From 19985dbb8c0aa66dc4bf7905abc1148de909097d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Tue, 11 Jan 2022 12:35:47 +0100 Subject: prvi-commit --- .../google-authenticator/sample/example.php | 41 ++++++ .../sample/tmpl/ask-for-otp.php | 23 +++ .../google-authenticator/sample/tmpl/loggedin.php | 19 +++ .../sample/tmpl/login-error.php | 6 + .../google-authenticator/sample/tmpl/login.php | 8 ++ .../google-authenticator/sample/tmpl/show-qr.php | 11 ++ .../google-authenticator/sample/users.dat | 1 + .../google-authenticator/sample/web/Users.php | 155 +++++++++++++++++++++ .../google-authenticator/sample/web/index.php | 119 ++++++++++++++++ 9 files changed, 383 insertions(+) create mode 100644 vendor/sonata-project/google-authenticator/sample/example.php create mode 100644 vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php create mode 100644 vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php create mode 100644 vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php create mode 100644 vendor/sonata-project/google-authenticator/sample/tmpl/login.php create mode 100644 vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php create mode 100644 vendor/sonata-project/google-authenticator/sample/users.dat create mode 100644 vendor/sonata-project/google-authenticator/sample/web/Users.php create mode 100644 vendor/sonata-project/google-authenticator/sample/web/index.php (limited to 'vendor/sonata-project/google-authenticator/sample') diff --git a/vendor/sonata-project/google-authenticator/sample/example.php b/vendor/sonata-project/google-authenticator/sample/example.php new file mode 100644 index 0000000..50366d2 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/example.php @@ -0,0 +1,41 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +include_once __DIR__.'/../src/FixedBitNotation.php'; +include_once __DIR__.'/../src/GoogleAuthenticator.php'; +include_once __DIR__.'/../src/GoogleQrUrl.php'; + +$secret = 'XVQ2UIGO75XRUKJO'; +$code = '846474'; + +$g = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); + +echo 'Current Code is: '; +echo $g->getCode($secret); + +echo "\n"; + +echo "Check if $code is valid: "; + +if ($g->checkCode($secret, $code)) { + echo "YES \n"; +} else { + echo "NO \n"; +} + +$secret = $g->generateSecret(); +echo "Get a new Secret: $secret \n"; +echo "The QR Code for this secret (to scan with the Google Authenticator App: \n"; + +echo \Sonata\GoogleAuthenticator\GoogleQrUrl::generate('chregu', $secret, 'GoogleAuthenticatorExample'); +echo "\n"; diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php b/vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php new file mode 100644 index 0000000..f3e06d4 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php @@ -0,0 +1,23 @@ + +

please otp

+

+

+ +
+ (Set $debug in index.php to false, if you don't want to have the OTP prefilled (for real life application, for example ;))
+ + +otp:
+
+ + +
diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php b/vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php new file mode 100644 index 0000000..2a19032 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php @@ -0,0 +1,19 @@ + +

+Hello getUsername(); ?> +

+ + +

+Show QR Code +

+ + + +

+Logout +

diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php b/vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php new file mode 100644 index 0000000..8d23fd3 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php @@ -0,0 +1,6 @@ +

+Wrong username or password or token. +

+

+try again +

diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/login.php b/vendor/sonata-project/google-authenticator/sample/tmpl/login.php new file mode 100644 index 0000000..fd81623 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/login.php @@ -0,0 +1,8 @@ + +

please login

+

+

+username:
+password:
+ +
diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php b/vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php new file mode 100644 index 0000000..774a298 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php @@ -0,0 +1,11 @@ +

