public function formObjectOptions($parameters, &$object, &$action, HookManager $hookManager) { global $db, $user, $langs, $mysoc, $dolibarr_main_cookie_cryptkey; $langs->load('otp@otp'); $regenerate_button = '<form method="post"> <input type="submit" value="' . $langs->trans('OTPRegenerate') . '" class="button" name="regenerate_otp"> </form>'; if ($action == '') { print '<tr><td>' . $langs->trans('OTPLogin') . '</td><td colspan="2">'; if (GETPOST('regenerate_otp')) { if ($user->admin || $user->id == GETPOST('id', 'int')) { /** * Examples from http://es.php.net/mcrypt_encrypt */ // Generates a 20-byte (160-bit) secret key $otpSeed = Seed::generate(); $base32Seed = $otpSeed->getValue(Seed::FORMAT_BASE32); $key = pack('H*', $dolibarr_main_cookie_cryptkey); # crear una aleatoria IV para utilizarla co condificación CBC $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $base32Seed, MCRYPT_MODE_CBC, $iv); # anteponer la IV para que esté disponible para el descifrado $ciphertext = $iv . $ciphertext; # codificar el texto cifrado resultante para que pueda ser representado por un string $ciphertext_base64 = base64_encode($ciphertext); $sql = "UPDATE " . MAIN_DB_PREFIX . "user SET otp_seed = '" . $db->escape($ciphertext_base64) . "', otp_counter = 0 WHERE rowid = " . $user->id; $db->query($sql); $qrCode = new QrCode(); $qrCode->setText("otpauth://hotp/" . $mysoc->name . ":" . $user->login . "?secret=" . $base32Seed . "&issuer=" . $mysoc->name); $qrCode->setSize(96); $qrCode->setPadding(5); $img_path = __DIR__ . '/../tmp/' . $user->id . '.png'; $qrCode->save($img_path); //Qrcode library doesn't warn on image creation error if (file_exists($img_path)) { print '<img src="' . dol_buildpath('/otp/showdoc.php', 1) . '?img=' . $user->id . '"><br>' . $langs->trans('OTPTroubleHash') . '<br /> <span style="font-family:monospace;font-size:20px">' . $base32Seed . '</span><br>' . $langs->trans('OTPKeyType'); } else { print $regenerate_button; setEventMessage('ErrorCreatingImage', 'errors'); } } } else { if ($user->admin || $user->id == GETPOST('id', 'int')) { print $regenerate_button; } } print '</td></tr>'; } }
/** * Enable two factor auth on an account * * The result of this can be piped, for example, into a QR code generating utility. * * @param $email */ public function regenerate_otpAction($email) { /** @var User $user */ $user = User::findFirst(['email = :email:', 'bind' => ['email' => $email]]); if ($user) { $password = $this->promptInput('User\'s password:', true); if (!$user->validatePassword($password)) { die("Password incorrect\n"); } $otp = Seed::generate(40); $user->setOtpKey($otp->getValue(Seed::FORMAT_BASE32), $password); $user->update(); echo $this->generateOtpUri($user, $otp); fwrite(STDIN, "OTP updated\n"); } else { die("No user found for {$email}\n"); } }
public function generateTOTPToken($bytes = 20) { $seed = Seed::generate($bytes); $this->owner->TOTPToken = $seed->getValue(Seed::FORMAT_HEX); }