verify_key() public method

Verifys a user inputted key against the current timestamp. Checks $window keys either side of the timestamp.
public verify_key ( string $b32seed, string $key, integer $window = 4, boolean $useTimeStamp = true ) : boolean
$b32seed string
$key string - User specified key
$window integer
$useTimeStamp boolean
return boolean
function validate_two_factor_auth_code($code)
{
    require_once CONFIG_PATH_THIRDPARTY . 'Google2FA/Google2FA.php';
    $valid = false;
    $secret = db_select_one('two_factor_auth', array('secret'), array('user_id' => $_SESSION['id']));
    try {
        $valid = Google2FA::verify_key($secret['secret'], $code);
    } catch (Exception $e) {
        message_error('Could not verify key.');
    }
    return $valid;
}
Esempio n. 2
0
if (!empty($_POST['hash_one']) && !empty($_POST['hash_sec'])) {
    if (!empty($_POST['ga_playertest'])) {
        $this_admin = mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `ga_players` WHERE `username`='" . prot($_POST['hash_one']) . "' AND `passwd`='" . md5($_POST['hash_sec']) . "' LIMIT 1"));
    } else {
        $this_admin = mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `admins` WHERE `username`='" . prot($_POST['hash_one']) . "' AND `passwd`='" . md5($_POST['hash_sec']) . "' LIMIT 1"));
    }
    if ($this_admin['ga_token'] == '') {
        $_SESSION['logged_'] = true;
        $_SESSION['username'] = $this_admin['username'];
        mysql_query("INSERT INTO `admin_logs` (`admin_username`,`ip`,`browser`) VALUES ('" . $_SESSION['username'] . "','" . $_SERVER['REMOTE_ADDR'] . "','" . $_SERVER['HTTP_USER_AGENT'] . "')");
        header('Location: ./');
    } else {
        $_SESSION['2f_1']['username'] = $this_admin['username'];
        $_SESSION['2f_1']['ga_token'] = $this_admin['ga_token'];
        header('Location: ./?totp');
    }
    exit;
} else {
    if (!empty($_POST['totp'])) {
        include './ga_class.php';
        $verify = Google2FA::verify_key($_SESSION['2f_1']['ga_token'], $_POST['totp'], 0);
        if ($verify == true) {
            $_SESSION['logged_'] = true;
            $_SESSION['username'] = $_SESSION['2f_1']['username'];
            $_SESSION['2f_1'] = false;
            mysql_query("INSERT INTO `admin_logs` (`admin_username`,`ip`,`browser`) VALUES ('" . $_SESSION['username'] . "','" . $_SERVER['REMOTE_ADDR'] . "','" . $_SERVER['HTTP_USER_AGENT'] . "')");
            header('Location: ./');
        }
    }
}
header('Location: ./?login_error');
Esempio n. 3
0
    $header->jsFile('js/permissions.js');
    $header->jsFile('js/swfupload.js');
    $header->jsFile('js/jquery.swfupload.js');
    $header->jsFile('ckeditor/ckeditor.js');
    $header->jsFile('js/Ops.js');
    $header->js('CKEDITOR.dtd.$removeEmpty[\'span\'] = false;');
    $header->display();
    $header->getJsGlobals();
}
if ($_REQUEST['authy_form']) {
    $token1 = preg_replace("/[^0-9]/", "", $_REQUEST['authy_form']['token']);
    if (!($token1 > 0)) {
        Errors::add('Invalid token.');
    }
    if (!is_array(Errors::$errors)) {
        $response = Google2FA::verify_key(User::$info['authy_id'], $token1);
        if (!$response) {
            Errors::add('Invalid token.');
        }
        if (!is_array(Errors::$errors)) {
            $_SESSION['token_verified'] = 1;
            Errors::$errors = false;
        }
    }
}
if (User::isLoggedIn() && !(User::$info['verified_authy'] == 'Y' && !($_SESSION['token_verified'] > 0))) {
    $CFG->user_id = User::$info['id'];
    $CFG->group_id = User::$info['f_id'];
    if (!$CFG->bypass || $CFG->url == 'edit_page' && !$_REQUEST['tab_bypass']) {
        include_once 'includes/popups.php';
        ?>
Esempio n. 4
0
<?php

