nilsteampassnet /
TeamPass
@@ -4,17 +4,17 @@ |
||
| 4 | 4 | */ |
| 5 | 5 | |
| 6 | 6 | return array( |
| 7 | - "CSRFP_TOKEN" => "", |
|
| 8 | - "logDirectory" => "../log", |
|
| 9 | - "failedAuthAction" => array( |
|
| 10 | - "GET" => 0, |
|
| 11 | - "POST" => 0), |
|
| 12 | - "errorRedirectionPage" => "", |
|
| 13 | - "customErrorMessage" => "", |
|
| 14 | - "jsPath" => "../js/csrfprotector.js", |
|
| 15 | - "jsUrl" => "", |
|
| 16 | - "tokenLength" => 50, |
|
| 17 | - "disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\"> |
|
| 7 | + "CSRFP_TOKEN" => "", |
|
| 8 | + "logDirectory" => "../log", |
|
| 9 | + "failedAuthAction" => array( |
|
| 10 | + "GET" => 0, |
|
| 11 | + "POST" => 0), |
|
| 12 | + "errorRedirectionPage" => "", |
|
| 13 | + "customErrorMessage" => "", |
|
| 14 | + "jsPath" => "../js/csrfprotector.js", |
|
| 15 | + "jsUrl" => "", |
|
| 16 | + "tokenLength" => 50, |
|
| 17 | + "disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\"> |
|
| 18 | 18 | Cross-Site Request Forgeries </a> attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you. |
| 19 | 19 | See details of your web browser for how to enable JavaScript.", |
| 20 | 20 | "verifyGetFor" => array("*page=items&type=duo_check*", "*upload.attachments.php*") |
@@ -1,101 +1,101 @@ |
||
| 1 | 1 | <?php |
| 2 | 2 | |
| 3 | 3 | class Duo { |
| 4 | - const DUO_PREFIX = "TX"; |
|
| 5 | - const APP_PREFIX = "APP"; |
|
| 6 | - const AUTH_PREFIX = "AUTH"; |
|
| 7 | - |
|
| 8 | - const DUO_EXPIRE = 300; |
|
| 9 | - const APP_EXPIRE = 3600; |
|
| 10 | - |
|
| 11 | - const IKEY_LEN = 20; |
|
| 12 | - const SKEY_LEN = 40; |
|
| 13 | - const AKEY_LEN = 40; // if this changes you have to change ERR_AKEY |
|
| 14 | - |
|
| 15 | - const ERR_USER = 'ERR|The username passed to sign_request() is invalid.'; |
|
| 16 | - const ERR_IKEY = 'ERR|The Duo integration key passed to sign_request() is invalid.'; |
|
| 17 | - const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.'; |
|
| 18 | - const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.'; |
|
| 19 | - |
|
| 20 | - private static function sign_vals($key, $vals, $prefix, $expire, $time=NULL) { |
|
| 21 | - $exp = ($time ? $time : time()) + $expire; |
|
| 22 | - $val = $vals . '|' . $exp; |
|
| 23 | - $b64 = base64_encode($val); |
|
| 24 | - $cookie = $prefix . '|' . $b64; |
|
| 25 | - |
|
| 26 | - $sig = hash_hmac("sha1", $cookie, $key); |
|
| 27 | - return $cookie . '|' . $sig; |
|
| 28 | - } |
|
| 29 | - |
|
| 30 | - private static function parse_vals($key, $val, $prefix, $ikey, $time=NULL) { |
|
| 31 | - $ts = ($time ? $time : time()); |
|
| 32 | - |
|
| 33 | - $parts = explode('|', $val); |
|
| 34 | - if (count($parts) !== 3) { |
|
| 35 | - return null; |
|
| 36 | - } |
|
| 37 | - list($u_prefix, $u_b64, $u_sig) = $parts; |
|
| 38 | - |
|
| 39 | - $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key); |
|
| 40 | - if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) { |
|
| 41 | - return null; |
|
| 42 | - } |
|
| 43 | - |
|
| 44 | - if ($u_prefix !== $prefix) { |
|
| 45 | - return null; |
|
| 46 | - } |
|
| 47 | - |
|
| 48 | - $cookie_parts = explode('|', base64_decode($u_b64)); |
|
| 49 | - if (count($cookie_parts) !== 3) { |
|
| 50 | - return null; |
|
| 51 | - } |
|
| 52 | - list($user, $u_ikey, $exp) = $cookie_parts; |
|
| 53 | - |
|
| 54 | - if ($u_ikey !== $ikey) { |
|
