/** * Generates a (semi-)random Secret Key for TOTP generation * * @return string */ public function generateSecret() { $secret = ""; for ($i = 1; $i <= $this->secretLength; $i++) { $c = rand(0, 255); $secret .= pack("c", $c); } return $this->base32->encode($secret); }
protected function getAuthToken($algo = 1) { //Format: // <user type><algo id used>x<pack of uid & tid><hash of the algo> $authtoken = sprintf('%s%dx%s', $this->isOwner() ? 'o' : 'c', $algo, Base32::encode(pack('VV', $this->getId(), $this->getTicketId()))); switch ($algo) { case 1: $authtoken .= substr(base64_encode(md5($this->getId() . $this->getTicket()->getCreateDate() . $this->getTicketId() . SECRET_SALT, true)), 8); break; default: return null; } return $authtoken; }
public static function hashFromPublicKey($publicKey) { // Convert PEM to DER encoding before hashing with SHA-1. $string_start = '-----BEGIN PUBLIC KEY-----'; $string_end = '-----END PUBLIC KEY-----'; $pem = substr($publicKey, strpos($publicKey, $string_start) + strlen($string_start), (strlen($publicKey) - strpos($publicKey, $string_end)) * -1); $der = base64_decode($pem); $der = substr($der, 22, strlen($der)); // We skip the first 22 bytes. // We only use the first half of the hash. $sha = substr(sha1($der), 0, 20); $onion_hash = Base32::encode(hex2bin($sha)); return strtolower($onion_hash); }
public static function create($db, $class = '') { $params = func_get_args(); array_shift($params); array_shift($params); $class = strtolower(trim($class)); if (!strlen($class)) { $class = 'null'; } if (!isset(self::$classmap[$class])) { trigger_error('Asset::create(): object class "' . $class . '" does not exist', E_USER_ERROR); return null; } $className = self::$classmap[$class]; $db->insert('asset_object', array('object_class' => $class, '@object_created' => $db->now(), '@object_modified' => $db->now(), 'object_has_manifest' => false)); $id = $db->insertId(); $key = Base32::encode($id); $db->update('asset_object', array('object_key' => $key), array('object_id' => $id)); echo 'Created new asset of class "' . $class . '" with key "' . $key . '"' . "\n"; call_user_func_array(array($className, 'createObject'), array($db, $key, $params)); return self::get($db, $key); }
function otpenable() { require_once "lib/otphp/vendor/base32.php"; require_once "lib/otphp/lib/otp.php"; require_once "lib/otphp/lib/totp.php"; $password = $_REQUEST["password"]; $otp = $_REQUEST["otp"]; $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); if ($authenticator->check_password($_SESSION["uid"], $password)) { $result = $this->dbh->query("SELECT salt\n\t\t\t\tFROM ttrss_users\n\t\t\t\tWHERE id = " . $_SESSION["uid"]); $base32 = new Base32(); $secret = $base32->encode(sha1($this->dbh->fetch_result($result, 0, "salt"))); $topt = new \OTPHP\TOTP($secret); $otp_check = $topt->now(); if ($otp == $otp_check) { $this->dbh->query("UPDATE ttrss_users SET otp_enabled = true WHERE\n\t\t\t\t\tid = " . $_SESSION["uid"]); print "OK"; } else { print "ERROR:" . __("Incorrect one time password"); } } else { print "ERROR:" . __("Incorrect password"); } }
function authenticate($login, $password) { $pwd_hash0 = hash_password($password); $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); $login = db_escape_string($login); $otp = db_escape_string($_REQUEST["otp"]); if (get_schema_version() > 96) { if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) { $result = db_query("SELECT otp_enabled,salt FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'"); if (db_num_rows($result) > 0) { require_once "lib/otphp/vendor/base32.php"; require_once "lib/otphp/lib/otp.php"; require_once "lib/otphp/lib/totp.php"; $base32 = new Base32(); $otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled")); $secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt"))); $topt = new \OTPHP\TOTP($secret); $otp_check = $topt->now(); if ($otp_enabled) { if ($otp) { if ($otp != $otp_check) { return false; } } else { $return = urlencode($_REQUEST["return"]); ?> <html> <head><title>Tiny Tiny RSS</title></head> <?php echo stylesheet_tag("css/utility.css"); ?> <body class="otp"><div class="content"> <form action="public.php?return=<?php echo $return; ?> " method="POST" class="otpform"> <input type="hidden" name="op" value="login"> <input type="hidden" name="login" value="<?php echo htmlspecialchars($login); ?