Skip to content
Snippets Groups Projects
Commit 013ea1e3 authored by Tomasz Wolniewicz's avatar Tomasz Wolniewicz
Browse files

code ordering

parent ed923b8f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Dockerfile 0 → 100644
+ 14
0
View file @ 013ea1e3
FROM php:8.1-apache
WORKDIR /var/www/html
RUN docker-php-ext-install mysqli
COPY --from=docker.io/library/composer:latest /usr/bin/composer /usr/bin/composer
COPY composer.json .
RUN apt-get update
RUN apt-get install -y git
RUN composer update
COPY otp_server.php otp_server.php
COPY config/ config
COPY otp_server_config/ /var/otp_server_config
EXPOSE 80
web/otp-server.php otp_server.php
+ 8
7
View file @ 013ea1e3
......@@ -13,12 +13,12 @@
*/
session_start();
require_once('../vendor/autoload.php');
require_once('../../config/config.php');
require_once('vendor/autoload.php');
require_once('config/config.php');
require_once(DB_CONFIG_LOCATION);
use OTPHP\TOTP;
$mysqli = new mysqli(DB_HOST, USER, PASSWORD, DB_DATABASE);
$mysqli = new mysqli(DB_HOST, USER, PASSWORD, OTP_DATABASE);
if ($mysqli->connect_error) {
die("Not connected");
}
......@@ -26,6 +26,7 @@ $mysqli->set_charset('utf8');
$mysqli->query("SET time_zone='+00:00'");
if (empty($_GET['user'])) {
print('no username argument');
exit;
}
......@@ -40,7 +41,7 @@ if ($result) {
} else {
$r = $result->fetch_row();
$otpSecret = $r[0];
$otpLastCode = $r[1];
$otpLastCode = intval($r[1]);
$verified = $r[2];
$out = 0; // the user exists in the database - this is a temporary code value
}
......@@ -48,11 +49,11 @@ if ($result) {
exit;
}
$otpCode = filter_var($_GET['otp'], FILTER_SANITIZE_NUMBER_INT);
$otpCode = isset($_GET['otp']) ? intval(filter_var($_GET['otp'], FILTER_SANITIZE_NUMBER_INT)) : 0;
// check if any code has been passed and if so update the result code accordingle - again this value is temporary
if ($otpCode == '' && $out == 0) {
if ($otpCode == 0 && $out == 0) {
if ($verified == 1) {
$out = 3;
} else {
......@@ -63,7 +64,7 @@ if ($otpCode == '' && $out == 0) {
if ($out == 0) { // the otp code must have been provided and the user exists in the DB, the secret is taken form the DB
$otpObject = TOTP::create($otpSecret);
$otpTestCode = $otpObject->now();
$otpTestCode = intval($otpObject->now());
if ($otpCode === $otpTestCode) {
if($otpCode === $otpLastCode) {
$out = 4;
......
otp_server_config/otp_config-template.php 0 → 100644
+ 6
0
View file @ 013ea1e3
<?php
define('DB_HOST','edugain-db');
define('DB_DATABASE','edugain');
define('USER', 'otp');
define('PASSWORD', 'xxxx');
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment