PHP實現OATH動態口令演算法的範例程式碼分享

來源:互聯網
上載者:User

PHP實現OATH動態口令演算法的範例程式碼分享

<?PHP  /**  * This program is free software: you can redistribute it and/or modify  * it under the terms of the GNU General Public License as published by  * the Free Software Foundation, either version 3 of the License, or  * (at your option) any later version.  *  * This program is distributed in the hope that it will be useful,  * but WITHOUT ANY WARRANTY; without even the implied warranty of  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the  * GNU General Public License for more details.  *  * You should have received a copy of the GNU General Public License  * along with this program.  If not, see <http://www.gnu.org/licenses/>.  *  * PHP Google two-factor authentication module.  *  * See http://www.idontplaydarts.com/2011/07/google-totp-two-factor-authentication-for-php/  * for more details  *  * @author Phil  **/    class Google2FA {        const keyRegeneration     = 30;    // Interval between key regeneration      const otpLength        = 6;    // Length of the Token generated        private static $lut = array(    // Lookup needed for Base32 encoding          "A" => 0,    "B" => 1,          "C" => 2,    "D" => 3,          "E" => 4,    "F" => 5,          "G" => 6,    "H" => 7,          "I" => 8,    "J" => 9,          "K" => 10,    "L" => 11,          "M" => 12,    "N" => 13,          "O" => 14,    "P" => 15,          "Q" => 16,    "R" => 17,          "S" => 18,    "T" => 19,          "U" => 20,    "V" => 21,          "W" => 22,    "X" => 23,          "Y" => 24,    "Z" => 25,          "2" => 26,    "3" => 27,          "4" => 28,    "5" => 29,          "6" => 30,    "7" => 31      );        /**      * Generates a 16 digit secret key in base32 format      * @return string      **/      public static function generate_secret_key($length = 16) {          $b32     = "234567QWERTYUIOPASDFGHJKLZXCVBNM";          $s     = "";            for ($i = 0; $i < $length; $i++)              $s .= $b32[rand(0,31)];            return $s;      }        /**      * Returns the current Unix Timestamp devided by the keyRegeneration      * period.      * @return integer      **/      public static function get_timestamp() {          return floor(microtime(true)/self::keyRegeneration);      }        /**      * Decodes a base32 string into a binary string.      **/      public static function base32_decode($b32) {            $b32     = strtoupper($b32);            if (!preg_match('/^[ABCDEFGHIJKLMNOPQRSTUVWXYZ234567]+$/', $b32, $match))              throw new Exception('Invalid characters in the base32 string.');            $l     = strlen($b32);          $n    = 0;          $j    = 0;          $binary = "";            for ($i = 0; $i < $l; $i++) {                $n = $n << 5;                 // Move buffer left by 5 to make room              $n = $n + self::$lut[$b32[$i]];     // Add value into buffer              $j = $j + 5;                // Keep track of number of bits in buffer                if ($j >= 8) {                  $j = $j - 8;                  $binary .= chr(($n & (0xFF << $j)) >> $j);              }          }            return $binary;      }        /**      * Takes the secret key and the timestamp and returns the one time      * password.      *      * @param binary $key - Secret key in binary form.      * @param integer $counter - Timestamp as returned by get_timestamp.      * @return string      **/      public static function oath_hotp($key, $counter)      {          if (strlen($key) < 8)          throw new Exception('Secret key is too short. Must be at least 16 base 32 characters');            $bin_counter = pack('N*', 0) . pack('N*', $counter);        // Counter must be 64-bit int          $hash      = hash_hmac ('sha1', $bin_counter, $key, true);            return str_pad(self::oath_truncate($hash), self::otpLength, '0', STR_PAD_LEFT);      }        /**      * Verifys a user inputted key against the current timestamp. Checks $window      * keys either side of the timestamp.      *      * @param string $b32seed      * @param string $key - User specified key      * @param integer $window      * @param boolean $useTimeStamp      * @return boolean      **/      public static function verify_key($b32seed, $key, $window = 4, $useTimeStamp = true) {            $timeStamp = self::get_timestamp();            if ($useTimeStamp !== true) $timeStamp = (int)$useTimeStamp;            $binarySeed = self::base32_decode($b32seed);            for ($ts = $timeStamp - $window; $ts <= $timeStamp + $window; $ts++)              if (self::oath_hotp($binarySeed, $ts) == $key)                  return true;            return false;        }        /**      * Extracts the OTP from the SHA1 hash.      * @param binary $hash      * @return integer      **/      public static function oath_truncate($hash)      {          $offset = ord($hash[19]) & 0xf;            return (              ((ord($hash[$offset+0]) & 0x7f) << 24 ) |              ((ord($hash[$offset+1]) & 0xff) << 16 ) |              ((ord($hash[$offset+2]) & 0xff) << 8 ) |              (ord($hash[$offset+3]) & 0xff)          ) % pow(10, self::otpLength);      }        }    $InitalizationKey = "LFLFMU2SGVCUIUCZKBMEKRKLIQ";                    // Set the inital key    $TimeStamp      = Google2FA::get_timestamp();  $secretkey       = Google2FA::base32_decode($InitalizationKey);    // Decode it into binary  $otp             = Google2FA::oath_hotp($secretkey, $TimeStamp);    // Get current token    echo("Init key: $InitalizationKey\n");  echo("Timestamp: $TimeStamp\n");  echo("One time password: $otp\n");    // Use this to verify a key as it allows for some time drift.    $result = Google2FA::verify_key($InitalizationKey, "123456");    var_dump($result);    ?>

上面的內容儲存為oath.php,測試回合有兩種方法:

1、運行命令列:php.exe oath.php

路徑問題大家懂得

2、部署在web目錄下,通過網頁訪問

例如:http://localhost/oath.php

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.