$inipath = php_ini_loaded_file(); if ($inipath) { echo $inipath; } else { echo 'php.ini'; } die; } if (isset($_GET['get']) && $_GET['get'] == 'hash') { if (exec_enabled() == true) { if (!command_exist('git')) { $hash = 'unknown'; } else { $hash = exec('git log --pretty="%H" -n1 HEAD'); } } else { $hash = 'noexec'; } echo $hash; die; } if (isset($_GET['remove']) && $_GET['remove'] == "backup") { unlink('backup.ini.php'); echo "deleted"; die; } } // End protected get-calls if (empty($_GET)) { createSecret(); }
* testing. This almost definitely is not a suitable mechanism for a * production environment, but shows how easy it is to setup TOTP. */ #create secret function createSecret($secretLength = 16) { $validChars = _getBase32LookupTable(); unset($validChars[32]); $secret = ''; for ($i = 0; $i < $secretLength; $i++) { $secret .= $validChars[array_rand($validChars)]; } return $secret; } function getQRCode($name, $secret) { global $tempDir; $url = 'otpauth://totp/' . $name . '?secret=' . $secret . ''; QRcode::png($url, $tempDir . $secret . ".png", QR_ECLEVEL_L, 10); return $tempDir . $secret . ".png"; } function _getBase32LookupTable() { return array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '2', '3', '4', '5', '6', '7', '='); } echo '<h1>Hello 2factor!</h1>'; $secret = createSecret(); echo "<strong>Your secret code is</strong>: {$secret}<br/>"; echo "<strong>QR Code fun</strong>: <br />"; $qr_path = getQRCode("MattronixIDP", $secret); echo "<img src='{$qr_path}' />";