Please scan this

+ +

with the Google Authenticator App

+ +

+getUsername(), $secret, 'GoogleAuthenticatorExample'); +?> + + +

diff --git a/vendor/sonata-project/google-authenticator/sample/users.dat b/vendor/sonata-project/google-authenticator/sample/users.dat new file mode 100644 index 0000000..fdcc130 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/users.dat @@ -0,0 +1 @@ +{"chregu":{"password":"foobar"}} \ No newline at end of file diff --git a/vendor/sonata-project/google-authenticator/sample/web/Users.php b/vendor/sonata-project/google-authenticator/sample/web/Users.php new file mode 100644 index 0000000..410ed48 --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/web/Users.php @@ -0,0 +1,155 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +class Users +{ + public function __construct(string $file = '../users.dat') + { + $this->userFile = $file; + + $this->users = json_decode(file_get_contents($file), true); + } + + public function hasSession() + { + session_start(); + if (isset($_SESSION['username'])) { + return $_SESSION['username']; + } + + return false; + } + + public function storeData(User $user): void + { + $this->users[$user->getUsername()] = $user->getData(); + file_put_contents($this->userFile, json_encode($this->users)); + } + + public function loadUser($name) + { + if (isset($this->users[$name])) { + return new User($name, $this->users[$name]); + } + + return false; + } +} + +class User +{ + public function __construct($user, $data) + { + $this->data = $data; + $this->user = $user; + } + + public function auth($pass) + { + if ($this->data['password'] === $pass) { + return true; + } + + return false; + } + + public function startSession(): void + { + $_SESSION['username'] = $this->user; + } + + public function doLogin(): void + { + session_regenerate_id(); + $_SESSION['loggedin'] = true; + $_SESSION['ua'] = $_SERVER['HTTP_USER_AGENT']; + } + + public function doOTP(): void + { + $_SESSION['OTP'] = true; + } + + public function isOTP() + { + if (isset($_SESSION['OTP']) && true === $_SESSION['OTP']) { + return true; + } + + return false; + } + + public function isLoggedIn() + { + if (isset($_SESSION['loggedin']) && true === $_SESSION['loggedin'] && + isset($_SESSION['ua']) && $_SESSION['ua'] === $_SERVER['HTTP_USER_AGENT'] + ) { + return $_SESSION['username']; + } + + return false; + } + + public function getUsername() + { + return $this->user; + } + + public function getSecret() + { + if (isset($this->data['secret'])) { + return $this->data['secret']; + } + + return false; + } + + public function generateSecret() + { + $g = new \Sonata\GoogleAuthenticator\GoogleAuthenticator(); + $secret = $g->generateSecret(); + $this->data['secret'] = $secret; + + return $secret; + } + + public function getData() + { + return $this->data; + } + + public function setOTPCookie(): void + { + $time = floor(time() / (3600 * 24)); // get day number + //about using the user agent: It's easy to fake it, but it increases the barrier for stealing and reusing cookies nevertheless + // and it doesn't do any harm (except that it's invalid after a browser upgrade, but that may be even intented) + $cookie = $time.':'.hash_hmac('sha1', $this->getUsername().':'.$time.':'.$_SERVER['HTTP_USER_AGENT'], $this->getSecret()); + setcookie('otp', $cookie, time() + (30 * 24 * 3600), null, null, null, true); + } + + public function hasValidOTPCookie() + { + // 0 = tomorrow it is invalid + $daysUntilInvalid = 0; + $time = (string) floor((time() / (3600 * 24))); // get day number + if (isset($_COOKIE['otp'])) { + [$otpday, $hash] = explode(':', $_COOKIE['otp']); + + if ($otpday >= $time - $daysUntilInvalid && $hash === hash_hmac('sha1', $this->getUsername().':'.$otpday.':'.$_SERVER['HTTP_USER_AGENT'], $this->getSecret())) { + return true; + } + } + + return false; + } +} diff --git a/vendor/sonata-project/google-authenticator/sample/web/index.php b/vendor/sonata-project/google-authenticator/sample/web/index.php new file mode 100644 index 0000000..626383f --- /dev/null +++ b/vendor/sonata-project/google-authenticator/sample/web/index.php @@ -0,0 +1,119 @@ + + + + + Google Authenticator in PHP demo + + +hasSession()) { + //load the user data from the json storage. + $user = $users->loadUser($username); + //if he clicked logout, destroy the session and redirect to the startscreen. + if (isset($_GET['logout'])) { + session_destroy(); + header('Location: ./'); + } + // check if the user is logged in. + if ($user->isLoggedIn()) { + include __DIR__.'/../tmpl/loggedin.php'; + //show the QR code if whished so + if (isset($_GET['showqr'])) { + $secret = $user->getSecret(); + include __DIR__.'/../tmpl/show-qr.php'; + } + } + //if the user is in the OTP phase and submit the OTP. + else { + if ($user->isOTP() && isset($_POST['otp'])) { + $g = new \Google\Authenticator\GoogleAuthenticator(); + // check if the submitted token is the right one and log in + if ($g->checkCode($user->getSecret(), $_POST['otp'])) { + // do log-in the user + $user->doLogin(); + //if the user clicked the "remember the token" checkbox, set the cookie + if (isset($_POST['remember']) && $_POST['remember']) { + $user->setOTPCookie(); + } + include __DIR__.'/../tmpl/loggedin.php'; + } + //if the OTP is wrong, destroy the session and tell the user to try again + else { + session_destroy(); + include __DIR__.'/../tmpl/login-error.php'; + } + } + // if the user is neither logged in nor in the OTP phase, show the login form + else { + session_destroy(); + include __DIR__.'/../tmpl/login.php'; + } + } + exit(); +} + //if the username is set in _POST, then we assume the user filled in the login form. + + if (isset($_POST['username'])) { + // check if we can load the user (ie. the user exists in our db) + $user = $users->loadUser($_POST['username']); + if ($user) { + //try to authenticate the password and start the session if it's correct. + if ($user->auth($_POST['password'])) { + $user->startSession(); + //check if the user has a valid OTP cookie, so we don't have to + // ask for the current token and can directly log in + if ($user->hasValidOTPCookie()) { + include __DIR__.'/../tmpl/loggedin.php'; + $user->doLogin(); + } + // try to get the users' secret from the db, + // if he doesn't have one, generate one, store it and show it. + else { + if (!$user->getSecret()) { + include __DIR__.'/../tmpl/loggedin.php'; + + $secret = $user->generateSecret(); + $users->storeData($user); + $user->doLogin(); + include __DIR__.'/../tmpl/show-qr.php'; + } + // if the user neither has a valid OTP cookie nor it's the first login + // ask for the OTP + else { + $user->doOTP(); + include __DIR__.'/../tmpl/ask-for-otp.php'; + } + } + + exit(); + } + } + // if we're here, something went wrong, destroy the session and show a login error + session_destroy(); + + include __DIR__.'/../tmpl/login-error.php'; + exit(); + } + +// if neither a session nor tried to submit the login credentials -> login screen +include __DIR__.'/../tmpl/login.php'; + +?> + + -- cgit v1.2.3