summaryrefslogtreecommitdiffstats
path: root/vendor/sonata-project/google-authenticator/sample
diff options
context:
space:
mode:
authorAnton Luka Šijanec <anton@sijanec.eu>2022-01-11 12:35:47 +0100
committerAnton Luka Šijanec <anton@sijanec.eu>2022-01-11 12:35:47 +0100
commit19985dbb8c0aa66dc4bf7905abc1148de909097d (patch)
tree2cd5a5d20d7e80fc2a51adf60d838d8a2c40999e /vendor/sonata-project/google-authenticator/sample
download1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar
1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.gz
1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.bz2
1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.lz
1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.xz
1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.tar.zst
1ka-19985dbb8c0aa66dc4bf7905abc1148de909097d.zip
Diffstat (limited to 'vendor/sonata-project/google-authenticator/sample')
-rw-r--r--vendor/sonata-project/google-authenticator/sample/example.php41
-rw-r--r--vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php23
-rw-r--r--vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php19
-rw-r--r--vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php6
-rw-r--r--vendor/sonata-project/google-authenticator/sample/tmpl/login.php8
-rw-r--r--vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php11
-rw-r--r--vendor/sonata-project/google-authenticator/sample/users.dat1
-rw-r--r--vendor/sonata-project/google-authenticator/sample/web/Users.php155
-rw-r--r--vendor/sonata-project/google-authenticator/sample/web/index.php119
9 files changed, 383 insertions, 0 deletions
diff --git a/vendor/sonata-project/google-authenticator/sample/example.php b/vendor/sonata-project/google-authenticator/sample/example.php
new file mode 100644
index 0000000..50366d2
--- /dev/null
+++ b/vendor/sonata-project/google-authenticator/sample/example.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of the Sonata Project package.
+ *
+ * (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+include_once __DIR__.'/../src/FixedBitNotation.php';
+include_once __DIR__.'/../src/GoogleAuthenticator.php';
+include_once __DIR__.'/../src/GoogleQrUrl.php';
+
+$secret = 'XVQ2UIGO75XRUKJO';
+$code = '846474';
+
+$g = new \Sonata\GoogleAuthenticator\GoogleAuthenticator();
+
+echo 'Current Code is: ';
+echo $g->getCode($secret);
+
+echo "\n";
+
+echo "Check if $code is valid: ";
+
+if ($g->checkCode($secret, $code)) {
+ echo "YES \n";
+} else {
+ echo "NO \n";
+}
+
+$secret = $g->generateSecret();
+echo "Get a new Secret: $secret \n";
+echo "The QR Code for this secret (to scan with the Google Authenticator App: \n";
+
+echo \Sonata\GoogleAuthenticator\GoogleQrUrl::generate('chregu', $secret, 'GoogleAuthenticatorExample');
+echo "\n";
diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php b/vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php
new file mode 100644
index 0000000..f3e06d4
--- /dev/null
+++ b/vendor/sonata-project/google-authenticator/sample/tmpl/ask-for-otp.php
@@ -0,0 +1,23 @@
+
+<h1>please otp</h1>
+<p>
+<form method="post" action="./">
+<?php if ($debug) {
+ ?>
+ <br/>
+ (Set $debug in index.php to false, if you don't want to have the OTP prefilled (for real life application, for example ;))<br/>
+<?php
+}
+?>
+
+otp: <input name="otp"
+value="<?php
+if ($debug) {
+ $g = new GoogleAuthenticator();
+ echo $g->getCode($user->getSecret());
+}
+?>"/><br/>
+<input type="checkbox" name="remember" id="remember" /><label for="remember"> Remember verification for this computer for 1 day.</label> <br/>
+<input type="submit"/>
+
+</form>
diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php b/vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php
new file mode 100644
index 0000000..2a19032
--- /dev/null
+++ b/vendor/sonata-project/google-authenticator/sample/tmpl/loggedin.php
@@ -0,0 +1,19 @@
+
+<p>
+Hello <?php echo $user->getUsername(); ?>
+</p>
+<?php
+if (!isset($_GET['showqr'])) {
+ ?>
+
+<p>
+<a href="?showqr=1">Show QR Code</a>
+</p>
+
+<?php
+}
+?>
+
+<p>
+<a href="?logout=1">Logout</a>
+</p>
diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php b/vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php
new file mode 100644
index 0000000..8d23fd3
--- /dev/null
+++ b/vendor/sonata-project/google-authenticator/sample/tmpl/login-error.php
@@ -0,0 +1,6 @@
+<p>
+Wrong username or password or token.
