Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1097 Commits
2 Branches
Tree: cfaf71c803
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cfaf71c803'
${ noResults }
Gazelle/classes/twofa.class.php

twofa.class.php 5.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 
  1. <?php

  2. #declare(strict_types=1);

  3. 

  4. class TwoFactorAuth

  5. {

  6.     private $algorithm;

  7.     private $period;

  8.     private $digits;

  9.     private $issuer;

  10.     private static $_base32dict = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567=';

  11.     private static $_base32;

  12.     private static $_base32lookup = [];

  13.     private static $_supportedalgos = array('sha1', 'sha256', 'sha512', 'md5');

  14. 

  15.     public function __construct($issuer = null, $digits = 6, $period = 30, $algorithm = 'sha1')

  16.     {

  17.         $this->issuer = $issuer;

  18.         $this->digits = $digits;

  19.         $this->period = $period;

  20. 

  21.         $algorithm = strtolower(trim($algorithm));

  22.         if (!in_array($algorithm, self::$_supportedalgos)) {

  23.             $algorithm = 'sha1';

  24.         }

  25.         $this->algorithm = $algorithm;

  26. 

  27.         self::$_base32 = str_split(self::$_base32dict);

  28.         self::$_base32lookup = array_flip(self::$_base32);

  29.     }

  30. 

  31.     public function createSecret($bits = 210)

  32.     {

  33.         $secret = '';

  34.         $bytes = ceil($bits / 5); //We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)

  35.         $rnd = random_bytes($bytes);

  36. 

  37.         for ($i = 0; $i < $bytes; $i++) {

  38.             $secret .= self::$_base32[ord($rnd[$i]) & 31]; //Mask out left 3 bits for 0-31 values

  39.         }

  40.         return $secret;

  41.     }

  42. 

  43.     // Calculate the code with given secret and point in time

  44.     public function getCode($secret, $time = null)

  45.     {

  46.         $secretkey = $this->base32Decode($secret);

  47. 

  48.         $timestamp = "\0\0\0\0" . pack('N*', $this->getTimeSlice($this->getTime($time)));  // Pack time into binary string

  49.         $hashhmac = hash_hmac($this->algorithm, $timestamp, $secretkey, true);             // Hash it with users secret key

  50.         $hashpart = substr($hashhmac, ord(substr($hashhmac, -1)) & 0x0F, 4);               // Use last nibble of result as index/offset and grab 4 bytes of the result

  51.         $value = unpack('N', $hashpart);                                                   // Unpack binary value

  52.         $value = $value[1] & 0x7FFFFFFF;                                                   // Drop MSB, keep only 31 bits

  53. 

  54.         return str_pad($value % pow(10, $this->digits), $this->digits, '0', STR_PAD_LEFT);

  55.     }

  56. 

  57.     // Check if the code is correct. This will accept codes starting from now +/- ($discrepancy * period) seconds

  58.     public function verifyCode($secret, $code, $discrepancy = 1, $time = null)

  59.     {

  60.         $result = false;

  61.         $timetamp = $this->getTime($time);

  62. 

  63.         // Always iterate all possible codes to prevent timing-attacks

  64.         for ($i = -$discrepancy; $i <= $discrepancy; $i++) {

  65.             $result |= hash_equals($this->getCode($secret, $timetamp + ($i * $this->period)), $code);

  66.         }

  67. 

  68.         return (bool)$result;

  69.     }

  70. 

  71.     // Get data-uri of QRCode

  72.     public function getQRCodeImageAsDataUri($label, $secret, $size = 300)

  73.     {

  74.         if (exec('which qrencode')) {

  75.             $QRCodeImage = shell_exec("qrencode -s ".(int)($size/40)." -m 3 -o - '".$this->getQRText($label, $secret)."'");

  76.         } else {

  77.             $curlhandle = curl_init();

  78. 

  79.             curl_setopt_array($curlhandle, array(

  80.             CURLOPT_URL => 'https://chart.googleapis.com/chart?cht=qr&chs='.$size.'x'.$size.'&chld=L|1&chl='.rawurlencode($this->getQRText($label, $secret)),

  81.             CURLOPT_RETURNTRANSFER => true,

  82.             CURLOPT_CONNECTTIMEOUT => 10,

  83.             CURLOPT_DNS_CACHE_TIMEOUT => 10,

  84.             CURLOPT_TIMEOUT => 10,

  85.             CURLOPT_SSL_VERIFYPEER => false,

  86.             CURLOPT_USERAGENT => 'TwoFactorAuth'

  87.             ));

  88. 

  89.             $QRCodeImage = curl_exec($curlhandle);

  90.             curl_close($curlhandle);

  91.         }

  92.         return 'data:image/png;base64,'.base64_encode($QRCodeImage);

  93.     }

  94. 

  95.     private function getTime($time)

  96.     {

  97.         return ($time === null) ? time() : $time;

  98.     }

  99. 

  100.     private function getTimeSlice($time = null, $offset = 0)

  101.     {

  102.         return (int)floor($time / $this->period) + ($offset * $this->period);

  103.     }

  104. 

  105.     // Builds a string to be encoded in a QR code

  106.     public function getQRText($label, $secret)

  107.     {

  108.         $QRText = 'otpauth://totp/'.rawurlencode($label).'?secret='.rawurlencode($secret);

  109.         $QRText .= ($this->issuer) ? '&issuer='.rawurlencode($this->issuer) : '';

  110.         $QRText .= ($this->period != 30) ? '&period='.intval($this->period) : '';

  111.         $QRText .= ($this->algorithm != 'sha1') ? '&algorithm='.rawurlencode(strtoupper($this->algorithm)) : '';

  112.         $QRText .= ($this->digits != 6) ? '&digits='.intval($this->digits) : '';

  113.         return $QRText;

  114.     }

  115. 

  116.     private function base32Decode($value)

  117.     {

  118.         if (strlen($value)==0) {

  119.             return '';

  120.         }

  121. 

  122.         $buffer = '';

  123.         foreach (str_split($value) as $char) {

  124.             if ($char !== '=') {

  125.                 $buffer .= str_pad(decbin(self::$_base32lookup[$char]), 5, 0, STR_PAD_LEFT);

  126.             }

  127.         }

  128.         

  129.         $length = strlen($buffer);

  130.         $blocks = trim(chunk_split(substr($buffer, 0, $length - ($length % 8)), 8, ' '));

  131. 

  132.         $output = '';

  133.         foreach (explode(' ', $blocks) as $block) {

  134.             $output .= chr(bindec(str_pad($block, 8, 0, STR_PAD_RIGHT)));

  135.         }

  136. 

  137.         return $output;

  138.     }

  139. }