<hr>
<h2>Users</h2>
<table border="1">
<tr><th>Username/Login</th><th>Fullname</th><th>Has Token?</th><th>Key</th><th>Base 32 Key</th><th>Hex Key</th></tr>
<?php
// now we get our list of users - this part of the page just has a list of users
// and the ability to create new ones. This isnt really in the scope of the
// GA4PHP, but for this example, we need to be able to create users, so heres where
// you do it.
$db = getDatabase();
$result = $db->query("select * from users");
foreach ($result as $row) {
if ($myga->hasToken($row["users_username"])) {
$hastoken = "Yes";
$type = $myga->getTokenType($row["users_username"]);
if ($type == "HOTP") {
$type = "- Counter Based";
} else {
$type = "- Time Based";
}
$hexkey = $myga->getKey($row["users_username"]);
$b32key = $myga->helperhex2b32($hexkey);
$url = urlencode($myga->createURL($row["users_username"]));
$keyurl = "<img src=\"http://chart.apis.google.com/chart?cht=qr&chl={$url}&chs=100x100\">";
} else {
$b32key = "";
$hexkey = "";
$type = "";
$i = 0;
foreach ($info as $key => $val) {
//echo "$key is ".$val["distinguishedname"][0]."\n";
if ($val["distinguishedname"][0] != "") {
$user[$i]["dn"] = $val["distinguishedname"][0];
$user[$i]["acn"] = $val["samaccountname"][0];
$user[$i]["cn"] = $val["cn"][0];
}
$i++;
//return 0;
}
foreach ($user as $value) {
$cn = $value["cn"];
$un = $value["acn"];
echo "<tr><td>{$cn}</td><td>{$un}</td></tr>";
}
?>
</table>
testing administrator<br>
<?php
if ($myga->hasToken("administrator")) {
echo "administrator has a token<br>";
} else {
echo "administrator has no token, setting one<br>";
$myga->setUser("administrator");
}
?>
</html>
// get the data from the post request
error_log("begin login");
$username = $_REQUEST["username"];
$password = $_REQUEST["password"];
$tokencode = $_REQUEST["tokencode"];
// pull the password hash from the database
$sql = "select users_password from users where users_username='******'";
error_log("running sql: {$sql}");
$res = $db->query($sql);
foreach ($res as $row) {
$passhash = $row["users_password"];
}
// user entered a tokencode, fail the login and tell the user
// if they dont have a token code assigned to them
if ($tokencode != "") {
if (!$myga->hasToken($username)) {
$msg = urlencode("Attempted to login with a token when username isnt assigned one");
header("Location: index.php?failure={$msg}");
}
}
// check the password hash versus the login password
error_log("checking {$passhash} against {$password} (" . sha1($password) . ")");
if ($passhash == sha1($password)) {
$passright = true;
} else {
header("Location: index.php?failure=LoginIncorrect");
return;
}
// now get myGA to check the token code
error_log("passed password auth");
if ($myga->hasToken($username)) {
