blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

move OTPHP to vendor/; additionally move Base32 class to OTPHP namespace

Browse source
This commit is contained in:
Andrew Dolgov 2018-06-20 18:27:34 +03:00
parent df47100ad1
commit 310c18e6bb
8 changed files with 21 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
classes/pref/prefs.php
View file

@ -147,7 +147,7 @@ class Pref_Prefs extends Handler_Protected {
$_SESSION["prefs_op_result"] = "reset-to-defaults"; $_SESSION["prefs_op_result"] = "reset-to-defaults";
$sth = $this->pdo->prepare("DELETE FROM ttrss_user_prefs $sth = $this->pdo->prepare("DELETE FROM ttrss_user_prefs
WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL)) WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
AND owner_uid = :uid"); AND owner_uid = :uid");
$sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]); $sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]);
@ -848,9 +848,6 @@ class Pref_Prefs extends Handler_Protected {
} }
function otpqrcode() { function otpqrcode() {
require_once "lib/otphp/vendor/base32.php";
require_once "lib/otphp/lib/otp.php";
require_once "lib/otphp/lib/totp.php";
require_once "lib/phpqrcode/phpqrcode.php"; require_once "lib/phpqrcode/phpqrcode.php";
$sth = $this->pdo->prepare("SELECT login,salt,otp_enabled $sth = $this->pdo->prepare("SELECT login,salt,otp_enabled
@ -860,7 +857,7 @@ class Pref_Prefs extends Handler_Protected {
if ($row = $sth->fetch()) { if ($row = $sth->fetch()) {
$base32 = new Base32(); $base32 = new \OTPHP\Base32();
$login = $row["login"]; $login = $row["login"];
$otp_enabled = sql_bool_to_bool($row["otp_enabled"]); $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
@ -876,9 +873,6 @@ class Pref_Prefs extends Handler_Protected {
} }
function otpenable() { function otpenable() {
require_once "lib/otphp/vendor/base32.php";
require_once "lib/otphp/lib/otp.php";
require_once "lib/otphp/lib/totp.php";
$password = clean($_REQUEST["password"]); $password = clean($_REQUEST["password"]);
$otp = clean($_REQUEST["otp"]); $otp = clean($_REQUEST["otp"]);
@ -894,7 +888,7 @@ class Pref_Prefs extends Handler_Protected {
if ($row = $sth->fetch()) { if ($row = $sth->fetch()) {
$base32 = new Base32(); $base32 = new \OTPHP\Base32();
$secret = $base32->encode(sha1($row["salt"])); $secret = $base32->encode(sha1($row["salt"]));
$topt = new \OTPHP\TOTP($secret); $topt = new \OTPHP\TOTP($secret);
@ -902,7 +896,7 @@ class Pref_Prefs extends Handler_Protected {
$otp_check = $topt->now(); $otp_check = $topt->now();
if ($otp == $otp_check) { if ($otp == $otp_check) {
$sth = $this->pdo->prepare("UPDATE ttrss_users $sth = $this->pdo->prepare("UPDATE ttrss_users
SET otp_enabled = true WHERE id = ?"); SET otp_enabled = true WHERE id = ?");
$sth->execute([$_SESSION['uid']]); $sth->execute([$_SESSION['uid']]);

26
lib/otphp/vendor/libs.php vendored
View file

@ -1,26 +0,0 @@
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
// Add any needed third party library to this directory
//require_once dirname(__FILE__).'/some_lib/lib.php';
require_once dirname(__FILE__).'/base32.php';

