🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 16:43
This commit is contained in:
Hamza-Ayed
@@ -1,83 +1,67 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Services;
|
||||
|
||||
/**
|
||||
* TotpService
|
||||
*
|
||||
* Implements RFC 6238 for Two-Factor Authentication (TOTP).
|
||||
*/
|
||||
final class TotpService
|
||||
{
|
||||
private const ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
|
||||
|
||||
public function generateSecret(): string
|
||||
{
|
||||
// Generate a random 16-character base32 secret
|
||||
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
|
||||
$secret = '';
|
||||
for ($i = 0; $i < 16; $i++) {
|
||||
$secret .= self::ALPHABET[random_int(0, 31)];
|
||||
$secret .= $chars[random_int(0, 31)];
|
||||
}
|
||||
return $secret;
|
||||
}
|
||||
|
||||
public function verify(string $secret, string $code): bool
|
||||
public function getQrCodeUrl(string $email, string $secret): string
|
||||
{
|
||||
$currentTime = floor(time() / 30);
|
||||
|
||||
// Check current, previous and next window (allow 30s clock drift)
|
||||
for ($i = -1; $i <= 1; $i++) {
|
||||
if ($this->calculateCode($secret, (int)($currentTime + $i)) === $code) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
$issuer = urlencode('Musadaq');
|
||||
$email = urlencode($email);
|
||||
$qrUrl = "otpauth://totp/Musadaq:{$email}?secret={$secret}&issuer=Musadaq";
|
||||
return "https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=" . urlencode($qrUrl);
|
||||
}
|
||||
|
||||
private function calculateCode(string $secret, int $time): string
|
||||
public function verify(string $secret, string $code, int $window = 1): bool
|
||||
{
|
||||
$key = $this->base32Decode($secret);
|
||||
$timeHex = str_pad(dechex($time), 16, '0', STR_PAD_LEFT);
|
||||
$timeBin = pack('H*', $timeHex);
|
||||
|
||||
$hash = hash_hmac('sha1', $timeBin, $key, true);
|
||||
$offset = ord($hash[19]) & 0xf;
|
||||
|
||||
$otp = (
|
||||
((ord($hash[$offset]) & 0x7f) << 24) |
|
||||
((ord($hash[$offset + 1]) & 0xff) << 16) |
|
||||
((ord($hash[$offset + 2]) & 0xff) << 8) |
|
||||
(ord($hash[$offset + 3]) & 0xff)
|
||||
) % 1000000;
|
||||
|
||||
return str_pad((string)$otp, 6, '0', STR_PAD_LEFT);
|
||||
$time = floor(time() / 30);
|
||||
for ($i = -$window; $i <= $window; $i++) {
|
||||
$t = $time + $i;
|
||||
$hash = hash_hmac('sha1', pack('N*', 0) . pack('N*', $t), $this->base32Decode($secret));
|
||||
$offset = ord($hash[19]) & 0x0F;
|
||||
$otp = ((ord($hash[$offset]) & 0x7F) << 24 | (ord($hash[$offset+1]) & 0xFF) << 16 | (ord($hash[$offset+2]) & 0xFF) << 8 | (ord($hash[$offset+3]) & 0xFF)) % 1000000;
|
||||
if (str_pad((string)$otp, 6, '0', STR_PAD_LEFT) === $code) return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private function base32Decode(string $base32): string
|
||||
{
|
||||
$base32 = strtoupper($base32);
|
||||
$buffer = 0;
|
||||
$bufferSize = 0;
|
||||
$decoded = '';
|
||||
$base32chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
|
||||
$base32charsFlipped = array_flip(str_split($base32chars));
|
||||
|
||||
for ($i = 0; $i < strlen($base32); $i++) {
|
||||
$char = $base32[$i];
|
||||
$pos = strpos(self::ALPHABET, $char);
|
||||
if ($pos === false) continue;
|
||||
$output = '';
|
||||
$v = 0;
|
||||
$vbits = 0;
|
||||
|
||||
$buffer = ($buffer << 5) | $pos;
|
||||
$bufferSize += 5;
|
||||
for ($i = 0, $j = strlen($base32); $i < $j; $i++) {
|
||||
$v <<= 5;
|
||||
if (isset($base32charsFlipped[$base32[$i]])) {
|
||||
$v += $base32charsFlipped[$base32[$i]];
|
||||
}
|
||||
$vbits += 5;
|
||||
|
||||
if ($bufferSize >= 8) {
|
||||
$bufferSize -= 8;
|
||||
$decoded .= chr(($buffer >> $bufferSize) & 0xff);
|
||||
while ($vbits >= 8) {
|
||||
$vbits -= 8;
|
||||
$output .= chr(($v >> $vbits) & 0xFF);
|
||||
}
|
||||
}
|
||||
|
||||
return $decoded;
|
||||
}
|
||||
|
||||
public function getQrCodeUrl(string $userEmail, string $secret, string $issuer = 'Musadaq'): string
|
||||
{
|
||||
$label = urlencode($issuer . ':' . $userEmail);
|
||||
$otpauth = "otpauth://totp/{$label}?secret={$secret}&issuer=" . urlencode($issuer);
|
||||
return "https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=" . urlencode($otpauth);
|
||||
return $output;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user