<?php ## this example requires php-yubico: http://code.google.com/p/php-yubico/ require_once '/opt/Auth_Yubico-2.3/Yubico.php'; require_once './yubi_functions.php'; ## configuration $config = array('api_id' => '1', 'api_key' => '2l0alAfbbfG1R8Da77Ypig==', 'api_url' => 'localhost:88/cgi-bin/yubiverify2.0.tcl'); ## create and configure Auth_Yubico class $yubi = new Auth_Yubico($config['api_id'], $config['api_key']); $yubi->setURLpart($config['api_url']); $yubi->addURLpart($config['api_url']); ## get input from somewhere $input = 'ehc.d.kndcyccpckkgygeninyjpjkuiceuiducggbdtp'; echo "input: {$input}\n"; ## un-dvorak input if (!($input = normalize_modhex($input))) { die("cannot find keymap\n"); } ## check yubikey token aka public identity if (($parsed_otp = $yubi->parsePasswordOTP($input)) === false) { die("invalid OTP\n"); } if ($parsed_otp['prefix'] != 'djiehevlhiti') { ## this check is usually done via database die("invalid yubikey user\n"); } ## verify OTP $verify = $yubi->verify($input, null, true); echo "verify: {$verify}\n"; if (PEAR::isError($verify)) { echo "==[ auth failed ]==\n" . $yubi->_response . "\n";
function login_after($args) { if (!$this->is_enabled() || !$this->is_required()) { return $args; } $otp = get_input_value('_yubikey', RCUBE_INPUT_POST); $id = $this->get('yubikey_id'); $id2 = $this->get('yubikey_id2'); $id3 = $this->get('yubikey_id3'); $url = $this->get('yubikey_api_url'); $https = true; if (!empty($url) && ($_url = parse_url($url))) { if ($_url['scheme'] == "http") { $https = false; } $urlpart = $_url['host']; if (!empty($_url['port'])) { $urlpart .= ':' . $_url['port']; } $urlpart .= $_url['path']; } // make sure that there is a YubiKey ID in the user's prefs // and that it matches the first 12 characters of the OTP if (empty($id) && empty($id2) && empty($id3)) { $this->fail(); } if (substr($otp, 0, 12) !== $id && substr($otp, 0, 12) !== $id2 && substr($otp, 0, 12) !== $id3) { $this->fail(); } else { try { $yubi = new Auth_Yubico($this->get('yubikey_api_id'), $this->get('yubikey_api_key'), $https, true); if (!empty($urlpart)) { $yubi->addURLpart($urlpart); } $yubi->verify($otp); } catch (Exception $e) { $this->fail(); } } return $args; }
<tr> <td colspan=2><input type=submit></td> </tr> </table> </form> <?php require_once getcwd() . '/Yubico.php'; $yubi = new Auth_Yubico($id, $key, $https, $httpsverify); if ($ask_url) { $urls = explode(",", $url); foreach ($urls as $u) { $yubi->addURLpart($u); } } $auth = $yubi->verify($otp, false, $wait_for_all, $sl, $timeout); ?> <h2>Last Client Query</h2> <pre> <?php print str_replace(" ", "\n", $yubi->getLastQuery() . " "); ?> </pre> <h2>Server Responses</h2>