move OTPHP to vendor/; additionally move Base32 class to OTPHP namespace

This commit is contained in:
Andrew Dolgov 2018-06-20 18:27:34 +03:00
parent df47100ad1
commit 310c18e6bb
8 changed files with 21 additions and 51 deletions

View File

@ -147,7 +147,7 @@ class Pref_Prefs extends Handler_Protected {
$_SESSION["prefs_op_result"] = "reset-to-defaults";
$sth = $this->pdo->prepare("DELETE FROM ttrss_user_prefs
WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
AND owner_uid = :uid");
$sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]);
@ -848,9 +848,6 @@ class Pref_Prefs extends Handler_Protected {
}
function otpqrcode() {
require_once "lib/otphp/vendor/base32.php";
require_once "lib/otphp/lib/otp.php";
require_once "lib/otphp/lib/totp.php";
require_once "lib/phpqrcode/phpqrcode.php";
$sth = $this->pdo->prepare("SELECT login,salt,otp_enabled
@ -860,7 +857,7 @@ class Pref_Prefs extends Handler_Protected {
if ($row = $sth->fetch()) {
$base32 = new Base32();
$base32 = new \OTPHP\Base32();
$login = $row["login"];
$otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
@ -876,9 +873,6 @@ class Pref_Prefs extends Handler_Protected {
}
function otpenable() {
require_once "lib/otphp/vendor/base32.php";
require_once "lib/otphp/lib/otp.php";
require_once "lib/otphp/lib/totp.php";
$password = clean($_REQUEST["password"]);
$otp = clean($_REQUEST["otp"]);
@ -894,7 +888,7 @@ class Pref_Prefs extends Handler_Protected {
if ($row = $sth->fetch()) {
$base32 = new Base32();
$base32 = new \OTPHP\Base32();
$secret = $base32->encode(sha1($row["salt"]));
$topt = new \OTPHP\TOTP($secret);
@ -902,7 +896,7 @@ class Pref_Prefs extends Handler_Protected {
$otp_check = $topt->now();
if ($otp == $otp_check) {
$sth = $this->pdo->prepare("UPDATE ttrss_users
$sth = $this->pdo->prepare("UPDATE ttrss_users
SET otp_enabled = true WHERE id = ?");
$sth->execute([$_SESSION['uid']]);

View File

@ -1,26 +0,0 @@
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
// Add any needed third party library to this directory
//require_once dirname(__FILE__).'/some_lib/lib.php';
require_once dirname(__FILE__).'/base32.php';

View File

@ -1,8 +1,10 @@
<?php
namespace OTPHP;
/**
* Encode in Base32 based on RFC 4648.
* Requires 20% more space than base64
* Requires 20% more space than base64
* Great for case-insensitive filesystems like Windows and URL's (except for = char which can be excluded using the pad option for urls)
*
* @package default
@ -17,14 +19,14 @@ class Base32 {
'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
'=' // padding char
);
private static $flippedMap = array(
'A'=>'0', 'B'=>'1', 'C'=>'2', 'D'=>'3', 'E'=>'4', 'F'=>'5', 'G'=>'6', 'H'=>'7',
'I'=>'8', 'J'=>'9', 'K'=>'10', 'L'=>'11', 'M'=>'12', 'N'=>'13', 'O'=>'14', 'P'=>'15',
'Q'=>'16', 'R'=>'17', 'S'=>'18', 'T'=>'19', 'U'=>'20', 'V'=>'21', 'W'=>'22', 'X'=>'23',
'Y'=>'24', 'Z'=>'25', '2'=>'26', '3'=>'27', '4'=>'28', '5'=>'29', '6'=>'30', '7'=>'31'
);
/**
* Use padding false when encoding for urls
*
@ -41,7 +43,7 @@ class Base32 {
$fiveBitBinaryArray = str_split($binaryString, 5);
$base32 = "";
$i=0;
while($i < count($fiveBitBinaryArray)) {
while($i < count($fiveBitBinaryArray)) {
$base32 .= self::$map[base_convert(str_pad($fiveBitBinaryArray[$i], 5,'0'), 2, 10)];
$i++;
}
@ -53,14 +55,14 @@ class Base32 {
}
return $base32;
}
public static function decode($input) {
if(empty($input)) return;
$paddingCharCount = substr_count($input, self::$map[32]);
$allowedValues = array(6,4,3,1,0);
if(!in_array($paddingCharCount, $allowedValues)) return false;
for($i=0; $i<4; $i++){
if($paddingCharCount == $allowedValues[$i] &&
for($i=0; $i<4; $i++){
if($paddingCharCount == $allowedValues[$i] &&
substr($input, -($allowedValues[$i])) != str_repeat(self::$map[32], $allowedValues[$i])) return false;
}
$input = str_replace('=','', $input);

View File

@ -1,6 +1,6 @@
<?php
/*
* Copyright (c) 2011 Le Lag
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
@ -22,12 +22,12 @@
namespace OTPHP {
/**
* One Time Password Generator
*
* One Time Password Generator
*
* The OTP class allow the generation of one-time
* password that is described in rfc 4xxx.
*
* This is class is meant to be compatible with
*
* This is class is meant to be compatible with
* Google Authenticator.
*
* This class was originally ported from the rotp
@ -49,7 +49,7 @@ class OTP {
/**
* The number of digits in the one-time password
* @var integer
*/
*/
public $digits;
/**
@ -76,7 +76,7 @@ class OTP {
* @param integer $input : number used to seed the hmac hash function.
* This number is usually a counter (HOTP) or calculated based on the current
* timestamp (see TOTP class).
* @return integer the one-time password
* @return integer the one-time password
*/
public function generateOTP($input) {
$hash = hash_hmac($this->digest, $this->intToBytestring($input), $this->byteSecret());
@ -99,7 +99,7 @@ class OTP {
* @return binary secret key
*/
public function byteSecret() {
return \Base32::decode($this->secret);
return Base32::decode($this->secret);
}
/**