PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / 1.3.1
Matomo Analytics – Powerful, Privacy-First Insights for WordPress v1.3.1
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / libs / Authenticator / TwoFactorAuthenticator.php
matomo / app / libs / Authenticator Last commit date
LICENSE.md 6 years ago README.md 6 years ago TwoFactorAuthenticator.php 6 years ago
TwoFactorAuthenticator.php
195 lines
1 <?php
2 /**
3 * PHP Class for handling Google Authenticator 2-factor authentication
4 *
5 * @author Michael Kliewe
6 * @copyright 2012 Michael Kliewe
7 * @license http://www.opensource.org/licenses/bsd-license.php BSD License
8 * @link http://www.phpgangsta.de/
9 *
10 * small adjustments by @sgiehl / matomo.org
11 * - renamed class
12 * - removed method getQRCodeGoogleUrl
13 * small adjustments by matomo.org
14 * - use better random secret generator
15 */
16
17 class TwoFactorAuthenticator
18 {
19 protected $_codeLength = 6;
20
21 /**
22 * Create new secret.
23 * 16 characters, randomly chosen from the allowed base32 characters.
24 *
25 * @param int $secretLength
26 * @return string
27 */
28 public function createSecret($secretLength = 16)
29 {
30 $validChars = $this->_getBase32LookupTable();
31 unset($validChars[32]);
32
33 // modified by matomo.org
34 return \Piwik\Common::getRandomString($secretLength, implode('', $validChars));
35 }
36
37 /**
38 * Calculate the code, with given secret and point in time
39 *
40 * @param string $secret
41 * @param int|null $timeSlice
42 * @return string
43 */
44 public function getCode($secret, $timeSlice = null)
45 {
46 if ($timeSlice === null) {
47 $timeSlice = floor(time() / 30);
48 }
49
50 $secretkey = $this->_base32Decode($secret);
51
52 // Pack time into binary string
53 $time = chr(0).chr(0).chr(0).chr(0).pack('N*', $timeSlice);
54 // Hash it with users secret key
55 $hm = hash_hmac('SHA1', $time, $secretkey, true);
56 // Use last nipple of result as index/offset
57 $offset = ord(substr($hm, -1)) & 0x0F;
58 // grab 4 bytes of the result
59 $hashpart = substr($hm, $offset, 4);
60
61 // Unpak binary value
62 $value = unpack('N', $hashpart);
63 $value = $value[1];
64 // Only 32 bits
65 $value = $value & 0x7FFFFFFF;
66
67 $modulo = pow(10, $this->_codeLength);
68 return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
69 }
70
71 /**
72 * Check if the code is correct. This will accept codes starting from $discrepancy*30sec ago to $discrepancy*30sec from now
73 *
74 * @param string $secret
75 * @param string $code
76 * @param int $discrepancy This is the allowed time drift in 30 second units (8 means 4 minutes before or after)
77 * @param int|null $currentTimeSlice time slice if we want use other that time()
78 * @return bool
79 */
80 public function verifyCode($secret, $code, $discrepancy = 1, $currentTimeSlice = null)
81 {
82 if ($currentTimeSlice === null) {
83 $currentTimeSlice = floor(time() / 30);
84 }
85
86 for ($i = -$discrepancy; $i <= $discrepancy; $i++) {
87 $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
88 if ($calculatedCode == $code ) {
89 return true;
90 }
91 }
92
93 return false;
94 }
95
96 /**
97 * Set the code length, should be >=6
98 *
99 * @param int $length
100 * @return self
101 */
102 public function setCodeLength($length)
103 {
104 $this->_codeLength = $length;
105 return $this;
106 }
107
108 /**
109 * Helper class to decode base32
110 *
111 * @param $secret
112 * @return bool|string
113 */
114 protected function _base32Decode($secret)
115 {
116 if (empty($secret)) return '';
117
118 $base32chars = $this->_getBase32LookupTable();
119 $base32charsFlipped = array_flip($base32chars);
120
121 $paddingCharCount = substr_count($secret, $base32chars[32]);
122 $allowedValues = array(6, 4, 3, 1, 0);
123 if (!in_array($paddingCharCount, $allowedValues)) return false;
124 for ($i = 0; $i < 4; $i++){
125 if ($paddingCharCount == $allowedValues[$i] &&
126 substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) return false;
127 }
128 $secret = str_replace('=','', $secret);
129 $secret = str_split($secret);
130 $binaryString = "";
131 for ($i = 0; $i < count($secret); $i = $i+8) {
132 $x = "";
133 if (!in_array($secret[$i], $base32chars)) return false;
134 for ($j = 0; $j < 8; $j++) {
135 $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
136 }
137 $eightBits = str_split($x, 8);
138 for ($z = 0; $z < count($eightBits); $z++) {
139 $binaryString .= ( ($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48 ) ? $y:"";
140 }
141 }
142 return $binaryString;
143 }
144
145 /**
146 * Helper class to encode base32
147 *
148 * @param string $secret
149 * @param bool $padding
150 * @return string
151 */
152 protected function _base32Encode($secret, $padding = true)
153 {
154 if (empty($secret)) return '';
155
156 $base32chars = $this->_getBase32LookupTable();
157
158 $secret = str_split($secret);
159 $binaryString = "";
160 for ($i = 0; $i < count($secret); $i++) {
161 $binaryString .= str_pad(base_convert(ord($secret[$i]), 10, 2), 8, '0', STR_PAD_LEFT);
162 }
163 $fiveBitBinaryArray = str_split($binaryString, 5);
164 $base32 = "";
165 $i = 0;
166 while ($i < count($fiveBitBinaryArray)) {
167 $base32 .= $base32chars[base_convert(str_pad($fiveBitBinaryArray[$i], 5, '0'), 2, 10)];
168 $i++;
169 }
170 if ($padding && ($x = strlen($binaryString) % 40) != 0) {
171 if ($x == 8) $base32 .= str_repeat($base32chars[32], 6);
172 elseif ($x == 16) $base32 .= str_repeat($base32chars[32], 4);
173 elseif ($x == 24) $base32 .= str_repeat($base32chars[32], 3);
174 elseif ($x == 32) $base32 .= $base32chars[32];
175 }
176 return $base32;
177 }
178
179 /**
180 * Get array with all 32 characters for decoding from/encoding to base32
181 *
182 * @return array
183 */
184 protected function _getBase32LookupTable()
185 {
186 return array(
187 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
188 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
189 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
190 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
191 '=' // padding char
192 );
193 }
194 }
195