| 55 | - return null; |
|
| 56 | - } |
|
| 57 | - if ($ts >= intval($exp)) { |
|
| 58 | - return null; |
|
| 59 | - } |
|
| 60 | - |
|
| 61 | - return $user; |
|
| 62 | - } |
|
| 63 | - |
|
| 64 | - public static function signRequest($ikey, $skey, $akey, $username, $time=NULL) { |
|
| 65 | - if (!isset($username) || strlen($username) === 0) { |
|
| 66 | - return self::ERR_USER; |
|
| 67 | - } |
|
| 68 | - if (strpos($username, '|') !== FALSE) { |
|
| 69 | - return self::ERR_USER; |
|
| 70 | - } |
|
| 71 | - if (!isset($ikey) || strlen($ikey) !== self::IKEY_LEN) { |
|
| 72 | - return self::ERR_IKEY; |
|
| 73 | - } |
|
| 74 | - if (!isset($skey) || strlen($skey) !== self::SKEY_LEN) { |
|
| 75 | - return self::ERR_SKEY; |
|
| 76 | - } |
|
| 77 | - if (!isset($akey) || strlen($akey) < self::AKEY_LEN) { |
|
| 78 | - return self::ERR_AKEY; |
|
| 79 | - } |
|
| 80 | - |
|
| 81 | - $vals = $username . '|' . $ikey; |
|
| 82 | - |
|
| 83 | - $duo_sig = self::sign_vals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time); |
|
| 84 | - $app_sig = self::sign_vals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time); |
|
| 85 | - |
|
| 86 | - return $duo_sig . ':' . $app_sig; |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time=NULL) { |
|
| 90 | - list($auth_sig, $app_sig) = explode(':', $sig_response); |
|
| 91 | - |
|
| 92 | - $auth_user = self::parse_vals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time); |
|
| 93 | - $app_user = self::parse_vals($akey, $app_sig, self::APP_PREFIX, $ikey, $time); |
|
| 94 | - |
|
| 95 | - if ($auth_user !== $app_user) { |
|
| 96 | - return null; |
|
| 97 | - } |
|
| 98 | - |
|
| 99 | - return $auth_user; |
|
| 100 | - } |
|
| 4 | + const DUO_PREFIX = "TX"; |
|
| 5 | + const APP_PREFIX = "APP"; |
|
| 6 | + const AUTH_PREFIX = "AUTH"; |
|
| 7 | + |
|
| 8 | + const DUO_EXPIRE = 300; |
|
| 9 | + const APP_EXPIRE = 3600; |
|
| 10 | + |
|
| 11 | + const IKEY_LEN = 20; |
|
| 12 | + const SKEY_LEN = 40; |
|
| 13 | + const AKEY_LEN = 40; // if this changes you have to change ERR_AKEY |
|
| 14 | + |
|
| 15 | + const ERR_USER = 'ERR|The username passed to sign_request() is invalid.'; |
|
| 16 | + const ERR_IKEY = 'ERR|The Duo integration key passed to sign_request() is invalid.'; |
|
| 17 | + const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.'; |
|
| 18 | + const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.'; |
|
| 19 | + |
|
| 20 | + private static function sign_vals($key, $vals, $prefix, $expire, $time=NULL) { |
|
| 21 | + $exp = ($time ? $time : time()) + $expire; |
|
| 22 | + $val = $vals . '|' . $exp; |
|
| 23 | + $b64 = base64_encode($val); |
|
| 24 | + $cookie = $prefix . '|' . $b64; |
|
| 25 | + |
|
| 26 | + $sig = hash_hmac("sha1", $cookie, $key); |
|
| 27 | + return $cookie . '|' . $sig; |
|
| 28 | + } |
|
| 29 | + |
|
| 30 | + private static function parse_vals($key, $val, $prefix, $ikey, $time=NULL) { |
|
| 31 | + $ts = ($time ? $time : time()); |
|
| 32 | + |
|
| 33 | + $parts = explode('|', $val); |
|
| 34 | + if (count($parts) !== 3) { |
|
| 35 | + return null; |
|
| 36 | + } |
|
| 37 | + list($u_prefix, $u_b64, $u_sig) = $parts; |
|
| 38 | + |
|
| 39 | + $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key); |
|
| 40 | + if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) { |
|
| 41 | + return null; |
|
| 42 | + } |
|
| 43 | + |
|