> "> <input type="hidden" name="password" value="<?php echo htmlspecialchars($password); ?> "> <input type="hidden" name="bw_limit" value="<?php echo htmlspecialchars($_POST["bw_limit"]); ?> "> <input type="hidden" name="remember_me" value="<?php echo htmlspecialchars($_POST["remember_me"]); ?> "> <input type="hidden" name="profile" value="<?php echo htmlspecialchars($_POST["profile"]); ?> "> <label><?php echo __("Please enter your one time password:"******"off" size="6" name="otp" value=""/> <input type="submit" value="Continue"/> </form></div> <script type="text/javascript"> document.forms[0].otp.focus(); </script> <?php exit; } } } } } $result = db_query("SELECT id,pwd_hash FROM ttrss_users WHERE\n\t\t\tlogin = '******'"); if (db_num_rows($result) === 1) { if (version_compare(PHP_VERSION, '5.5.0', '<')) { require_once 'vendor/ircmaxell/password-compat/lib/password.php'; } $pwd_hash_dp = db_fetch_result($result, 0, "pwd_hash"); if (password_verify($password, $pwd_hash_dp)) { return db_fetch_result($result, 0, "id"); } } if (get_schema_version() > 87) { $result = db_query("SELECT salt FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'"); if (db_num_rows($result) !== 1) { return false; } $salt = db_fetch_result($result, 0, "salt"); if ($salt == "") { $query = "SELECT id\n\t\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')"; // verify and upgrade password to new salt base $result = db_query($query); if (db_num_rows($result) === 1) { // upgrade password to MODE2 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); db_query("UPDATE ttrss_users SET\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash}', salt = '{$salt}' WHERE login = '******'"); $query = "SELECT id\n\t\t\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'"; } else { return false; } } else { $pwd_hash = encrypt_password($password, $salt, true); $query = "SELECT id\n\t\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'"; } } else { $query = "SELECT id\n\t\t\t\tFROM ttrss_users WHERE\n\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')"; } $result = db_query($query); if (db_num_rows($result) === 1) { // Authentication was successful, but the hash in the database // is not secure. We need to update it. db_query("UPDATE ttrss_users SET\n\t\t\t\tpwd_hash = '{$pwd_hash0}' WHERE login = '******'"); return db_fetch_result($result, 0, "id"); } return false; }
public function testEncodeEmptyString() { // RFC test vectors say that empty string returns empty string $this->assertEquals('', Base32::encode('')); }
/* Copyright 2009 Mo McRoberts. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The names of the author(s) of this software may not be used to endorse * or promote products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL * AUTHORS OF THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ require dirname(__FILE__) . '/../lib/common.php'; array_shift($argv); foreach ($argv as $value) { echo $value . " = " . Base32::encode($value) . "\n"; }
function authenticate($login, $password) { $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); $login = db_escape_string($login); $otp = db_escape_string($_REQUEST["otp"]); if (get_schema_version($this->link) > 96) { if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) { $result = db_query($this->link, "SELECT otp_enabled,salt FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'"); if (db_num_rows($result) > 0) { require_once "lib/otphp/vendor/base32.php"; require_once "lib/otphp/lib/otp.php"; require_once "lib/otphp/lib/totp.php"; $base32 = new Base32(); $otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled")); $secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt"))); $topt = new \OTPHP\TOTP($secret); $otp_check = $topt->now(); if ($otp_enabled) { if ($otp) { if ($otp != $otp_check) { return false; } } else { $return = urlencode($_REQUEST["return"]); ?> <html> <head><title>Tiny Tiny RSS</title></head> <body> <form action="public.php?return=<?php echo $return; ?> " method="POST"> <input type="hidden" name="op" value="login"> <input type="hidden" name="login" value="<?php echo htmlspecialchars($login); ?> "> <input type="hidden" name="password" value="<?php echo htmlspecialchars($password); ?