ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed TOTP for client logins

Browse Source
This commit is contained in:
johnnyq
2021-12-04 21:00:34 -05:00
parent e36739297d
commit 53380718b1
4 changed files with 98 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client_logins.php
+3 -1
View File
@@ -1,5 +1,7 @@
<?php <?php
require_once("rfc6238.php");
//Paging //Paging
if(isset($_GET['p'])){ if(isset($_GET['p'])){
$p = intval($_GET['p']); $p = intval($_GET['p']);
@@ -115,7 +117,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
if(empty($login_otp_secret)){ if(empty($login_otp_secret)){
$otp_display = "-"; $otp_display = "-";
}else{ }else{
$otp = get_otp($login_otp_secret); $otp = TokenAuth6238::getTokenCode($login_otp_secret,$rangein30s = 3);
$otp_display = "<i class='far fa-clock text-secondary'></i> $otp<button class='btn btn-sm' data-clipboard-text='$otp'><i class='far fa-copy text-secondary'></i></button>"; $otp_display = "<i class='far fa-clock text-secondary'></i> $otp<button class='btn btn-sm' data-clipboard-text='$otp'><i class='far fa-copy text-secondary'></i></button>";
} }
$login_note = $row['login_note']; $login_note = $row['login_note'];
settings-user.php
+2 -1
View File
@@ -87,12 +87,13 @@ $sql_recent_logs = mysqli_query($mysqli,"SELECT * FROM logs
if(!empty($session_token)){ if(!empty($session_token)){
//Generate QR Code based off the generated key //Generate QR Code based off the generated key
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl('','',$session_token,$config_company_name)); print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl('','',$session_token,$config_company_name));
echo "<p class='text-secondary'>$secretkey</p>";
} }
?> ?>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>"> <input type="hidden" name="token" value="<?php echo $secretkey; ?>">
<hr> <hr>
<?php if(empty($session_token)){ ?> <?php if(empty($session_token)){ ?>
totp-test.php
+80
View File
@@ -0,0 +1,80 @@
<?php
function hotp (string $algo, string $key, int $count, int $length = 6)
{
// hmac $count as uint64 (big endian) with binary $key
$hmac = hash_hmac($algo, pack("J", $count), $key, TRUE);
// get least significant nibble of our $hmac, yielding $offset values 0..15
$offset = unpack("C", $hmac, strlen($hmac)-1)[1] & 0x0F;
// extract a uint32 (big endian) from our $hmac, and mask the most significant bit (the sign bit)
$number = unpack("N", $hmac, $offset)[1] & 0x7FFFFFFF;
// return token based on $number in $length decimal digits, padded with leading zeros
return str_pad($number % (10 ** $length), $length, "0", STR_PAD_LEFT);
}
function totp (string $algo, string $key, int $unixtime, int $interval = 30, int $length = 6)
{
return hotp($algo, $key, intdiv($unixtime, $interval), $length);
}
function hotp_token_ok (string $token, string $algo, string $key, int $count, int $window = 10, int $length = 6)
{
$ok = FALSE;
for ($i = -$window; $i <= $window; $i++)
{
$ok |= hash_equals(hotp($algo, $key, ($count + $i), $length), $token);
}
return $ok;
}
function totp_token_ok (string $token, string $algo, string $key, int $unixtime, int $window = 300, int $interval = 30, int $length = 6)
{
return hotp_token_ok($algo, $key, $token, intdiv($unixtime, $interval), intdiv($window, $interval), $length);
}
function key32gen()
{
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$chars .= "234567";
while (1) {
$key = '';
srand((double) microtime() * 1000000);
for ($i = 0; $i < 32; $i++) {
$key .= substr($chars, (rand() % (strlen($chars))), 1);
}
break;
}
return $key;
}
$unixtimestamp = time();
//$unixtimestamp = "1638664893";
//$secretkey = key32gen();
$secretkey = "";
echo "Unix Time is: $unixtimestamp<br>";
echo "secret Key is: $secretkey<br>";
$test = totp("sha1","$secretkey","$unixtimestamp",30,6);
echo "<br>code is: $test";
?>
totp-test2.php
+12
View File
@@ -0,0 +1,12 @@
<?php
require_once("rfc6238.php");
$secretkey = "";
$gen = TokenAuth6238::getTokenCode($secretkey,$rangein30s = 3);
echo $gen;
?>