| 44 | + if ($u_prefix !== $prefix) { |
|
| 45 | + return null; |
|
| 46 | + } |
|
| 47 | + |
|
| 48 | + $cookie_parts = explode('|', base64_decode($u_b64)); |
|
| 49 | + if (count($cookie_parts) !== 3) { |
|
| 50 | + return null; |
|
| 51 | + } |
|
| 52 | + list($user, $u_ikey, $exp) = $cookie_parts; |
|
| 53 | + |
|
| 54 | + if ($u_ikey !== $ikey) { |
|
| 55 | + return null; |
|
| 56 | + } |
|
| 57 | + if ($ts >= intval($exp)) { |
|
| 58 | + return null; |
|
| 59 | + } |
|
| 60 | + |
|
| 61 | + return $user; |
|
| 62 | + } |
|
| 63 | + |
|
| 64 | + public static function signRequest($ikey, $skey, $akey, $username, $time=NULL) { |
|
| 65 | + if (!isset($username) || strlen($username) === 0) { |
|
| 66 | + return self::ERR_USER; |
|
| 67 | + } |
|
| 68 | + if (strpos($username, '|') !== FALSE) { |
|
| 69 | + return self::ERR_USER; |
|
| 70 | + } |
|
| 71 | + if (!isset($ikey) || strlen($ikey) !== self::IKEY_LEN) { |
|
| 72 | + return self::ERR_IKEY; |
|
| 73 | + } |
|
| 74 | + if (!isset($skey) || strlen($skey) !== self::SKEY_LEN) { |
|
| 75 | + return self::ERR_SKEY; |
|
| 76 | + } |
|
| 77 | + if (!isset($akey) || strlen($akey) < self::AKEY_LEN) { |
|
| 78 | + return self::ERR_AKEY; |
|
| 79 | + } |
|
| 80 | + |
|
| 81 | + $vals = $username . '|' . $ikey; |
|
| 82 | + |
|
| 83 | + $duo_sig = self::sign_vals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time); |
|
| 84 | + $app_sig = self::sign_vals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time); |
|
| 85 | + |
|
| 86 | + return $duo_sig . ':' . $app_sig; |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time=NULL) { |
|
| 90 | + list($auth_sig, $app_sig) = explode(':', $sig_response); |
|
| 91 | + |
|
| 92 | + $auth_user = self::parse_vals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time); |
|
| 93 | + $app_user = self::parse_vals($akey, $app_sig, self::APP_PREFIX, $ikey, $time); |
|
| 94 | + |
|
| 95 | + if ($auth_user !== $app_user) { |
|
| 96 | + return null; |
|
| 97 | + } |
|
| 98 | + |
|
| 99 | + return $auth_user; |
|
| 100 | + } |
|
| 101 | 101 | } |
| 102 | 102 | \ No newline at end of file |
@@ -17,17 +17,17 @@ discard block |
||
| 17 | 17 | const ERR_SKEY = 'ERR|The Duo secret key passed to sign_request() is invalid.'; |
| 18 | 18 | const ERR_AKEY = 'ERR|The application secret key passed to sign_request() must be at least 40 characters.'; |
| 19 | 19 | |
| 20 | - private static function sign_vals($key, $vals, $prefix, $expire, $time=NULL) { |
|
| 20 | + private static function sign_vals($key, $vals, $prefix, $expire, $time = NULL) { |
|
| 21 | 21 | $exp = ($time ? $time : time()) + $expire; |
| 22 | - $val = $vals . '|' . $exp; |
|
| 22 | + $val = $vals.'|'.$exp; |
|
| 23 | 23 | $b64 = base64_encode($val); |
| 24 | - $cookie = $prefix . '|' . $b64; |
|
| 24 | + $cookie = $prefix.'|'.$b64; |
|
| 25 | 25 | |
| 26 | 26 | $sig = hash_hmac("sha1", $cookie, $key); |
| 27 | - return $cookie . '|' . $sig; |
|
| 27 | + return $cookie.'|'.$sig; |
|
| 28 | 28 | } |
| 29 | 29 | |
| 30 | - private static function parse_vals($key, $val, $prefix, $ikey, $time=NULL) { |
|
| 30 | + private static function parse_vals($key, $val, $prefix, $ikey, $time = NULL) { |
|
| 31 | 31 | $ts = ($time ? $time : time()); |
| 32 | 32 | |
| 33 | 33 | $parts = explode('|', $val); |
@@ -36,7 +36,7 @@ discard block |
||
| 36 | 36 | } |
