static function lookupByToken($token) { //Expecting well formatted token see getAuthToken routine for details. $matches = array(); if (!preg_match(static::$token_regex, $token, $matches)) { return null; } //Unpack the user and ticket ids $matches += unpack('Vuid/Vtid', Base32::decode(strtolower(substr($matches['hash'], 0, 13)))); $user = null; switch ($matches['type']) { case 'c': //Collaborator c if (($user = Collaborator::lookup($matches['uid'])) && $user->getTicketId() != $matches['tid']) { $user = null; } break; case 'o': //Ticket owner if ($ticket = Ticket::lookup($matches['tid'])) { if (($user = $ticket->getOwner()) && $user->getId() != $matches['uid']) { $user = null; } } break; } if (!$user || !$user instanceof TicketUser || strcasecmp($user->getAuthToken($matches['algo']), $token)) { return false; } return $user; }
/** * Gets the TOTP passcode for a given secret key $secret and a given UNIX * timestamp $time * * @param string $secret The Base32-encoded secret key * @param int $time UNIX timestamp * * @return string */ public function getCode($secret, $time = null) { $period = $this->getPeriod($time); $secret = $this->base32->decode($secret); $time = pack("N", $period); $time = str_pad($time, 8, chr(0), STR_PAD_LEFT); $hash = hash_hmac('sha1', $time, $secret, true); $offset = ord(substr($hash, -1)); $offset = $offset & 0xf; $truncatedHash = $this->hashToInt($hash, $offset) & 0x7fffffff; $pinValue = str_pad($truncatedHash % $this->pinModulo, $this->passCodeLength, "0", STR_PAD_LEFT); return $pinValue; }
public function fetch() { $rs = $this->_fetch(); $ret = array(); foreach ($rs as $r) { $match = NULL; $btih = ''; preg_match('([0-9A-Z]{32})', $r['enclosure'], $match); if ($match) { $btih = hexdump(Base32::decode($match[0])); } if ($btih == '') { LOGW("无法解析资源的 BTIH, r = " . var_export($r, TRUE)); } $ret[] = array('btih' => $btih, 'title' => $r['title'], 'guid' => $r['guid'], 'link' => $r['link'], 'description' => $r['description'], 'pubDate' => strtotime($r['pubDate']), 'magnet' => $r['enclosure']); } return $ret; }
/** * @throws \InvalidArgumentException * * @return string */ private function getDecodedSecret() { $secret = Base32::decode($this->getSecret()); return $secret; }
public function testDecodeWithInvalidChars() { // Decoding a string made up entirely of invalid characters $this->assertEquals('', Base32::decode('8908908908908908')); }
/** * Check the verification code entered by the user. */ function verify($secretkey, $thistry, $relaxedmode, $lasttimeslot) { // Did the user enter 6 digits ? if (strlen($thistry) != 6) { return false; } else { $thistry = intval($thistry); } // If user is running in relaxed mode, we allow more time drifting // ±4 min, as opposed to ± 30 seconds in normal mode. if ($relaxedmode == 'enabled') { $firstcount = -8; $lastcount = 8; } else { $firstcount = -1; $lastcount = 1; } $tm = floor(time() / 30); $secretkey = Base32::decode($secretkey); // Keys from 30 seconds before and after are valid aswell. for ($i = $firstcount; $i <= $lastcount; $i++) { // Pack time into binary string $time = chr(0) . chr(0) . chr(0) . chr(0) . pack('N*', $tm + $i); // Hash it with users secret key $hm = hash_hmac('SHA1', $time, $secretkey, true); // Use last nipple of result as index/offset $offset = ord(substr($hm, -1)) & 0xf; // grab 4 bytes of the result $hashpart = substr($hm, $offset, 4); // Unpak binary value $value = unpack("N", $hashpart); $value = $value[1]; // Only 32 bits $value = $value & 0x7fffffff; $value = $value % 1000000; if ($value === $thistry) { // Check for replay (Man-in-the-middle) attack. // Since this is not Star Trek, time can only move forward, // meaning current login attempt has to be in the future compared to // last successful login. if ($lasttimeslot >= $tm + $i) { error_log("Google Authenticator plugin: Man-in-the-middle attack detected (Could also be 2 legit login attempts within the same 30 second period)"); return false; } // Return timeslot in which login happened. return $tm + $i; } } return false; }
/* Copyright 2009 Mo McRoberts. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The names of the author(s) of this software may not be used to endorse * or promote products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL * AUTHORS OF THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ require dirname(__FILE__) . '/../lib/common.php'; array_shift($argv); foreach ($argv as $value) { echo $value . " = " . Base32::decode($value) . "\n"; }
function getUIDFromEmailReference($ref) { $info = unpack('Vtid/Vuid', Base32::decode(strtolower(substr($ref, -13)))); if ($info && $info['tid'] == $this->getId()) { return $info['uid']; } }
/** * RFC 4648 Base32 decoding * * @param $str * @return string */ public static function base32Decode(string $str) : string { return Base32::decode($str); }
/** * Returns the binary value of the base32 encoded secret * @access private * This method should be private but was left public for * phpunit tests to work. * @return binary secret key */ public function byteSecret() { return \Base32::decode($this->secret); }
/** * Check the verification code entered by the user. */ function verify($secretkey, $thistry, $relaxedmode) { // Did the user enter 6 digits ? if (strlen($thistry) != 6) { return false; } else { $thistry = intval($thistry); } // If user is running in relaxed mode, we allow more time drifting // ±4 min, as opposed to ± 30 seconds in normal mode. if ($relaxedmode == 'enabled') { $firstcount = -8; $lastcount = 8; } else { $firstcount = -1; $lastcount = 1; } $tm = floor(time() / 30); $secretkey = Base32::decode($secretkey); // Keys from 30 seconds before and after are valid aswell. for ($i = $firstcount; $i <= $lastcount; $i++) { // Pack time into binary string $time = chr(0) . chr(0) . chr(0) . chr(0) . pack('N*', $tm + $i); // Hash it with users secret key $hm = hash_hmac('SHA1', $time, $secretkey, true); // Use last nipple of result as index/offset $offset = ord(substr($hm, -1)) & 0xf; // grab 4 bytes of the result $hashpart = substr($hm, $offset, 4); // Unpak binary value $value = unpack("N", $hashpart); $value = $value[1]; // Only 32 bits $value = $value & 0x7fffffff; $value = $value % 1000000; if ($value == $thistry) { return true; } } return false; }