16
lib/otphp/vendor/base32.php → vendor/OTPHP/Base32.php vendored
View file

@ -1,8 +1,10 @@
<?php <?php
namespace OTPHP;
/** /**
* Encode in Base32 based on RFC 4648. * Encode in Base32 based on RFC 4648.
* Requires 20% more space than base64 * Requires 20% more space than base64
* Great for case-insensitive filesystems like Windows and URL's (except for = char which can be excluded using the pad option for urls) * Great for case-insensitive filesystems like Windows and URL's (except for = char which can be excluded using the pad option for urls)
* *
* @package default * @package default
@ -17,14 +19,14 @@ class Base32 {
'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
'=' // padding char '=' // padding char
); );
private static $flippedMap = array( private static $flippedMap = array(
'A'=>'0', 'B'=>'1', 'C'=>'2', 'D'=>'3', 'E'=>'4', 'F'=>'5', 'G'=>'6', 'H'=>'7', 'A'=>'0', 'B'=>'1', 'C'=>'2', 'D'=>'3', 'E'=>'4', 'F'=>'5', 'G'=>'6', 'H'=>'7',
'I'=>'8', 'J'=>'9', 'K'=>'10', 'L'=>'11', 'M'=>'12', 'N'=>'13', 'O'=>'14', 'P'=>'15', 'I'=>'8', 'J'=>'9', 'K'=>'10', 'L'=>'11', 'M'=>'12', 'N'=>'13', 'O'=>'14', 'P'=>'15',
'Q'=>'16', 'R'=>'17', 'S'=>'18', 'T'=>'19', 'U'=>'20', 'V'=>'21', 'W'=>'22', 'X'=>'23', 'Q'=>'16', 'R'=>'17', 'S'=>'18', 'T'=>'19', 'U'=>'20', 'V'=>'21', 'W'=>'22', 'X'=>'23',
'Y'=>'24', 'Z'=>'25', '2'=>'26', '3'=>'27', '4'=>'28', '5'=>'29', '6'=>'30', '7'=>'31' 'Y'=>'24', 'Z'=>'25', '2'=>'26', '3'=>'27', '4'=>'28', '5'=>'29', '6'=>'30', '7'=>'31'
); );
/** /**
* Use padding false when encoding for urls * Use padding false when encoding for urls
* *
@ -41,7 +43,7 @@ class Base32 {
$fiveBitBinaryArray = str_split($binaryString, 5); $fiveBitBinaryArray = str_split($binaryString, 5);
$base32 = ""; $base32 = "";
$i=0; $i=0;
while($i < count($fiveBitBinaryArray)) { while($i < count($fiveBitBinaryArray)) {
$base32 .= self::$map[base_convert(str_pad($fiveBitBinaryArray[$i], 5,'0'), 2, 10)]; $base32 .= self::$map[base_convert(str_pad($fiveBitBinaryArray[$i], 5,'0'), 2, 10)];
$i++; $i++;
} }
@ -53,14 +55,14 @@ class Base32 {
} }
return $base32; return $base32;
} }
public static function decode($input) { public static function decode($input) {
if(empty($input)) return; if(empty($input)) return;
$paddingCharCount = substr_count($input, self::$map[32]); $paddingCharCount = substr_count($input, self::$map[32]);
$allowedValues = array(6,4,3,1,0); $allowedValues = array(6,4,3,1,0);
if(!in_array($paddingCharCount, $allowedValues)) return false; if(!in_array($paddingCharCount, $allowedValues)) return false;
for($i=0; $i<4; $i++){ for($i=0; $i<4; $i++){
if($paddingCharCount == $allowedValues[$i] && if($paddingCharCount == $allowedValues[$i] &&
substr($input, -($allowedValues[$i])) != str_repeat(self::$map[32], $allowedValues[$i])) return false; substr($input, -($allowedValues[$i])) != str_repeat(self::$map[32], $allowedValues[$i])) return false;
} }
$input = str_replace('=','', $input); $input = str_replace('=','', $input);

0
lib/otphp/lib/hotp.php → vendor/OTPHP/HOTP.php vendored
View file

0
lib/otphp/LICENCE → vendor/OTPHP/LICENCE vendored
View file

16
lib/otphp/lib/otp.php → vendor/OTPHP/OTP.php vendored
View file

@ -1,6 +1,6 @@
<?php <?php
/* /*
* Copyright (c) 2011 Le Lag * Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights * in the Software without restriction, including without limitation the rights
@ -22,12 +22,12 @@
namespace OTPHP { namespace OTPHP {
/** /**
* One Time Password Generator * One Time Password Generator
* *
* The OTP class allow the generation of one-time * The OTP class allow the generation of one-time
* password that is described in rfc 4xxx. * password that is described in rfc 4xxx.
* *
* This is class is meant to be compatible with * This is class is meant to be compatible with
* Google Authenticator. * Google Authenticator.
* *
* This class was originally ported from the rotp * This class was originally ported from the rotp
@ -49,7 +49,7 @@ class OTP {
/** /**
* The number of digits in the one-time password * The number of digits in the one-time password
* @var integer * @var integer
*/ */
public $digits; public $digits;
/** /**
@ -76,7 +76,7 @@ class OTP {
* @param integer $input : number used to seed the hmac hash function. * @param integer $input : number used to seed the hmac hash function.
* This number is usually a counter (HOTP) or calculated based on the current * This number is usually a counter (HOTP) or calculated based on the current
* timestamp (see TOTP class). * timestamp (see TOTP class).
* @return integer the one-time password * @return integer the one-time password
*/ */
public function generateOTP($input) { public function generateOTP($input) {
$hash = hash_hmac($this->digest, $this->intToBytestring($input), $this->byteSecret()); $hash = hash_hmac($this->digest, $this->intToBytestring($input), $this->byteSecret());
@ -99,7 +99,7 @@ class OTP {
* @return binary secret key * @return binary secret key
*/ */
public function byteSecret() { public function byteSecret() {
return \Base32::decode($this->secret); return Base32::decode($this->secret);
} }
/** /**

0
lib/otphp/lib/otphp.php → vendor/OTPHP/OTPHP.php vendored
View file

0
lib/otphp/lib/totp.php → vendor/OTPHP/TOTP.php vendored
View file