> "> <label><?php echo __("Please enter your one time password:"******"password" size="6" name="otp"/> <input type="submit" value="Continue"/> </form> <script type="text/javascript"> document.forms[0].otp.focus(); </script> <?php exit; } } } } } if (get_schema_version($this->link) > 87) { $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'"); if (db_num_rows($result) != 1) { return false; } $salt = db_fetch_result($result, 0, "salt"); if ($salt == "") { $query = "SELECT id\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')"; // verify and upgrade password to new salt base $result = db_query($this->link, $query); if (db_num_rows($result) == 1) { // upgrade password to MODE2 $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); db_query($this->link, "UPDATE ttrss_users SET\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash}', salt = '{$salt}' WHERE login = '******'"); $query = "SELECT id\n\t\t FROM ttrss_users WHERE\n\t\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'"; } else { return false; } } else { $pwd_hash = encrypt_password($password, $salt, true); $query = "SELECT id\n\t\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'"; } } else { $query = "SELECT id\n\t FROM ttrss_users WHERE\n\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\tpwd_hash = '{$pwd_hash2}')"; } $result = db_query($this->link, $query); if (db_num_rows($result) == 1) { return db_fetch_result($result, 0, "id"); } return false; }
function otpqrcode() { require_once "lib/otphp/vendor/base32.php"; require_once "lib/otphp/lib/otp.php"; require_once "lib/otphp/lib/totp.php"; require_once "lib/phpqrcode/phpqrcode.php"; $result = db_query($this->link, "SELECT login,salt,otp_enabled\n\t\t\tFROM ttrss_users\n\t\t\tWHERE id = " . $_SESSION["uid"]); $base32 = new Base32(); $login = db_fetch_result($result, 0, "login"); $otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled")); if (!$otp_enabled) { $secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt"))); $topt = new \OTPHP\TOTP($secret); print QRcode::png($topt->provisioning_uri($login)); } }
function getTaggedEmailReferences($prefix, $refId) { $ref = "+{$prefix}" . Base32::encode(pack('VV', $this->getId(), $refId)); $mid = substr_replace($this->getEmailMessageId(), $ref, strpos($this->getEmailMessageId(), '@'), 0); return sprintf('%s %s', $this->getEmailReferences(false), $mid); }
')){ window.location = '<?php print add_query_arg(array('tfa_priv_key_reset' => 1, 'settings-updated' => 'true')); ?> '; }">reset</a> ) </p> <h3 class="normal" style="cursor: default">Base32</h3> <p><?php _e('Base32 is used by some third party apps like Google Authenticator. This is just as secret as the key in plain text.', TFA_TEXT_DOMAIN); ?> </p> <p><strong><?php _e('Your private key in base32 is', TFA_TEXT_DOMAIN); ?> </strong>: <?php print Base32::encode($tfa_priv_key); ?> </p> <h3 class="normal" style="cursor: default"><?php _e('Algorithm Used', TFA_TEXT_DOMAIN); ?> </h3> <form method="post" action="<?php print add_query_arg('settings-updated', 'true', $_SERVER['REQUEST_URI']); ?> "> <h2><?php _e('Choose Algorithm', TFA_TEXT_DOMAIN); ?> </h2>
function moveAndWriteFile($hashToUse,$targetDirectory,$fileArray) { $base32String=Base32::encode($fileArray['name'].'|'.$fileArray['type']); move_uploaded_file($fileArray['tmp_name'],$targetDirectory.'/'.$hashToUse.$base32String); }
/** * RFC 4648 Base32 encoding * * @param $str * @return string */ public static function base32Encode(string $str) : string { return Base32::encode($str); }
public function testEncoding() { $random_bytes = \random_bytes(31); // Backwards compatibility: $encoder = Halite::chooseEncoder(false); $this->assertSame(Hex::encode($random_bytes), $encoder($random_bytes)); $encoder = Halite::chooseEncoder(true); $this->assertSame(null, $encoder); // New encoding in version 3: $encoder = Halite::chooseEncoder(Halite::ENCODE_HEX); $this->assertSame(Hex::encode($random_bytes), $encoder($random_bytes)); $encoder = Halite::chooseEncoder(Halite::ENCODE_BASE32); $this->assertSame(Base32::encode($random_bytes), $encoder($random_bytes)); $encoder = Halite::chooseEncoder(Halite::ENCODE_BASE32HEX); $this->assertSame(Base32Hex::encode($random_bytes), $encoder($random_bytes)); $encoder = Halite::chooseEncoder(Halite::ENCODE_BASE64); $this->assertSame(Base64::encode($random_bytes), $encoder($random_bytes)); $encoder = Halite::chooseEncoder(Halite::ENCODE_BASE64URLSAFE); $this->assertSame(Base64UrlSafe::encode($random_bytes), $encoder($random_bytes)); }