move OTPHP to vendor/; additionally move Base32 class to OTPHP namespace
This commit is contained in:
parent
df47100ad1
commit
310c18e6bb
|
@ -147,7 +147,7 @@ class Pref_Prefs extends Handler_Protected {
|
|||
$_SESSION["prefs_op_result"] = "reset-to-defaults";
|
||||
|
||||
$sth = $this->pdo->prepare("DELETE FROM ttrss_user_prefs
|
||||
WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
|
||||
WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
|
||||
AND owner_uid = :uid");
|
||||
$sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]);
|
||||
|
||||
|
@ -848,9 +848,6 @@ class Pref_Prefs extends Handler_Protected {
|
|||
}
|
||||
|
||||
function otpqrcode() {
|
||||
require_once "lib/otphp/vendor/base32.php";
|
||||
require_once "lib/otphp/lib/otp.php";
|
||||
require_once "lib/otphp/lib/totp.php";
|
||||
require_once "lib/phpqrcode/phpqrcode.php";
|
||||
|
||||
$sth = $this->pdo->prepare("SELECT login,salt,otp_enabled
|
||||
|
@ -860,7 +857,7 @@ class Pref_Prefs extends Handler_Protected {
|
|||
|
||||
if ($row = $sth->fetch()) {
|
||||
|
||||
$base32 = new Base32();
|
||||
$base32 = new \OTPHP\Base32();
|
||||
|
||||
$login = $row["login"];
|
||||
$otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
|
||||
|
@ -876,9 +873,6 @@ class Pref_Prefs extends Handler_Protected {
|
|||
}
|
||||
|
||||
function otpenable() {
|
||||
require_once "lib/otphp/vendor/base32.php";
|
||||
require_once "lib/otphp/lib/otp.php";
|
||||
require_once "lib/otphp/lib/totp.php";
|
||||
|
||||
$password = clean($_REQUEST["password"]);
|
||||
$otp = clean($_REQUEST["otp"]);
|
||||
|
@ -894,7 +888,7 @@ class Pref_Prefs extends Handler_Protected {
|
|||
|
||||
if ($row = $sth->fetch()) {
|
||||
|
||||
$base32 = new Base32();
|
||||
$base32 = new \OTPHP\Base32();
|
||||
|
||||
$secret = $base32->encode(sha1($row["salt"]));
|
||||
$topt = new \OTPHP\TOTP($secret);
|
||||
|
@ -902,7 +896,7 @@ class Pref_Prefs extends Handler_Protected {
|
|||
$otp_check = $topt->now();
|
||||
|
||||
if ($otp == $otp_check) {
|
||||
$sth = $this->pdo->prepare("UPDATE ttrss_users
|
||||
$sth = $this->pdo->prepare("UPDATE ttrss_users
|
||||
SET otp_enabled = true WHERE id = ?");
|
||||
|
||||
$sth->execute([$_SESSION['uid']]);
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
<?php
|
||||
/*
|
||||
* Copyright (c) 2011 Le Lag
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
* copies of the Software, and to permit persons to whom the Software is
|
||||
* furnished to do so, subject to the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be included in
|
||||
* all copies or substantial portions of the Software.
|
||||
|
||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
* THE SOFTWARE.
|
||||
*/
|
||||
|
||||
// Add any needed third party library to this directory
|
||||
|
||||
//require_once dirname(__FILE__).'/some_lib/lib.php';
|
||||
require_once dirname(__FILE__).'/base32.php';
|
|
@ -1,8 +1,10 @@
|
|||
<?php
|
||||
|
||||
namespace OTPHP;
|
||||
|
||||
/**
|
||||
* Encode in Base32 based on RFC 4648.
