JonatanRek
3 years ago
15 changed files with 406 additions and 37 deletions
Split View
Diff Options
-
+1 -1README.md
-
+1 -1_INSTALATION/_SQL_TABLES.sql
-
+0 -5app/class/UserManager.php
-
+17 -0app/controls/settings.php
-
+34 -3app/lang/cs.php
-
+8 -1app/lang/en.php
-
+9 -1app/lang/pl.php
-
+16 -0app/templates/css/override.css
-
+19 -1app/templates/js/setting.js
-
+10 -20app/templates/login.phtml
-
+1 -0app/templates/part/head.phtml
-
+20 -0app/templates/part/loginForm.phtml
-
+13 -0app/templates/part/loginOta.phtml
-
+252 -0app/vendor/GoogleAuthenticator.php
-
+5 -4index.php
+ 1
- 1
README.md
View File
+ 1
- 1
_INSTALATION/_SQL_TABLES.sql
View File
+ 0
- 5
app/class/UserManager.php
View File
+ 17
- 0
app/controls/settings.php
View File
| @ -0,0 +1,17 @@ | |||
| <?php | |||
| if (isset($_POST) && !empty($_POST)){ | |||
| if (isset($_POST['submitPasswordChange']) && $_POST['submitPasswordChange'] != "") { | |||
| $oldPassword = $_POST['oldPassword']; | |||
| $newPassword = $_POST['newPassword1']; | |||
| $newPassword2 = $_POST['newPassword2']; | |||
| UserManager::changePassword($oldPassword, $newPassword, $newPassword2); | |||
| header('Location: ' . BASEDIR . 'logout'); | |||
| die(); | |||
| } else if (isset($_POST['submitCreateUser']) && $_POST['submitCreateUser'] != "") { | |||
| $userName = $_POST['userName']; | |||
| $password = $_POST['userPassword']; | |||
| UserManager::createUser($userName, $password); | |||
| header('Location: ' . BASEDIR . 'setting'); | |||
| die(); | |||
| } | |||
| } | |||
+ 34
- 3
app/lang/cs.php
View File
+ 8
- 1
app/lang/en.php
View File
+ 9
- 1
app/lang/pl.php
View File
+ 16
- 0
app/templates/css/override.css
View File
| @ -0,0 +1,16 @@ | |||
| table.table td, table.table th { | |||
| border: 2px solid #121a2b; | |||
| padding: 8px; | |||
| } | |||
| /*tr:nth-child(even){background-color: #f2f2f2;}*/ | |||
| table.table tr:hover {background-color: #121a2b;} | |||
| table.table th { | |||
| padding-top: 12px; | |||
| padding-bottom: 12px; | |||
| text-align: left; | |||
| background-color: #121a2b; | |||
| color: white; | |||
| } | |||
+ 19
- 1
app/templates/js/setting.js
View File
+ 10
- 20
app/templates/login.phtml
View File
+ 1
- 0
app/templates/part/head.phtml
View File
+ 20
- 0
app/templates/part/loginForm.phtml
View File
| @ -0,0 +1,20 @@ | |||
| <div class="modal-container"> | |||
| <div class="modal"> | |||
| <h4 class="mb-4">Login</h4> | |||
| <form method="post"> | |||
| <div class="field"> | |||
| <div class="label">Name:</div> | |||
| <input class="input" type="text" name="username" placeholder="Jméno.."/> | |||
| </div> | |||
| <div class="field"> | |||
| <div class="label">Password:</div> | |||
| <input class="input" type="password" name="password" placeholder="Heslo.."/> | |||
| </div> | |||
| <div class="field"> | |||
| <div class="label">Remember me:</div> | |||
| <input class="" type="checkbox" name="remember" value="true"/> | |||
| </div> | |||
| <input type="submit" class="button" name="login" value="Login"/> | |||
| </form> | |||
| </div> | |||
| </div> | |||
+ 13
- 0
app/templates/part/loginOta.phtml
View File
| @ -0,0 +1,13 @@ | |||
| <div class="modal-container"> | |||
| <div class="modal"> | |||
| <h4 class="mb-4">OTA</h4> | |||
| <form method="post"> | |||
| <input type="hidden" name="otaSecret" value="<?php echo $OTA; ?>"/> | |||
| <div class="field"> | |||
| <div class="label">Code:</div> | |||
| <input class="input" type="text" name="otaCode" placeholder=""/> | |||
| </div> | |||
| <input type="submit" class="button" name="login" value="Login"/> | |||
| </form> | |||
| </div> | |||
| </div> | |||
+ 252
- 0
app/vendor/GoogleAuthenticator.php
View File
| @ -0,0 +1,252 @@ | |||
| <?php | |||
| /** | |||
| * PHP Class for handling Google Authenticator 2-factor authentication. | |||
| * | |||
| * @author Michael Kliewe | |||
| * @copyright 2012 Michael Kliewe | |||
