at end of file diff --git a/vendor/sonata-project/google-authenticator/sample/web/Users.php b/vendor/sonata-project/google-authenticator/sample/web/Users.php new file mode 100644 index 0000000..410ed48 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/web/Users.php @@ -0,0 +1,155 @@ +<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of the Sonata Project package.
+ *
+ * (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+class Users
+{
+ public function __construct(string $file = '../users.dat')
+ {
+ $this->userFile = $file;
+
+ $this->users = json_decode(file_get_contents($file), true);
+ }
+
+ public function hasSession()
+ {
+ session_start();
+ if (isset($_SESSION['username'])) {
+ return $_SESSION['username'];
+ }
+
+ return false;
+ }
+
+ public function storeData(User $user): void
+ {
+ $this->users[$user->getUsername()] = $user->getData();
+ file_put_contents($this->userFile, json_encode($this->users));
+ }
+
+ public function loadUser($name)
+ {
+ if (isset($this->users[$name])) {
+ return new User($name, $this->users[$name]);
+ }
+
+ return false;
+ }
+}
+
+class User
+{
+ public function __construct($user, $data)
+ {
+ $this->data = $data;
+ $this->user = $user;
+ }
+
+ public function auth($pass)
+ {
+ if ($this->data['password'] === $pass) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public function startSession(): void
+ {
+ $_SESSION['username'] = $this->user;
+ }
+
+ public function doLogin(): void
+ {
+ session_regenerate_id();
+ $_SESSION['loggedin'] = true;
+ $_SESSION['ua'] = $_SERVER['HTTP_USER_AGENT'];
+ }
+
+ public function doOTP(): void
+ {
+ $_SESSION['OTP'] = true;
+ }
+
+ public function isOTP()
+ {
+ if (isset($_SESSION['OTP']) && true === $_SESSION['OTP']) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public function isLoggedIn()
+ {
+ if (isset($_SESSION['loggedin']) && true === $_SESSION['loggedin'] &&
+ isset($_SESSION['ua']) && $_SESSION['ua'] === $_SERVER['HTTP_USER_AGENT']
+ ) {
+ return $_SESSION['username'];
+ }
+
+ return false;
+ }
+
+ public function getUsername()
+ {
+ return $this->user;
+ }
+
+ public function getSecret()
+ {
+ if (isset($this->data['secret'])) {
+ return $this->data['secret'];
+ }
+
+ return false;
+ }
+
+ public function generateSecret()
+ {
+ $g = new \Sonata\GoogleAuthenticator\GoogleAuthenticator();
+ $secret = $g->generateSecret();
+ $this->data['secret'] = $secret;
+
+ return $secret;
+ }
+
+ public function getData()
+ {
+ return $this->data;
+ }
+
+ public function setOTPCookie(): void
+ {
+ $time = floor(time() / (3600 * 24)); // get day number
+ //about using the user agent: It's easy to fake it, but it increases the barrier for stealing and reusing cookies nevertheless
+ // and it doesn't do any harm (except that it's invalid after a browser upgrade, but that may be even intented)
+ $cookie = $time.':'.hash_hmac('sha1', $this->getUsername().':'.$time.':'.$_SERVER['HTTP_USER_AGENT'], $this->getSecret());
+ setcookie('otp', $cookie, time() + (30 * 24 * 3600), null, null, null, true);
+ }
+
+ public function hasValidOTPCookie()
+ {
+ // 0 = tomorrow it is invalid
+ $daysUntilInvalid = 0;
+ $time = (string) floor((time() / (3600 * 24))); // get day number
+ if (isset($_COOKIE['otp'])) {
+ [$otpday, $hash] = explode(':', $_COOKIE['otp']);
+
+ if ($otpday >= $time - $daysUntilInvalid && $hash === hash_hmac('sha1', $this->getUsername().':'.$otpday.':'.$_SERVER['HTTP_USER_AGENT'], $this->getSecret())) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+}
diff --git a/vendor/sonata-project/google-authenticator/sample/web/index.php b/vendor/sonata-project/google-authenticator/sample/web/index.php new file mode 100644 index 0000000..626383f --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/web/index.php @@ -0,0 +1,119 @@ +<?php declare(strict_types=1);
+ob_start(); //i'm too lazy to check when is sent what ;)
+//set session cookie to be read only via http and not by JavaScript
+ini_set('session.cookie_httponly', '1');
+
+include_once __DIR__.'/../../src/GoogleAuthenticator.php';
+include_once __DIR__.'/../../src/GoogleQrUrl.php';
+include_once __DIR__.'/../../src/FixedBitNotation.php';
+include_once 'Users.php';
+
+?>
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Google Authenticator in PHP demo</title>
+</head>
+<body>
+<?php
+
+//set this to false, if you don't want the token prefilled
+$debug = true;
+
+$users = new Users();
+//check if the user has a session, if not, show the login screen
+if ($username = $users->hasSession()) {
+ //load the user data from the json storage.