+</p>
+<p>
+<a href="./">try again</a>
+</p>
diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/login.php b/vendor/sonata-project/google-authenticator/sample/tmpl/login.php
new file mode 100644
index 0000000..fd81623
--- /dev/null
+++ b/vendor/sonata-project/google-authenticator/sample/tmpl/login.php
@@ -0,0 +1,8 @@
+
+<h1>please login</h1>
+<p>
+<form method="post" action="./">
+username: <input name="username"/><br/>
+password: <input name="password" type="password"/><br/>
+<input type="submit"/>
+</form>
diff --git a/vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php b/vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php
new file mode 100644
index 0000000..774a298
--- /dev/null
+++ b/vendor/sonata-project/google-authenticator/sample/tmpl/show-qr.php
@@ -0,0 +1,11 @@
+<h1>Please scan this </h1>
+
+<p> with <a href="http://www.google.com/support/a/bin/answer.py?hl=en&answer=1037451">the Google Authenticator App</a></p>
+
+<p>
+<?php
+$link = \Sonata\GoogleAuthenticator\GoogleQrUrl::generate($user->getUsername(), $secret, 'GoogleAuthenticatorExample');
+?>
+
+<a href="<?php echo $link; ?>"><img style="border: 0; padding:10px" src="<?php echo $link; ?>"/></a>
+</p>
diff --git a/vendor/sonata-project/google-authenticator/sample/users.dat b/vendor/sonata-project/google-authenticator/sample/users.dat
new file mode 100644
index 0000000..fdcc130
--- /dev/null
+++ b/vendor/sonata-project/google-authenticator/sample/users.dat
@@ -0,0 +1 @@
+{"chregu":{"password":"foobar"}} \ No newline at end of file
diff --git a/vendor/sonata-project/google-authenticator/sample/web/Users.php b/vendor/sonata-project/google-authenticator/sample/web/Users.php
new file mode 100644
index 0000000..410ed48
--- /dev/null
+++ b/vendor/sonata-project/google-authenticator/sample/web/Users.php
@@ -0,0 +1,155 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of the Sonata Project package.
+ *
+ * (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+class Users
+{
+ public function __construct(string $file = '../users.dat')
+ {
+ $this->userFile = $file;
+
+ $this->users = json_decode(file_get_contents($file), true);
+ }
+
+ public function hasSession()
+ {
+ session_start();
+ if (isset($_SESSION['username'])) {
+ return $_SESSION['username'];
+ }
+
+ return false;
+ }
+
+ public function storeData(User $user): void
+ {
+ $this->users[$user->getUsername()] = $user->getData();
+ file_put_contents($this->userFile, json_encode($this->users));
+ }
+
+ public function loadUser($name)
+ {
+ if (isset($this->users[$name])) {
+ return new User($name, $this->users[$name]);
+ }
+
+ return false;
+ }
+}
+
+class User
+{
+ public function __construct($user, $data)
+ {
+ $this->data = $data;
+ $this->user = $user;
+ }
+
+ public function auth($pass)
+ {
+ if ($this->data['password'] === $pass) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public function startSession(): void
+ {
+ $_SESSION['username'] = $this->user;
+ }
+
+ public function doLogin(): void
+ {
+ session_regenerate_id();
+ $_SESSION['loggedin'] = true;
+ $_SESSION['ua'] = $_SERVER['HTTP_USER_AGENT'];
+ }
+
+ public function doOTP(): void
+ {
+ $_SESSION['OTP'] = true;
+ }
+
+ public function isOTP()
+ {
+ if (isset($_SESSION['OTP']) && true === $_SESSION['OTP']) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public function isLoggedIn()
+ {
+ if (isset($_SESSION['loggedin']) && true === $_SESSION['loggedin'] &&
+ isset($_SESSION['ua']) && $_SESSION['ua'] === $_SERVER['HTTP_USER_AGENT']
+ ) {
+ return $_SESSION['username'];
+ }
+
+ return false;
+ }
+
+ public function getUsername()
+ {
+ return $this->user;
+ }
+
+ public function getSecret()
+ {
+ if (isset($this->data['secret'])) {
+ return $this->data['secret'];
+ }
+
+ return false;
+ }
+
+ public function generateSecret()
+ {
+ $g = new \Sonata\GoogleAuthenticator\GoogleAuthenticator();
+ $secret = $g->generateSecret();
+ $this->data['secret'] = $secret;
+
+ return $secret;
+ }
+
+ public function getData()
+ {
+ return $this->data;
+ }
+
+ public function setOTPCookie(): void
+ {
+ $time = floor(time() / (3600 * 24)); // get day number
+ //about using the user agent: It's easy to fake it, but it increases the barrier for stealing and reusing cookies nevertheless
+ // and it doesn't do any harm (except that it's invalid after a browser upgrade, but that may be even intented)
+ $cookie = $time.':'.hash_hmac('sha1', $this->getUsername().':'.$time.':'.$_SERVER['HTTP_USER_AGENT'], $this->getSecret());