| 37 | 37 | list($u_prefix, $u_b64, $u_sig) = $parts; |
| 38 | 38 | |
| 39 | - $sig = hash_hmac("sha1", $u_prefix . '|' . $u_b64, $key); |
|
| 39 | + $sig = hash_hmac("sha1", $u_prefix.'|'.$u_b64, $key); |
|
| 40 | 40 | if (hash_hmac("sha1", $sig, $key) !== hash_hmac("sha1", $u_sig, $key)) { |
| 41 | 41 | return null; |
| 42 | 42 | } |
@@ -61,7 +61,7 @@ discard block |
||
| 61 | 61 | return $user; |
| 62 | 62 | } |
| 63 | 63 | |
| 64 | - public static function signRequest($ikey, $skey, $akey, $username, $time=NULL) { |
|
| 64 | + public static function signRequest($ikey, $skey, $akey, $username, $time = NULL) { |
|
| 65 | 65 | if (!isset($username) || strlen($username) === 0) { |
| 66 | 66 | return self::ERR_USER; |
| 67 | 67 | } |
@@ -78,15 +78,15 @@ discard block |
||
| 78 | 78 | return self::ERR_AKEY; |
| 79 | 79 | } |
| 80 | 80 | |
| 81 | - $vals = $username . '|' . $ikey; |
|
| 81 | + $vals = $username.'|'.$ikey; |
|
| 82 | 82 | |
| 83 | 83 | $duo_sig = self::sign_vals($skey, $vals, self::DUO_PREFIX, self::DUO_EXPIRE, $time); |
| 84 | 84 | $app_sig = self::sign_vals($akey, $vals, self::APP_PREFIX, self::APP_EXPIRE, $time); |
| 85 | 85 | |
| 86 | - return $duo_sig . ':' . $app_sig; |
|
| 86 | + return $duo_sig.':'.$app_sig; |
|
| 87 | 87 | } |
| 88 | 88 | |
| 89 | - public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time=NULL) { |
|
| 89 | + public static function verifyResponse($ikey, $skey, $akey, $sig_response, $time = NULL) { |
|
| 90 | 90 | list($auth_sig, $app_sig) = explode(':', $sig_response); |
| 91 | 91 | |
| 92 | 92 | $auth_user = self::parse_vals($skey, $auth_sig, self::AUTH_PREFIX, $ikey, $time); |
@@ -6,6 +6,6 @@ |
||
| 6 | 6 | { |
| 7 | 7 | function __construct($message = "", $code = 0, $exception = null) |
| 8 | 8 | { |
| 9 | - parent::__construct($message, $code, $exception); |
|
| 9 | + parent::__construct($message, $code, $exception); |
|
| 10 | 10 | } |
| 11 | 11 | } |
| 12 | 12 | \ No newline at end of file |
@@ -26,11 +26,11 @@ |
||
| 26 | 26 | { |
| 27 | 27 | switch (strtolower($this->format)) |
| 28 | 28 | { |
| 29 | - case 'p': |
|
| 29 | + case 'p': |
|
| 30 | 30 | return 'image/png'; |
| 31 | - case 'g': |
|
| 31 | + case 'g': |
|
| 32 | 32 | return 'image/gif'; |
| 33 | - case 'j': |
|
| 33 | + case 'j': |
|
| 34 | 34 | return 'image/jpeg'; |
| 35 | 35 | } |
| 36 | 36 | throw new QRException(sprintf('Unknown MIME-type: %s', $this->format)); |
@@ -44,11 +44,11 @@ |
||
| 44 | 44 | public function getUrl($qrtext, $size) |
| 45 | 45 | { |
| 46 | 46 | return 'http://qrickit.com/api/qr' |
| 47 | - . '?qrsize=' . $size |
|
| 48 | - . '&e=' . strtolower($this->errorcorrectionlevel) |
|
| 49 | - . '&bgdcolor=' . $this->bgcolor |
|
| 50 | - . '&fgdcolor=' . $this->color |
|
| 51 | - . '&t=' . strtolower($this->format) |
|
| 52 | - . '&d=' . rawurlencode($qrtext); |
|
| 47 | + . '?qrsize='.$size |
|
| 48 | + . '&e='.strtolower($this->errorcorrectionlevel) |
|
| 49 | + . '&bgdcolor='.$this->bgcolor |
|
| 50 | + . '&fgdcolor='.$this->color |
|
| 51 | + . '&t='.strtolower($this->format) |
|
| 52 | + . '&d='.rawurlencode($qrtext); |
|
| 53 | 53 | } |
| 54 | 54 | } |
| 55 | 55 | \ No newline at end of file |
@@ -33,8 +33,8 @@ |
||
| 33 | 33 | public function getUrl($qrtext, $size) |
| 34 | 34 | { |
| 35 | 35 | return 'https://chart.googleapis.com/chart?cht=qr' |
| 36 | - . '&chs=' . $size . 'x' . $size |
|
