欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

PHP实现OATH动态口令算法的示例代码分享

程序员文章站 2022-05-27 09:52:22
...

PHP实现OATH动态口令算法的示例代码分享

<?PHP  
/** 
 * This program is free software: you can redistribute it and/or modify 
 * it under the terms of the GNU General Public License as published by 
 * the Free Software Foundation, either version 3 of the License, or 
 * (at your option) any later version. 
 * 
 * This program is distributed in the hope that it will be useful, 
 * but WITHOUT ANY WARRANTY; without even the implied warranty of 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
 * GNU General Public License for more details. 
 * 
 * You should have received a copy of the GNU General Public License 
 * along with this program.  If not, see <http://www.gnu.org/licenses/>. 
 * 
 * PHP Google two-factor authentication module. 
 * 
 * See http://www.idontplaydarts.com/2011/07/google-totp-two-factor-authentication-for-php/ 
 * for more details 
 * 
 * @author Phil 
 **/  
  
class Google2FA {  
  
    const keyRegeneration     = 30;    // Interval between key regeneration  
    const otpLength        = 6;    // Length of the Token generated  
  
    private static $lut = array(    // Lookup needed for Base32 encoding  
        "A" => 0,    "B" => 1,  
        "C" => 2,    "D" => 3,  
        "E" => 4,    "F" => 5,  
        "G" => 6,    "H" => 7,  
        "I" => 8,    "J" => 9,  
        "K" => 10,    "L" => 11,  
        "M" => 12,    "N" => 13,  
        "O" => 14,    "P" => 15,  
        "Q" => 16,    "R" => 17,  
        "S" => 18,    "T" => 19,  
        "U" => 20,    "V" => 21,  
        "W" => 22,    "X" => 23,  
        "Y" => 24,    "Z" => 25,  
        "2" => 26,    "3" => 27,  
        "4" => 28,    "5" => 29,  
        "6" => 30,    "7" => 31  
    );  
  
    /** 
     * Generates a 16 digit secret key in base32 format 
     * @return string 
     **/  
    public static function generate_secret_key($length = 16) {  
        $b32     = "234567QWERTYUIOPASDFGHJKLZXCVBNM";  
        $s     = "";  
  
        for ($i = 0; $i < $length; $i++)  
            $s .= $b32[rand(0,31)];  
  
        return $s;  
    }  
  
    /** 
     * Returns the current Unix Timestamp devided by the keyRegeneration 
     * period. 
     * @return integer 
     **/  
    public static function get_timestamp() {  
        return floor(microtime(true)/self::keyRegeneration);  
    }  
  
    /** 
     * Decodes a base32 string into a binary string. 
     **/  
    public static function base32_decode($b32) {  
  
        $b32     = strtoupper($b32);  
  
        if (!preg_match('/^[ABCDEFGHIJKLMNOPQRSTUVWXYZ234567]+$/', $b32, $match))  
            throw new Exception('Invalid characters in the base32 string.');  
  
        $l     = strlen($b32);  
        $n    = 0;  
        $j    = 0;  
        $binary = "";  
  
        for ($i = 0; $i < $l; $i++) {  
  
            $n = $n << 5;                 // Move buffer left by 5 to make room  
            $n = $n + self::$lut[$b32[$i]];     // Add value into buffer  
            $j = $j + 5;                // Keep track of number of bits in buffer  
  
            if ($j >= 8) {  
                $j = $j - 8;  
                $binary .= chr(($n & (0xFF << $j)) >> $j);  
            }  
        }  
  
        return $binary;  
    }  
  
    /** 
     * Takes the secret key and the timestamp and returns the one time 
     * password. 
     * 
     * @param binary $key - Secret key in binary form. 
     * @param integer $counter - Timestamp as returned by get_timestamp. 
     * @return string 
     **/  
    public static function oath_hotp($key, $counter)  
    {  
        if (strlen($key) < 8)  
        throw new Exception('Secret key is too short. Must be at least 16 base 32 characters');  
  
        $bin_counter = pack('N*', 0) . pack('N*', $counter);        // Counter must be 64-bit int  
        $hash      = hash_hmac ('sha1', $bin_counter, $key, true);  
  
        return str_pad(self::oath_truncate($hash), self::otpLength, '0', STR_PAD_LEFT);  
    }  
  
    /** 
     * Verifys a user inputted key against the current timestamp. Checks $window 
     * keys either side of the timestamp. 
     * 
     * @param string $b32seed 
     * @param string $key - User specified key 
     * @param integer $window 
     * @param boolean $useTimeStamp 
     * @return boolean 
     **/  
    public static function verify_key($b32seed, $key, $window = 4, $useTimeStamp = true) {  
  
        $timeStamp = self::get_timestamp();  
  
        if ($useTimeStamp !== true) $timeStamp = (int)$useTimeStamp;  
  
        $binarySeed = self::base32_decode($b32seed);  
  
        for ($ts = $timeStamp - $window; $ts <= $timeStamp + $window; $ts++)  
            if (self::oath_hotp($binarySeed, $ts) == $key)  
                return true;  
  
        return false;  
  
    }  
  
    /** 
     * Extracts the OTP from the SHA1 hash. 
     * @param binary $hash 
     * @return integer 
     **/  
    public static function oath_truncate($hash)  
    {  
        $offset = ord($hash[19]) & 0xf;  
  
        return (  
            ((ord($hash[$offset+0]) & 0x7f) << 24 ) |  
            ((ord($hash[$offset+1]) & 0xff) << 16 ) |  
            ((ord($hash[$offset+2]) & 0xff) << 8 ) |  
            (ord($hash[$offset+3]) & 0xff)  
        ) % pow(10, self::otpLength);  
    }  
  
  
  
}  
  
$InitalizationKey = "LFLFMU2SGVCUIUCZKBMEKRKLIQ";                    // Set the inital key  
  
$TimeStamp      = Google2FA::get_timestamp();  
$secretkey       = Google2FA::base32_decode($InitalizationKey);    // Decode it into binary  
$otp             = Google2FA::oath_hotp($secretkey, $TimeStamp);    // Get current token  
  
echo("Init key: $InitalizationKey\n");  
echo("Timestamp: $TimeStamp\n");  
echo("One time password: $otp\n");  
  
// Use this to verify a key as it allows for some time drift.  
  
$result = Google2FA::verify_key($InitalizationKey, "123456");  
  
var_dump($result);  
  
?>

上面的内容保存为oath.php,测试运行有两种方法:

1、运行命令行:php.exe oath.php

路径问题大家懂得

2、部署在web目录下,通过网页访问

例如:http://localhost/oath.php

以上就是PHP实现OATH动态口令算法的示例代码分享的详细内容,更多请关注其它相关文章!