$inipath = php_ini_loaded_file();
if ($inipath) {
echo $inipath;
} else {
echo 'php.ini';
}
die;
}
if (isset($_GET['get']) && $_GET['get'] == 'hash') {
if (exec_enabled() == true) {
if (!command_exist('git')) {
$hash = 'unknown';
} else {
$hash = exec('git log --pretty="%H" -n1 HEAD');
}
} else {
$hash = 'noexec';
}
echo $hash;
die;
}
if (isset($_GET['remove']) && $_GET['remove'] == "backup") {
unlink('backup.ini.php');
echo "deleted";
die;
}
}
// End protected get-calls
if (empty($_GET)) {
createSecret();
}
* testing. This almost definitely is not a suitable mechanism for a
* production environment, but shows how easy it is to setup TOTP.
*/
#create secret
function createSecret($secretLength = 16)
{
$validChars = _getBase32LookupTable();
unset($validChars[32]);
$secret = '';
for ($i = 0; $i < $secretLength; $i++) {
$secret .= $validChars[array_rand($validChars)];
}
return $secret;
}
function getQRCode($name, $secret)
{
global $tempDir;
$url = 'otpauth://totp/' . $name . '?secret=' . $secret . '';
QRcode::png($url, $tempDir . $secret . ".png", QR_ECLEVEL_L, 10);
return $tempDir . $secret . ".png";
}
function _getBase32LookupTable()
{
return array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '2', '3', '4', '5', '6', '7', '=');
}
echo '<h1>Hello 2factor!</h1>';
$secret = createSecret();
echo "<strong>Your secret code is</strong>: {$secret}<br/>";
echo "<strong>QR Code fun</strong>: <br />";
$qr_path = getQRCode("MattronixIDP", $secret);
echo "<img src='{$qr_path}' />";