| 37 | - . '&chld=' . $this->errorcorrectionlevel . '|' . $this->margin |
|
| 38 | - . '&chl=' . rawurlencode($qrtext); |
|
| 36 | + . '&chs='.$size.'x'.$size |
|
| 37 | + . '&chld='.$this->errorcorrectionlevel.'|'.$this->margin |
|
| 38 | + . '&chl='.rawurlencode($qrtext); |
|
| 39 | 39 | } |
| 40 | 40 | } |
| 41 | 41 | \ No newline at end of file |
@@ -11,8 +11,9 @@ |
||
| 11 | 11 | |
| 12 | 12 | function __construct($verifyssl = false, $errorcorrectionlevel = 'L', $margin = 1) |
| 13 | 13 | { |
| 14 | - if (!is_bool($verifyssl)) |
|
| 15 | - throw new QRException('VerifySSL must be bool'); |
|
| 14 | + if (!is_bool($verifyssl)) { |
|
| 15 | + throw new QRException('VerifySSL must be bool'); |
|
| 16 | + } |
|
| 16 | 17 | |
| 17 | 18 | $this->verifyssl = $verifyssl; |
| 18 | 19 | |
@@ -12,8 +12,9 @@ |
||
| 12 | 12 | |
| 13 | 13 | public function getRandomBytes($bytecount) { |
| 14 | 14 | $result = mcrypt_create_iv($bytecount, $this->source); |
| 15 | - if ($result === false) |
|
| 16 | - throw new RNGException('mcrypt_create_iv returned an invalid value'); |
|
| 15 | + if ($result === false) { |
|
| 16 | + throw new RNGException('mcrypt_create_iv returned an invalid value'); |
|
| 17 | + } |
|
| 17 | 18 | return $result; |
| 18 | 19 | } |
| 19 | 20 | |
@@ -12,10 +12,12 @@ |
||
| 12 | 12 | |
| 13 | 13 | public function getRandomBytes($bytecount) { |
| 14 | 14 | $result = openssl_random_pseudo_bytes($bytecount, $crypto_strong); |
| 15 | - if ($this->requirestrong && ($crypto_strong === false)) |
|
| 16 | - throw new RNGException('openssl_random_pseudo_bytes returned non-cryptographically strong value'); |
|
| 17 | - if ($result === false) |
|
| 18 | - throw new RNGException('openssl_random_pseudo_bytes returned an invalid value'); |
|
| 15 | + if ($this->requirestrong && ($crypto_strong === false)) { |
|
| 16 | + throw new RNGException('openssl_random_pseudo_bytes returned non-cryptographically strong value'); |
|
| 17 | + } |
|
| 18 | + if ($result === false) { |
|
| 19 | + throw new RNGException('openssl_random_pseudo_bytes returned an invalid value'); |
|
| 20 | + } |
|
| 19 | 21 | return $result; |
| 20 | 22 | } |
| 21 | 23 | |
@@ -5,7 +5,7 @@ |
||
| 5 | 5 | { |
| 6 | 6 | private $algorithm; |
| 7 | 7 | |
| 8 | - function __construct($algorithm = 'sha256' ) { |
|
| 8 | + function __construct($algorithm = 'sha256') { |
|
| 9 | 9 | $algos = array_values(hash_algos()); |
| 10 | 10 | if (!in_array($algorithm, $algos, true)) |
| 11 | 11 | throw new RNGException('Unsupported algorithm specified'); |
@@ -7,8 +7,9 @@ |
||
| 7 | 7 | |
| 8 | 8 | function __construct($algorithm = 'sha256' ) { |
| 9 | 9 | $algos = array_values(hash_algos()); |
| 10 | - if (!in_array($algorithm, $algos, true)) |
|
| 11 | - throw new RNGException('Unsupported algorithm specified'); |
|
| 10 | + if (!in_array($algorithm, $algos, true)) { |
|
| 11 | + throw new RNGException('Unsupported algorithm specified'); |
|
| 12 | + } |
|
| 12 | 13 | $this->algorithm = $algorithm; |
| 13 | 14 | } |
| 14 | 15 | |
@@ -6,7 +6,7 @@ |
||
| 6 | 6 | class CSRNGProvider implements IRNGProvider |
| 7 | 7 | { |
| 8 | 8 | public function getRandomBytes($bytecount) { |
| 9 | - return random_bytes($bytecount); // PHP7+ |
|
| 9 | + return random_bytes($bytecount); // PHP7+ |
|
| 10 | 10 | } |
| 11 | 11 | |
| 12 | 12 | public function isCryptographicallySecure() { |
