You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72 lines
2.0 KiB
PHP
72 lines
2.0 KiB
PHP
<?php
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/**
|
|
* Authentication and account functions
|
|
*/
|
|
use Base32\Base32;
|
|
use OTPHP\TOTP;
|
|
|
|
/**
|
|
* Checks the given credentials against the database.
|
|
* @param string $username
|
|
* @param string $password
|
|
* @return boolean True if OK, else false
|
|
*/
|
|
function authenticate_user($username, $password) {
|
|
global $database;
|
|
$username = strtolower($username);
|
|
if (is_empty($username) || is_empty($password)) {
|
|
return false;
|
|
}
|
|
$hash = $database->get('accounts', 'password', ['username' => $username]);
|
|
return (comparePassword($password, $hash));
|
|
}
|
|
|
|
function user_exists($username) {
|
|
return $database->has('accounts', ['username' => strtolower($username)]);
|
|
}
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
// 2-factor authentication //
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
/**
|
|
* Check if a user has TOTP setup
|
|
* @global $database $database
|
|
* @param string $username
|
|
* @return boolean true if TOTP secret exists, else false
|
|
*/
|
|
function userHasTOTP($username) {
|
|
global $database;
|
|
$username = strtolower($username);
|
|
$secret = $database->get('accounts', 'authsecret', ['username' => $username]);
|
|
if (is_empty($secret)) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Verify a TOTP multiauth code
|
|
* @global $database
|
|
* @param string $username
|
|
* @param int $code
|
|
* @return boolean true if it's legit, else false
|
|
*/
|
|
function verifyTOTP($username, $code) {
|
|
global $database;
|
|
$username = strtolower($username);
|
|
$authsecret = $database->get('accounts', 'authsecret', ['username' => $username]);
|
|
if (is_empty($authsecret)) {
|
|
return false;
|
|
}
|
|
$totp = new TOTP(null, $authsecret);
|
|
return $totp->verify($code);
|
|
}
|
|
|