static function lookupByToken($token)
{
//Expecting well formatted token see getAuthToken routine for details.
$matches = array();
if (!preg_match(static::$token_regex, $token, $matches)) {
return null;
}
//Unpack the user and ticket ids
$matches += unpack('Vuid/Vtid', Base32::decode(strtolower(substr($matches['hash'], 0, 13))));
$user = null;
switch ($matches['type']) {
case 'c':
//Collaborator c
if (($user = Collaborator::lookup($matches['uid'])) && $user->getTicketId() != $matches['tid']) {
$user = null;
}
break;
case 'o':
//Ticket owner
if ($ticket = Ticket::lookup($matches['tid'])) {
if (($user = $ticket->getOwner()) && $user->getId() != $matches['uid']) {
$user = null;
}
}
break;
}
if (!$user || !$user instanceof TicketUser || strcasecmp($user->getAuthToken($matches['algo']), $token)) {
return false;
}
return $user;
}
/**
* Gets the TOTP passcode for a given secret key $secret and a given UNIX
* timestamp $time
*
* @param string $secret The Base32-encoded secret key
* @param int $time UNIX timestamp
*
* @return string
*/
public function getCode($secret, $time = null)
{
$period = $this->getPeriod($time);
$secret = $this->base32->decode($secret);
$time = pack("N", $period);
$time = str_pad($time, 8, chr(0), STR_PAD_LEFT);
$hash = hash_hmac('sha1', $time, $secret, true);
$offset = ord(substr($hash, -1));
$offset = $offset & 0xf;
$truncatedHash = $this->hashToInt($hash, $offset) & 0x7fffffff;
$pinValue = str_pad($truncatedHash % $this->pinModulo, $this->passCodeLength, "0", STR_PAD_LEFT);
return $pinValue;
}
public function fetch()
{
$rs = $this->_fetch();
$ret = array();
foreach ($rs as $r) {
$match = NULL;
$btih = '';
preg_match('([0-9A-Z]{32})', $r['enclosure'], $match);
if ($match) {
$btih = hexdump(Base32::decode($match[0]));
}
if ($btih == '') {
LOGW("无法解析资源的 BTIH, r = " . var_export($r, TRUE));
}
$ret[] = array('btih' => $btih, 'title' => $r['title'], 'guid' => $r['guid'], 'link' => $r['link'], 'description' => $r['description'], 'pubDate' => strtotime($r['pubDate']), 'magnet' => $r['enclosure']);
}
return $ret;
}
/**
* @throws \InvalidArgumentException
*
* @return string
*/
private function getDecodedSecret()
{
$secret = Base32::decode($this->getSecret());
return $secret;
}
public function testDecodeWithInvalidChars()
{
// Decoding a string made up entirely of invalid characters
$this->assertEquals('', Base32::decode('8908908908908908'));
}
/**
* Check the verification code entered by the user.
*/
function verify($secretkey, $thistry, $relaxedmode, $lasttimeslot)
{
// Did the user enter 6 digits ?
if (strlen($thistry) != 6) {
return false;
} else {
$thistry = intval($thistry);
}
// If user is running in relaxed mode, we allow more time drifting
// ±4 min, as opposed to ± 30 seconds in normal mode.
if ($relaxedmode == 'enabled') {
$firstcount = -8;
$lastcount = 8;
} else {
$firstcount = -1;
$lastcount = 1;
}
$tm = floor(time() / 30);
$secretkey = Base32::decode($secretkey);
// Keys from 30 seconds before and after are valid aswell.
for ($i = $firstcount; $i <= $lastcount; $i++) {
// Pack time into binary string
$time = chr(0) . chr(0) . chr(0) . chr(0) . pack('N*', $tm + $i);
// Hash it with users secret key
$hm = hash_hmac('SHA1', $time, $secretkey, true);
// Use last nipple of result as index/offset
$offset = ord(substr($hm, -1)) & 0xf;
// grab 4 bytes of the result
$hashpart = substr($hm, $offset, 4);
// Unpak binary value
$value = unpack("N", $hashpart);
$value = $value[1];
// Only 32 bits
$value = $value & 0x7fffffff;
$value = $value % 1000000;
if ($value === $thistry) {
// Check for replay (Man-in-the-middle) attack.
// Since this is not Star Trek, time can only move forward,
// meaning current login attempt has to be in the future compared to
// last successful login.
if ($lasttimeslot >= $tm + $i) {
error_log("Google Authenticator plugin: Man-in-the-middle attack detected (Could also be 2 legit login attempts within the same 30 second period)");
return false;
}
// Return timeslot in which login happened.
return $tm + $i;
}
}
return false;
}
/* Copyright 2009 Mo McRoberts.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The names of the author(s) of this software may not be used to endorse
* or promote products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* AUTHORS OF THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
require dirname(__FILE__) . '/../lib/common.php';
array_shift($argv);
foreach ($argv as $value) {
echo $value . " = " . Base32::decode($value) . "\n";
}
function getUIDFromEmailReference($ref)
{
$info = unpack('Vtid/Vuid', Base32::decode(strtolower(substr($ref, -13))));
if ($info && $info['tid'] == $this->getId()) {
return $info['uid'];
}
}
/**
* RFC 4648 Base32 decoding
*
* @param $str
* @return string
*/
public static function base32Decode(string $str) : string
{
return Base32::decode($str);
}
/**
* Returns the binary value of the base32 encoded secret
* @access private
* This method should be private but was left public for
* phpunit tests to work.
* @return binary secret key
*/
public function byteSecret()
{
return \Base32::decode($this->secret);
}
/**
* Check the verification code entered by the user.
*/
function verify($secretkey, $thistry, $relaxedmode)
{
// Did the user enter 6 digits ?
if (strlen($thistry) != 6) {
return false;
} else {
$thistry = intval($thistry);
}
// If user is running in relaxed mode, we allow more time drifting
// ±4 min, as opposed to ± 30 seconds in normal mode.
if ($relaxedmode == 'enabled') {
$firstcount = -8;
$lastcount = 8;
} else {
$firstcount = -1;
$lastcount = 1;
}
$tm = floor(time() / 30);
$secretkey = Base32::decode($secretkey);
// Keys from 30 seconds before and after are valid aswell.
for ($i = $firstcount; $i <= $lastcount; $i++) {
// Pack time into binary string
$time = chr(0) . chr(0) . chr(0) . chr(0) . pack('N*', $tm + $i);
// Hash it with users secret key
$hm = hash_hmac('SHA1', $time, $secretkey, true);
// Use last nipple of result as index/offset
$offset = ord(substr($hm, -1)) & 0xf;
// grab 4 bytes of the result
$hashpart = substr($hm, $offset, 4);
// Unpak binary value
$value = unpack("N", $hashpart);
$value = $value[1];
// Only 32 bits
$value = $value & 0x7fffffff;
$value = $value % 1000000;
if ($value == $thistry) {
return true;
}
}
return false;
}