|
||||
* Requires 20% more space than base64
|
||||
* Requires 20% more space than base64
|
||||
* Great for case-insensitive filesystems like Windows and URL's (except for = char which can be excluded using the pad option for urls)
|
||||
*
|
||||
* @package default
|
||||
|
@ -17,14 +19,14 @@ class Base32 {
|
|||
'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
|
||||
'=' // padding char
|
||||
);
|
||||
|
||||
|
||||
private static $flippedMap = array(
|
||||
'A'=>'0', 'B'=>'1', 'C'=>'2', 'D'=>'3', 'E'=>'4', 'F'=>'5', 'G'=>'6', 'H'=>'7',
|
||||
'I'=>'8', 'J'=>'9', 'K'=>'10', 'L'=>'11', 'M'=>'12', 'N'=>'13', 'O'=>'14', 'P'=>'15',
|
||||
'Q'=>'16', 'R'=>'17', 'S'=>'18', 'T'=>'19', 'U'=>'20', 'V'=>'21', 'W'=>'22', 'X'=>'23',
|
||||
'Y'=>'24', 'Z'=>'25', '2'=>'26', '3'=>'27', '4'=>'28', '5'=>'29', '6'=>'30', '7'=>'31'
|
||||
);
|
||||
|
||||
|
||||
/**
|
||||
* Use padding false when encoding for urls
|
||||
*
|
||||
|
@ -41,7 +43,7 @@ class Base32 {
|
|||
$fiveBitBinaryArray = str_split($binaryString, 5);
|
||||
$base32 = "";
|
||||
$i=0;
|
||||
while($i < count($fiveBitBinaryArray)) {
|
||||
while($i < count($fiveBitBinaryArray)) {
|
||||
$base32 .= self::$map[base_convert(str_pad($fiveBitBinaryArray[$i], 5,'0'), 2, 10)];
|
||||
$i++;
|
||||
}
|
||||
|
@ -53,14 +55,14 @@ class Base32 {
|
|||
}
|
||||
return $base32;
|
||||
}
|
||||
|
||||
|
||||
public static function decode($input) {
|
||||
if(empty($input)) return;
|
||||
$paddingCharCount = substr_count($input, self::$map[32]);
|
||||
$allowedValues = array(6,4,3,1,0);
|
||||
if(!in_array($paddingCharCount, $allowedValues)) return false;
|
||||
for($i=0; $i<4; $i++){
|
||||
if($paddingCharCount == $allowedValues[$i] &&
|
||||
for($i=0; $i<4; $i++){
|
||||
if($paddingCharCount == $allowedValues[$i] &&
|
||||
substr($input, -($allowedValues[$i])) != str_repeat(self::$map[32], $allowedValues[$i])) return false;
|
||||
}
|
||||
$input = str_replace('=','', $input);
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
/*
|
||||
* Copyright (c) 2011 Le Lag
|
||||
* Copyright (c) 2011 Le Lag
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
* in the Software without restriction, including without limitation the rights
|
||||
|
@ -22,12 +22,12 @@
|
|||
|
||||
namespace OTPHP {
|
||||
/**
|
||||
* One Time Password Generator
|
||||
*
|
||||
* One Time Password Generator
|
||||
*
|
||||
* The OTP class allow the generation of one-time
|
||||
* password that is described in rfc 4xxx.
|
||||
*
|
||||
* This is class is meant to be compatible with
|
||||
*
|
||||
* This is class is meant to be compatible with
|
||||
* Google Authenticator.
|
||||
*
|
||||
* This class was originally ported from the rotp
|
||||
|
@ -49,7 +49,7 @@ class OTP {
|
|||
/**
|
||||
* The number of digits in the one-time password
|
||||
* @var integer
|
||||
*/
|
||||
*/
|
||||
public $digits;
|
||||
|
||||
/**
|
||||
|
@ -76,7 +76,7 @@ class OTP {
|
|||
* @param integer $input : number used to seed the hmac hash function.
|
||||
* This number is usually a counter (HOTP) or calculated based on the current
|
||||
* timestamp (see TOTP class).
|
||||
* @return integer the one-time password
|
||||
* @return integer the one-time password
|
||||
*/
|
||||
public function generateOTP($input) {
|
||||
$hash = hash_hmac($this->digest, $this->intToBytestring($input), $this->byteSecret());
|
||||
|
@ -99,7 +99,7 @@ class OTP {
|
|||
* @return binary secret key
|
||||
*/
|
||||
public function byteSecret() {
|
||||
return \Base32::decode($this->secret);
|
||||
return Base32::decode($this->secret);
|
||||
}
|
||||
|
||||
/**
|
Loading…
Reference in New Issue