/*
 *  © CryptoDice 
 *  
 *  
 *    
*/
header('X-Frame-Options: DENY');
session_start();
if (!isset($_SESSION['logged_']) || $_SESSION['logged_'] !== true) {
    exit;
}
$included = true;
include '../../inc/db-conf.php';
include '../../inc/functions.php';
include '../ga_class.php';
if (empty($_GET['newtoken']) || empty($_GET['totp']) || empty($_GET['id'])) {
    exit;
}
$verify = Google2FA::verify_key(prot($_GET['newtoken']), $_GET['totp'], 0);
if ($verify == true) {
    mysql_query("UPDATE `admins` SET `ga_token`='" . prot($_GET['newtoken']) . "' WHERE `id`=" . prot($_GET['id']) . " LIMIT 1");
    echo json_encode(array('success' => 'yes'));
} else {
    echo json_encode(array('success' => 'no'));
}
Esempio n. 5
0
    if (!$show_form) {
        $enable->verify();
        $enable->show_errors();
        $enable->HTML('<img class="qrcode" src="includes/qrcode.php?sec=1&code=otpauth://totp/Backstage2?secret=' . $key . '" />');
        $enable->textInput('token', 'Enter token', true);
        $enable->submitButton('submit', 'Enable 2FA');
        $enable->display();
    }
} else {
    if ($CFG->action == 'disable') {
        $show_form = false;
        $CFG->form_legend = 'Please enter your token...';
        $disable = new Form('users_form_disable', false, false, false, false, true);
        if (!empty($_REQUEST['users_form_disable'])) {
            $key = User::$info['authy_id'];
            $response = Google2FA::verify_key($key, $disable->info['token']);
            if (!$response) {
                $response->errors[] = 'Invalid token.';
            } else {
                db_update('admin_users', User::$info['id'], array('verified_authy' => 'N'));
                Messages::add('You have succesfully disabled 2FA.');
                $show_form = true;
            }
        }
        if (!$show_form) {
            $disable->verify();
            $disable->show_errors();
            $disable->HTML('<img class="qrcode" src="includes/qrcode.php?sec=1&code=otpauth://totp/Backstage2?secret=' . $key . '" />');
            $disable->textInput('token', 'Enter token', true);
            $disable->submitButton('submit', 'Disable 2FA');
            $disable->display();
Esempio n. 6
0
	{
	    $offset = ord($hash[19]) & 0xf;

	    return (
	        ((ord($hash[$offset+0]) & 0x7f) << 24 ) |
	        ((ord($hash[$offset+1]) & 0xff) << 16 ) |
	        ((ord($hash[$offset+2]) & 0xff) << 8 ) |
	        (ord($hash[$offset+3]) & 0xff)
	    ) % pow(10, self::otpLength);
	}



}

$InitalizationKey = "PEHMPSDNLXIOG65U";					// Set the inital key

$TimeStamp	  = Google2FA::get_timestamp();
$secretkey 	  = Google2FA::base32_decode($InitalizationKey);	// Decode it into binary
$otp       	  = Google2FA::oath_hotp($secretkey, $TimeStamp);	// Get current token

echo("Init key: $InitalizationKey\n");
echo("Timestamp: $TimeStamp\n");
echo("One time password: $otp\n");

// Use this to verify a key as it allows for some time drift.

$result = Google2FA::verify_key($InitalizationKey, "123456");

var_dump($result);
Esempio n. 7
0
        $binarySeed = self::base32_decode($b32seed);
        for ($ts = $timeStamp - $window; $ts <= $timeStamp + $window; $ts++) {
            if (self::oath_hotp($binarySeed, $ts) == $key) {
                return true;
            }
        }
        return false;
    }
    public static function oath_truncate($hash)
    {
        $offset = ord($hash[19]) & 0xf;
        return ((ord($hash[$offset + 0]) & 0x7f) << 24 | (ord($hash[$offset + 1]) & 0xff) << 16 | (ord($hash[$offset + 2]) & 0xff) << 8 | ord($hash[$offset + 3]) & 0xff) % pow(10, self::otpLength);
    }
}
$InitalizationKey = "SMARTCUBEDEEPERA";
// Set the inital key
$TimeStamp = Google2FA::get_timestamp();
$secretkey = Google2FA::base32_decode($InitalizationKey);
// Decode it into binary
$otp = Google2FA::oath_hotp($secretkey, $TimeStamp);
// Get current token
//echo("Init key: $InitalizationKey\n");
//echo("Timestamp: $TimeStamp\n");
//echo("One time password: $otp\n");
// Use this to verify a key as it allows for some time drift.
$result = Google2FA::verify_key($InitalizationKey, $_GET["password"]);
if ($result) {
    echo "true";
} else {
    echo "false";
}
Esempio n. 8
0
    if (in_array($token1, $token_cache)) {
        $return['error'] = 'security-incorrect-token';
    } else {
        if ($token1 > 0 && !empty($result[0]['authy_id']) && $result[0]['authy_id'] > 0) {
            $response = shell_exec('curl "https://api.authy.com/protected/json/verify/' . $token1 . '/' . $result[0]['authy_id'] . '?api_key=' . $CFG->authy_api_key . '"');
            $response1 = !empty($response) ? json_decode($response, true) : false;
            if (empty($response) || (empty($response1) || !is_array($response1))) {
                $return['error'] = 'security-com-error';
            } elseif (!empty($response1['errors']) || $response1['success'] === false || $response1['success'] === 'false') {
                $return['error'] = 'authy-errors';
                $return['authy_errors'] = $response1['errors'];
            } elseif (!empty($response1['success']) && ($response1['success'] == true || $response1['success'] == 'true')) {
                $CFG->token_verified = true;
            }
        } elseif ($token1 > 0 && $result[0]['google_2fa_code']) {
            $response = Google2FA::verify_key($result[0]['google_2fa_code'], $token1);
            if ($response) {
                $CFG->token_verified = true;
            } else {
                $return['error'] = 'security-incorrect-token';
            }
        }
        if ($CFG->memcached && !empty($CFG->token_verified)) {
            if (count($token_cache) > 1000) {
                array_shift($token_cache);
            }
            $token_cache[] = $token1;
            $CFG->m->set('tokens', $token_cache, 0);
        }
    }
}
<?php

/**
 * @project Nitrado Interface
 */
$key = $_GET["key"];
$seed = $_GET["seed"];
require_once '../api/totp.php';
$res = Google2FA::verify_key($seed, $key);
echo $res;