| * @license http://www.opensource.org/licenses/bsd-license.php BSD License | |||
| * | |||
| * @link http://www.phpgangsta.de/ | |||
| */ | |||
| class PHPGangsta_GoogleAuthenticator | |||
| { | |||
| protected $_codeLength = 6; | |||
| /** | |||
| * Create new secret. | |||
| * 16 characters, randomly chosen from the allowed base32 characters. | |||
| * | |||
| * @param int $secretLength | |||
| * | |||
| * @return string | |||
| */ | |||
| public function createSecret($secretLength = 16) | |||
| { | |||
| $validChars = $this->_getBase32LookupTable(); | |||
| // Valid secret lengths are 80 to 640 bits | |||
| if ($secretLength < 16 || $secretLength > 128) { | |||
| throw new Exception('Bad secret length'); | |||
| } | |||
| $secret = ''; | |||
| $rnd = false; | |||
| if (function_exists('random_bytes')) { | |||
| $rnd = random_bytes($secretLength); | |||
| } elseif (function_exists('mcrypt_create_iv')) { | |||
| $rnd = mcrypt_create_iv($secretLength, MCRYPT_DEV_URANDOM); | |||
| } elseif (function_exists('openssl_random_pseudo_bytes')) { | |||
| $rnd = openssl_random_pseudo_bytes($secretLength, $cryptoStrong); | |||
| if (!$cryptoStrong) { | |||
| $rnd = false; | |||
| } | |||
| } | |||
| if ($rnd !== false) { | |||
| for ($i = 0; $i < $secretLength; ++$i) { | |||
| $secret .= $validChars[ord($rnd[$i]) & 31]; | |||
| } | |||
| } else { | |||
| throw new Exception('No source of secure random'); | |||
| } | |||
| return $secret; | |||
| } | |||
| /** | |||
| * Calculate the code, with given secret and point in time. | |||
| * | |||
| * @param string $secret | |||
| * @param int|null $timeSlice | |||
| * | |||
| * @return string | |||
| */ | |||
| public function getCode($secret, $timeSlice = null) | |||
| { | |||
| if ($timeSlice === null) { | |||
| $timeSlice = floor(time() / 30); | |||
| } | |||
| $secretkey = $this->_base32Decode($secret); | |||
| // Pack time into binary string | |||
| $time = chr(0).chr(0).chr(0).chr(0).pack('N*', $timeSlice); | |||
| // Hash it with users secret key | |||
| $hm = hash_hmac('SHA1', $time, $secretkey, true); | |||
| // Use last nipple of result as index/offset | |||
| $offset = ord(substr($hm, -1)) & 0x0F; | |||
| // grab 4 bytes of the result | |||
| $hashpart = substr($hm, $offset, 4); | |||
| // Unpak binary value | |||
| $value = unpack('N', $hashpart); | |||
| $value = $value[1]; | |||
| // Only 32 bits | |||
| $value = $value & 0x7FFFFFFF; | |||
| $modulo = pow(10, $this->_codeLength); | |||
| return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT); | |||
| } | |||
| /** | |||
| * Get QR-Code URL for image, from google charts. | |||
| * | |||
| * @param string $name | |||
| * @param string $secret | |||
| * @param string $title | |||
| * @param array $params | |||
| * | |||
| * @return string | |||
| */ | |||
| public function getQRCodeGoogleUrl($name, $secret, $title = null, $params = array()) | |||
| { | |||
| $width = !empty($params['width']) && (int) $params['width'] > 0 ? (int) $params['width'] : 200; | |||
| $height = !empty($params['height']) && (int) $params['height'] > 0 ? (int) $params['height'] : 200; | |||
| $level = !empty($params['level']) && array_search($params['level'], array('L', 'M', 'Q', 'H')) !== false ? $params['level'] : 'M'; | |||
| $urlencoded = urlencode('otpauth://totp/'.$name.'?secret='.$secret.''); | |||
| if (isset($title)) { | |||
| $urlencoded .= urlencode('&issuer='.urlencode($title)); | |||
| } | |||
| return "https://api.qrserver.com/v1/create-qr-code/?data=$urlencoded&size=${width}x${height}&ecc=$level"; | |||
| } | |||
| /** | |||
| * Check if the code is correct. This will accept codes starting from $discrepancy*30sec ago to $discrepancy*30sec from now. | |||
| * | |||
| * @param string $secret | |||
| * @param string $code | |||
| * @param int $discrepancy This is the allowed time drift in 30 second units (8 means 4 minutes before or after) | |||