+ $user = $users->loadUser($username);
+ //if he clicked logout, destroy the session and redirect to the startscreen.
+ if (isset($_GET['logout'])) {
+ session_destroy();
+ header('Location: ./');
+ }
+ // check if the user is logged in.
+ if ($user->isLoggedIn()) {
+ include __DIR__.'/../tmpl/loggedin.php';
+ //show the QR code if whished so
+ if (isset($_GET['showqr'])) {
+ $secret = $user->getSecret();
+ include __DIR__.'/../tmpl/show-qr.php';
+ }
+ }
+ //if the user is in the OTP phase and submit the OTP.
+ else {
+ if ($user->isOTP() && isset($_POST['otp'])) {
+ $g = new \Google\Authenticator\GoogleAuthenticator();
+ // check if the submitted token is the right one and log in
+ if ($g->checkCode($user->getSecret(), $_POST['otp'])) {
+ // do log-in the user
+ $user->doLogin();
+ //if the user clicked the "remember the token" checkbox, set the cookie
+ if (isset($_POST['remember']) && $_POST['remember']) {
+ $user->setOTPCookie();
+ }
+ include __DIR__.'/../tmpl/loggedin.php';
+ }
+ //if the OTP is wrong, destroy the session and tell the user to try again
+ else {
+ session_destroy();
+ include __DIR__.'/../tmpl/login-error.php';
+ }
+ }
+ // if the user is neither logged in nor in the OTP phase, show the login form
+ else {
+ session_destroy();
+ include __DIR__.'/../tmpl/login.php';
+ }
+ }
+ exit();
+}
+ //if the username is set in _POST, then we assume the user filled in the login form.
+
+ if (isset($_POST['username'])) {
+ // check if we can load the user (ie. the user exists in our db)
+ $user = $users->loadUser($_POST['username']);
+ if ($user) {
+ //try to authenticate the password and start the session if it's correct.
+ if ($user->auth($_POST['password'])) {
+ $user->startSession();
+ //check if the user has a valid OTP cookie, so we don't have to
+ // ask for the current token and can directly log in
+ if ($user->hasValidOTPCookie()) {
+ include __DIR__.'/../tmpl/loggedin.php';
+ $user->doLogin();
+ }
+ // try to get the users' secret from the db,
+ // if he doesn't have one, generate one, store it and show it.
+ else {
+ if (!$user->getSecret()) {
+ include __DIR__.'/../tmpl/loggedin.php';
+
+ $secret = $user->generateSecret();
+ $users->storeData($user);
+ $user->doLogin();
+ include __DIR__.'/../tmpl/show-qr.php';
+ }
+ // if the user neither has a valid OTP cookie nor it's the first login
+ // ask for the OTP
+ else {
+ $user->doOTP();
+ include __DIR__.'/../tmpl/ask-for-otp.php';
+ }
+ }
+
+ exit();
+ }
+ }
+ // if we're here, something went wrong, destroy the session and show a login error
+ session_destroy();
+
+ include __DIR__.'/../tmpl/login-error.php';
+ exit();
+ }
+
+// if neither a session nor tried to submit the login credentials -> login screen
+include __DIR__.'/../tmpl/login.php';
+
+?>
+</body>
+</html>
|