DataObjects/Images.php

[Pman.Core] / DataObjects / Core_person.php

diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index b610410..555936b 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -519,10 +519,26 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         
         return md5(implode(',' ,  array($month, $this->email , $this->passwd, $this->id)));
     } 
-    function checkPassword($val)
+    
+    function checkTwoFactorAuthentication($val)
     {
+        require_once 'System.php';
+        
+        $oathtool = System::which('oathtool');
+        
+        if (!$oathtool) {
+            return false;
+        }
         
+        $cmd = "{$oathtool} --totp --base32 {$this->oath_key}";
         
+        $password = exec($cmd);
+        
+        return ($password == $val) ? true : false;
+    }
+    
+    function checkPassword($val)
+    {
         if (substr($this->passwd,0,1) == '$') {
             if (function_exists('pasword_verify')) {
                 return password_verify($val, $this->passwd);
@@ -1009,21 +1025,26 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         }
         
         /*
-         * Seems we never expose oath_key, so...
+         * Seems we never expose oath_key / passwd, so...
          */
+        
+        $this->_extra_cols = array('length_passwd', 'length_oath_key');
+        
         $this->selectAdd("
-            CASE WHEN core_person.oath_key != '' THEN
-                TRUE
-            ELSE
-                FALSE
-            END AS has_oath_key
+            LENGTH({$this->tableName()}.passwd) AS length_passwd,
+            LENGTH({$this->tableName()}.oath_key) AS length_oath_key
         ");
         
     }
     
     function setFromRoo($ar, $roo)
     {
-         $this->setFrom($ar);
+        $this->setFrom($ar);
+        
+        if(!empty($ar['_enable_oath_key'])){
+            $this->generateOathKey();
+        }
+        
         if (!empty($ar['passwd1'])) {
             $this->setPassword($ar['passwd1']);
         }
@@ -1054,10 +1075,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             return "Duplicate Email found";
         }
         
-        if(!empty($ar['_enable_oath_key'])){
-            $this->generateOathKey();
-        }
-        
         return true;
     }
     /**
@@ -1313,14 +1330,56 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             $this->update($o);
             $roo->jok('OK');
         }
+        
+        if(!empty($q['_to_qr_code'])){
+            $qrcode = $this->generateQRCode();
+            
+            if(empty($qrcode)){
+                $roo->jerr('Fail to generate QR Code');
+            }
+            
+            $roo->jdata($qrcode);
+        }
     }
     
     function generateOathKey()
     {
-        $hex = bin2hex(openssl_random_pseudo_bytes(16));
-        $this->oath_key = $hex;
+        $hex = bin2hex(openssl_random_pseudo_bytes(10));
+        
+        require 'Base32.php';
+        
+        $base32 = new Base32();
+        
+        $this->oath_key = $base32->base32_encode($hex);
+        
         return $this->oath_key;
         
     }
     
+    function generateQRCode()
+    {
+        if(empty($this->oath_key)){
+            return false;
+        }
+        
+        $issuer = (empty($this->name)) ? rawurlencode('ROOJS') : rawurlencode($this->name);
+        
+        $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$this->oath_key}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
+        
+        require_once 'Image/QRCode.php';
+        
+        $qrcode = new Image_QRCode();
+        
+        $image = $qrcode->makeCode($uri, array(
+            'output_type' => 'return'
+        ));
+        
+        ob_start();
+        imagepng($image);
+        $base64 = base64_encode(ob_get_contents());
+        ob_end_clean();
+        
+        return "data:image/png;base64,{$base64}";
+    }
+    
  }