Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
305 Commits
1 Branch
Tree: b0ffed7857
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b0ffed7857'
${ noResults }
Gazelle/classes/twofa.class.php

twofa.class.php 4.7KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. <?php

  2. 

  3. class TwoFactorAuth {

  4.   private $algorithm;

  5.   private $period;

  6.   private $digits;

  7.   private $issuer;

  8.   private static $_base32dict = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567=';

  9.   private static $_base32;

  10.   private static $_base32lookup = [];

  11.   private static $_supportedalgos = array('sha1', 'sha256', 'sha512', 'md5');

  12. 

  13.   function __construct($issuer = null, $digits = 6, $period = 30, $algorithm = 'sha1') {

  14.     $this->issuer = $issuer;

  15.     $this->digits = $digits;

  16.     $this->period = $period;

  17. 

  18.     $algorithm = strtolower(trim($algorithm));

  19.     if (!in_array($algorithm, self::$_supportedalgos)){

  20.       $algorithm = 'sha1';

  21.     }

  22.     $this->algorithm = $algorithm;

  23. 

  24.     self::$_base32 = str_split(self::$_base32dict);

  25.     self::$_base32lookup = array_flip(self::$_base32);

  26.   }

  27. 

  28.   public function createSecret($bits = 210) {

  29.     $secret = '';

  30.     $bytes = ceil($bits / 5); //We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)

  31.     $rnd = random_bytes($bytes);

  32.     for ($i = 0; $i < $bytes; $i++) {

  33.       $secret .= self::$_base32[ord($rnd[$i]) & 31]; //Mask out left 3 bits for 0-31 values

  34.     }

  35.     return $secret;

  36.   }

  37. 

  38.   // Calculate the code with given secret and point in time

  39.   public function getCode($secret, $time = null) {

  40.     $secretkey = $this->base32Decode($secret);

  41. 

  42.     $timestamp = "\0\0\0\0" . pack('N*', $this->getTimeSlice($this->getTime($time)));  // Pack time into binary string

  43.     $hashhmac = hash_hmac($this->algorithm, $timestamp, $secretkey, true);             // Hash it with users secret key

  44.     $hashpart = substr($hashhmac, ord(substr($hashhmac, -1)) & 0x0F, 4);               // Use last nibble of result as index/offset and grab 4 bytes of the result

  45.     $value = unpack('N', $hashpart);                                                   // Unpack binary value

  46.     $value = $value[1] & 0x7FFFFFFF;                                                   // Drop MSB, keep only 31 bits

  47. 

  48.     return str_pad($value % pow(10, $this->digits), $this->digits, '0', STR_PAD_LEFT);

  49.   }

  50. 

  51.   // Check if the code is correct. This will accept codes starting from now +/- ($discrepancy * period) seconds

  52.   public function verifyCode($secret, $code, $discrepancy = 1, $time = null) {

  53.     $result = false;

  54.     $timetamp = $this->getTime($time);

  55. 

  56.     // Always iterate all possible codes to prevent timing-attacks

  57.     for ($i = -$discrepancy; $i <= $discrepancy; $i++) {

  58.       $result |= hash_equals($this->getCode($secret, $timetamp + ($i * $this->period)), $code);

  59.     }

  60. 

  61.     return (bool)$result;

  62.   }

  63. 

  64.   // Get data-uri of QRCode

  65.   public function getQRCodeImageAsDataUri($label, $secret, $size = 300) {

  66. 

  67.     if (exec('which qrencode')) {

  68.       $QRCodeImage = shell_exec("qrencode -s ".(int)($size/40)." -m 3 -o - '".$this->getQRText($label, $secret)."'");

  69.     } else {

  70.       $curlhandle = curl_init();

  71. 

  72.       curl_setopt_array($curlhandle, array(

  73.         CURLOPT_URL => 'https://chart.googleapis.com/chart?cht=qr&chs='.$size.'x'.$size.'&chld=L|1&chl='.rawurlencode($this->getQRText($label, $secret)),

  74.         CURLOPT_RETURNTRANSFER => true,

  75.         CURLOPT_CONNECTTIMEOUT => 10,

  76.         CURLOPT_DNS_CACHE_TIMEOUT => 10,

  77.         CURLOPT_TIMEOUT => 10,

  78.         CURLOPT_SSL_VERIFYPEER => false,

  79.         CURLOPT_USERAGENT => 'TwoFactorAuth'

  80.       ));

  81. 

  82.       $QRCodeImage = curl_exec($curlhandle);

  83.       curl_close($curlhandle);

  84.     }

  85. 

  86.     return 'data:image/png;base64,'.base64_encode($QRCodeImage);

  87.   }

  88. 

  89.   private function getTime($time) {

  90.     return ($time === null) ? time() : $time;

  91.   }

  92. 

  93.   private function getTimeSlice($time = null, $offset = 0) {

  94.     return (int)floor($time / $this->period) + ($offset * $this->period);

  95.   }

  96. 

  97.   // Builds a string to be encoded in a QR code

  98.   public function getQRText($label, $secret) {

  99.     $QRText = 'otpauth://totp/'.rawurlencode($label).'?secret='.rawurlencode($secret);

  100.     $QRText .= ($this->issuer) ? '&issuer='.rawurlencode($this->issuer) : '';

  101.     $QRText .= ($this->period != 30) ? '&period='.intval($this->period) : '';

  102.     $QRText .= ($this->algorithm != 'sha1') ? '&algorithm='.rawurlencode(strtoupper($this->algorithm)) : '';

  103.     $QRText .= ($this->digits != 6) ? '&digits='.intval($this->digits) : '';

  104.     return $QRText;

  105.   }

  106. 

  107.   private function base32Decode($value) {

  108.     if (strlen($value)==0) { return ''; }

  109. 

  110.     $buffer = '';

  111.     foreach (str_split($value) as $char) {

  112.       if ($char !== '=') {

  113.         $buffer .= str_pad(decbin(self::$_base32lookup[$char]), 5, 0, STR_PAD_LEFT);

  114.       }

  115.     }

  116.     $length = strlen($buffer);

  117.     $blocks = trim(chunk_split(substr($buffer, 0, $length - ($length % 8)), 8, ' '));

  118. 

  119.     $output = '';

  120.     foreach (explode(' ', $blocks) as $block) {

  121.       $output .= chr(bindec(str_pad($block, 8, 0, STR_PAD_RIGHT)));

  122.     }

  123. 

  124.     return $output;

  125.   }

  126. }