<hr> <h2>Users</h2> <table border="1"> <tr><th>Username/Login</th><th>Fullname</th><th>Has Token?</th><th>Key</th><th>Base 32 Key</th><th>Hex Key</th></tr> <?php // now we get our list of users - this part of the page just has a list of users // and the ability to create new ones. This isnt really in the scope of the // GA4PHP, but for this example, we need to be able to create users, so heres where // you do it. $db = getDatabase(); $result = $db->query("select * from users"); foreach ($result as $row) { if ($myga->hasToken($row["users_username"])) { $hastoken = "Yes"; $type = $myga->getTokenType($row["users_username"]); if ($type == "HOTP") { $type = "- Counter Based"; } else { $type = "- Time Based"; } $hexkey = $myga->getKey($row["users_username"]); $b32key = $myga->helperhex2b32($hexkey); $url = urlencode($myga->createURL($row["users_username"])); $keyurl = "<img src=\"http://chart.apis.google.com/chart?cht=qr&chl={$url}&chs=100x100\">"; } else { $b32key = ""; $hexkey = ""; $type = "";
$i = 0; foreach ($info as $key => $val) { //echo "$key is ".$val["distinguishedname"][0]."\n"; if ($val["distinguishedname"][0] != "") { $user[$i]["dn"] = $val["distinguishedname"][0]; $user[$i]["acn"] = $val["samaccountname"][0]; $user[$i]["cn"] = $val["cn"][0]; } $i++; //return 0; } foreach ($user as $value) { $cn = $value["cn"]; $un = $value["acn"]; echo "<tr><td>{$cn}</td><td>{$un}</td></tr>"; } ?> </table> testing administrator<br> <?php if ($myga->hasToken("administrator")) { echo "administrator has a token<br>"; } else { echo "administrator has no token, setting one<br>"; $myga->setUser("administrator"); } ?> </html>
// get the data from the post request error_log("begin login"); $username = $_REQUEST["username"]; $password = $_REQUEST["password"]; $tokencode = $_REQUEST["tokencode"]; // pull the password hash from the database $sql = "select users_password from users where users_username='******'"; error_log("running sql: {$sql}"); $res = $db->query($sql); foreach ($res as $row) { $passhash = $row["users_password"]; } // user entered a tokencode, fail the login and tell the user // if they dont have a token code assigned to them if ($tokencode != "") { if (!$myga->hasToken($username)) { $msg = urlencode("Attempted to login with a token when username isnt assigned one"); header("Location: index.php?failure={$msg}"); } } // check the password hash versus the login password error_log("checking {$passhash} against {$password} (" . sha1($password) . ")"); if ($passhash == sha1($password)) { $passright = true; } else { header("Location: index.php?failure=LoginIncorrect"); return; } // now get myGA to check the token code error_log("passed password auth"); if ($myga->hasToken($username)) {