| * @param int|null $currentTimeSlice time slice if we want use other that time() | |||
| * | |||
| * @return bool | |||
| */ | |||
| public function verifyCode($secret, $code, $discrepancy = 1, $currentTimeSlice = null) | |||
| { | |||
| if ($currentTimeSlice === null) { | |||
| $currentTimeSlice = floor(time() / 30); | |||
| } | |||
| if (strlen($code) != 6) { | |||
| return false; | |||
| } | |||
| for ($i = -$discrepancy; $i <= $discrepancy; ++$i) { | |||
| $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i); | |||
| if ($this->timingSafeEquals($calculatedCode, $code)) { | |||
| return true; | |||
| } | |||
| } | |||
| return false; | |||
| } | |||
| /** | |||
| * Set the code length, should be >=6. | |||
| * | |||
| * @param int $length | |||
| * | |||
| * @return PHPGangsta_GoogleAuthenticator | |||
| */ | |||
| public function setCodeLength($length) | |||
| { | |||
| $this->_codeLength = $length; | |||
| return $this; | |||
| } | |||
| /** | |||
| * Helper class to decode base32. | |||
| * | |||
| * @param $secret | |||
| * | |||
| * @return bool|string | |||
| */ | |||
| protected function _base32Decode($secret) | |||
| { | |||
| if (empty($secret)) { | |||
| return ''; | |||
| } | |||
| $base32chars = $this->_getBase32LookupTable(); | |||
| $base32charsFlipped = array_flip($base32chars); | |||
| $paddingCharCount = substr_count($secret, $base32chars[32]); | |||
| $allowedValues = array(6, 4, 3, 1, 0); | |||
| if (!in_array($paddingCharCount, $allowedValues)) { | |||
| return false; | |||
| } | |||
| for ($i = 0; $i < 4; ++$i) { | |||
| if ($paddingCharCount == $allowedValues[$i] && | |||
| substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) { | |||
| return false; | |||
| } | |||
| } | |||
| $secret = str_replace('=', '', $secret); | |||
| $secret = str_split($secret); | |||
| $binaryString = ''; | |||
| for ($i = 0; $i < count($secret); $i = $i + 8) { | |||
| $x = ''; | |||
| if (!in_array($secret[$i], $base32chars)) { | |||
| return false; | |||
| } | |||
| for ($j = 0; $j < 8; ++$j) { | |||
| $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT); | |||
| } | |||
| $eightBits = str_split($x, 8); | |||
| for ($z = 0; $z < count($eightBits); ++$z) { | |||
| $binaryString .= (($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48) ? $y : ''; | |||
| } | |||
| } | |||
| return $binaryString; | |||
| } | |||
| /** | |||
| * Get array with all 32 characters for decoding from/encoding to base32. | |||
| * | |||
| * @return array | |||
| */ | |||
| protected function _getBase32LookupTable() | |||
| { | |||
| return array( | |||
| 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7 | |||
| 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15 | |||
| 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23 | |||
| 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31 | |||
| '=', // padding char | |||
| ); | |||
| } | |||
| /** | |||
| * A timing safe equals comparison | |||
| * more info here: http://blog.ircmaxell.com/2014/11/its-all-about-time.html. | |||
| * | |||
| * @param string $safeString The internal (safe) value to be checked | |||
| * @param string $userString The user submitted (unsafe) value | |||
| * | |||
| * @return bool True if the two strings are identical | |||
| */ | |||
| private function timingSafeEquals($safeString, $userString) | |||
| { | |||
| if (function_exists('hash_equals')) { | |||
| return hash_equals($safeString, $userString); | |||
| } | |||
| $safeLen = strlen($safeString); | |||
| $userLen = strlen($userString); | |||
| if ($userLen != $safeLen) { | |||
| return false; | |||
| } | |||
| $result = 0; | |||
| for ($i = 0; $i < $userLen; ++$i) { | |||
| $result |= (ord($safeString[$i]) ^ ord($userString[$i])); | |||
| } | |||
| // They are only identical strings if $result is exactly 0... | |||
| return $result === 0; | |||
| } | |||
| } | |||