+ setcookie('otp', $cookie, time() + (30 * 24 * 3600), null, null, null, true);
+ }
+
+ public function hasValidOTPCookie()
+ {
+ // 0 = tomorrow it is invalid
+ $daysUntilInvalid = 0;
+ $time = (string) floor((time() / (3600 * 24))); // get day number
+ if (isset($_COOKIE['otp'])) {
+ [$otpday, $hash] = explode(':', $_COOKIE['otp']);
+
+ if ($otpday >= $time - $daysUntilInvalid && $hash === hash_hmac('sha1', $this->getUsername().':'.$otpday.':'.$_SERVER['HTTP_USER_AGENT'], $this->getSecret())) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+}
diff --git a/vendor/sonata-project/google-authenticator/sample/web/index.php b/vendor/sonata-project/google-authenticator/sample/web/index.php
new file mode 100644
index 0000000..626383f
--- /dev/null
+++ b/vendor/sonata-project/google-authenticator/sample/web/index.php
@@ -0,0 +1,119 @@
+<?php declare(strict_types=1);
+ob_start(); //i'm too lazy to check when is sent what ;)
+//set session cookie to be read only via http and not by JavaScript
+ini_set('session.cookie_httponly', '1');
+
+include_once __DIR__.'/../../src/GoogleAuthenticator.php';
+include_once __DIR__.'/../../src/GoogleQrUrl.php';
+include_once __DIR__.'/../../src/FixedBitNotation.php';
+include_once 'Users.php';
+
+?>
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Google Authenticator in PHP demo</title>
+</head>
+<body>
+<?php
+
+//set this to false, if you don't want the token prefilled
+$debug = true;
+
+$users = new Users();
+//check if the user has a session, if not, show the login screen
+if ($username = $users->hasSession()) {
+ //load the user data from the json storage.
+ $user = $users->loadUser($username);
+ //if he clicked logout, destroy the session and redirect to the startscreen.
+ if (isset($_GET['logout'])) {
+ session_destroy();
+ header('Location: ./');
+ }
+ // check if the user is logged in.
+ if ($user->isLoggedIn()) {
+ include __DIR__.'/../tmpl/loggedin.php';
+ //show the QR code if whished so
+ if (isset($_GET['showqr'])) {
+ $secret = $user->getSecret();
+ include __DIR__.'/../tmpl/show-qr.php';
+ }
+ }
+ //if the user is in the OTP phase and submit the OTP.
+ else {
+ if ($user->isOTP() && isset($_POST['otp'])) {
+ $g = new \Google\Authenticator\GoogleAuthenticator();
+ // check if the submitted token is the right one and log in
+ if ($g->checkCode($user->getSecret(), $_POST['otp'])) {
+ // do log-in the user
+ $user->doLogin();
+ //if the user clicked the "remember the token" checkbox, set the cookie
+ if (isset($_POST['remember']) && $_POST['remember']) {
+ $user->setOTPCookie();
+ }
+ include __DIR__.'/../tmpl/loggedin.php';
+ }
+ //if the OTP is wrong, destroy the session and tell the user to try again
+ else {
+ session_destroy();
+ include __DIR__.'/../tmpl/login-error.php';
+ }
+ }
+ // if the user is neither logged in nor in the OTP phase, show the login form
+ else {
+ session_destroy();
+ include __DIR__.'/../tmpl/login.php';
+ }
+ }
+ exit();
+}
+ //if the username is set in _POST, then we assume the user filled in the login form.
+
+ if (isset($_POST['username'])) {
+ // check if we can load the user (ie. the user exists in our db)
+ $user = $users->loadUser($_POST['username']);
+ if ($user) {
+ //try to authenticate the password and start the session if it's correct.
+ if ($user->auth($_POST['password'])) {
+ $user->startSession();
+ //check if the user has a valid OTP cookie, so we don't have to
+ // ask for the current token and can directly log in
+ if ($user->hasValidOTPCookie()) {
+ include __DIR__.'/../tmpl/loggedin.php';
+ $user->doLogin();
+ }
+ // try to get the users' secret from the db,
+ // if he doesn't have one, generate one, store it and show it.
+ else {
+ if (!$user->getSecret()) {
+ include __DIR__.'/../tmpl/loggedin.php';
+
+ $secret = $user->generateSecret();
+ $users->storeData($user);
+ $user->doLogin();
+ include __DIR__.'/../tmpl/show-qr.php';
+ }
+ // if the user neither has a valid OTP cookie nor it's the first login
+ // ask for the OTP
+ else {
+ $user->doOTP();
+ include __DIR__.'/../tmpl/ask-for-otp.php';
+ }
+ }
+
+ exit();
+ }
+ }
+ // if we're here, something went wrong, destroy the session and show a login error
+ session_destroy();
+
+ include __DIR__.'/../tmpl/login-error.php';
+ exit();
+ }
+
+// if neither a session nor tried to submit the login credentials -> login screen
+include __DIR__.'/../tmpl/login.php';
+
+?>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 23:19:22 +0200