From 310c18e6bbd8e7f78a0a45f0501cb1dc6fab2159 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 20 Jun 2018 18:27:34 +0300 Subject: [PATCH] move OTPHP to vendor/; additionally move Base32 class to OTPHP namespace --- classes/pref/prefs.php | 14 +++------- lib/otphp/vendor/libs.php | 26 ------------------- .../base32.php => vendor/OTPHP/Base32.php | 16 +++++++----- .../lib/hotp.php => vendor/OTPHP/HOTP.php | 0 {lib/otphp => vendor/OTPHP}/LICENCE | 0 lib/otphp/lib/otp.php => vendor/OTPHP/OTP.php | 16 ++++++------ .../lib/otphp.php => vendor/OTPHP/OTPHP.php | 0 .../lib/totp.php => vendor/OTPHP/TOTP.php | 0 8 files changed, 21 insertions(+), 51 deletions(-) delete mode 100644 lib/otphp/vendor/libs.php rename lib/otphp/vendor/base32.php => vendor/OTPHP/Base32.php (93%) rename lib/otphp/lib/hotp.php => vendor/OTPHP/HOTP.php (100%) rename {lib/otphp => vendor/OTPHP}/LICENCE (100%) rename lib/otphp/lib/otp.php => vendor/OTPHP/OTP.php (94%) rename lib/otphp/lib/otphp.php => vendor/OTPHP/OTPHP.php (100%) rename lib/otphp/lib/totp.php => vendor/OTPHP/TOTP.php (100%) diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index f56048b2..da62ea70 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -147,7 +147,7 @@ class Pref_Prefs extends Handler_Protected { $_SESSION["prefs_op_result"] = "reset-to-defaults"; $sth = $this->pdo->prepare("DELETE FROM ttrss_user_prefs - WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL)) + WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND owner_uid = :uid"); $sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]); @@ -848,9 +848,6 @@ class Pref_Prefs extends Handler_Protected { } function otpqrcode() { - require_once "lib/otphp/vendor/base32.php"; - require_once "lib/otphp/lib/otp.php"; - require_once "lib/otphp/lib/totp.php"; require_once "lib/phpqrcode/phpqrcode.php"; $sth = $this->pdo->prepare("SELECT login,salt,otp_enabled @@ -860,7 +857,7 @@ class Pref_Prefs extends Handler_Protected { if ($row = $sth->fetch()) { - $base32 = new Base32(); + $base32 = new \OTPHP\Base32(); $login = $row["login"]; $otp_enabled = sql_bool_to_bool($row["otp_enabled"]); @@ -876,9 +873,6 @@ class Pref_Prefs extends Handler_Protected { } function otpenable() { - require_once "lib/otphp/vendor/base32.php"; - require_once "lib/otphp/lib/otp.php"; - require_once "lib/otphp/lib/totp.php"; $password = clean($_REQUEST["password"]); $otp = clean($_REQUEST["otp"]); @@ -894,7 +888,7 @@ class Pref_Prefs extends Handler_Protected { if ($row = $sth->fetch()) { - $base32 = new Base32(); + $base32 = new \OTPHP\Base32(); $secret = $base32->encode(sha1($row["salt"])); $topt = new \OTPHP\TOTP($secret); @@ -902,7 +896,7 @@ class Pref_Prefs extends Handler_Protected { $otp_check = $topt->now(); if ($otp == $otp_check) { - $sth = $this->pdo->prepare("UPDATE ttrss_users + $sth = $this->pdo->prepare("UPDATE ttrss_users SET otp_enabled = true WHERE id = ?"); $sth->execute([$_SESSION['uid']]); diff --git a/lib/otphp/vendor/libs.php b/lib/otphp/vendor/libs.php deleted file mode 100644 index 742c7b98..00000000 --- a/lib/otphp/vendor/libs.php +++ /dev/null @@ -1,26 +0,0 @@ -'0', 'B'=>'1', 'C'=>'2', 'D'=>'3', 'E'=>'4', 'F'=>'5', 'G'=>'6', 'H'=>'7', 'I'=>'8', 'J'=>'9', 'K'=>'10', 'L'=>'11', 'M'=>'12', 'N'=>'13', 'O'=>'14', 'P'=>'15', 'Q'=>'16', 'R'=>'17', 'S'=>'18', 'T'=>'19', 'U'=>'20', 'V'=>'21', 'W'=>'22', 'X'=>'23', 'Y'=>'24', 'Z'=>'25', '2'=>'26', '3'=>'27', '4'=>'28', '5'=>'29', '6'=>'30', '7'=>'31' ); - + /** * Use padding false when encoding for urls * @@ -41,7 +43,7 @@ class Base32 { $fiveBitBinaryArray = str_split($binaryString, 5); $base32 = ""; $i=0; - while($i < count($fiveBitBinaryArray)) { + while($i < count($fiveBitBinaryArray)) { $base32 .= self::$map[base_convert(str_pad($fiveBitBinaryArray[$i], 5,'0'), 2, 10)]; $i++; } @@ -53,14 +55,14 @@ class Base32 { } return $base32; } - + public static function decode($input) { if(empty($input)) return; $paddingCharCount = substr_count($input, self::$map[32]); $allowedValues = array(6,4,3,1,0); if(!in_array($paddingCharCount, $allowedValues)) return false; - for($i=0; $i<4; $i++){ - if($paddingCharCount == $allowedValues[$i] && + for($i=0; $i<4; $i++){ + if($paddingCharCount == $allowedValues[$i] && substr($input, -($allowedValues[$i])) != str_repeat(self::$map[32], $allowedValues[$i])) return false; } $input = str_replace('=','', $input); diff --git a/lib/otphp/lib/hotp.php b/vendor/OTPHP/HOTP.php similarity index 100% rename from lib/otphp/lib/hotp.php rename to vendor/OTPHP/HOTP.php diff --git a/lib/otphp/LICENCE b/vendor/OTPHP/LICENCE similarity index 100% rename from lib/otphp/LICENCE rename to vendor/OTPHP/LICENCE diff --git a/lib/otphp/lib/otp.php b/vendor/OTPHP/OTP.php similarity index 94% rename from lib/otphp/lib/otp.php rename to vendor/OTPHP/OTP.php index 77bcfe97..d1995ef9 100644 --- a/lib/otphp/lib/otp.php +++ b/vendor/OTPHP/OTP.php @@ -1,6 +1,6 @@ digest, $this->intToBytestring($input), $this->byteSecret()); @@ -99,7 +99,7 @@ class OTP { * @return binary secret key */ public function byteSecret() { - return \Base32::decode($this->secret); + return Base32::decode($this->secret); } /** diff --git a/lib/otphp/lib/otphp.php b/vendor/OTPHP/OTPHP.php similarity index 100% rename from lib/otphp/lib/otphp.php rename to vendor/OTPHP/OTPHP.php diff --git a/lib/otphp/lib/totp.php b/vendor/OTPHP/TOTP.php similarity index 100% rename from lib/otphp/lib/totp.php rename to vendor/OTPHP/TOTP.php -- 2.39.5