$value){ $str .= "$key=$value "; } } else { $str = $msg; } error_log($str); } // Return eg. 2008-11-21T06:11:55Z0711 // function getUTCTimeStamp() { date_default_timezone_set('UTC'); $tiny = substr(microtime(false), 2, 3); return date('Y-m-d\TH:i:s\Z0', time()) . $tiny; } // Sign a http query string in the array of key-value pairs // return b64 encoded hmac hash function sign($a, $apiKey, $debug=false) { ksort($a); $qs = ''; $n = count($a); $i = 0; foreach (array_keys($a) as $key) { $qs .= trim($key).'='.trim($a[$key]); if (++$i < $n) { $qs .= '&'; } } // Generate the signature // debug('API key: '.base64_encode($apiKey)); // API key of the client debug('SIGN: '.$qs); // the TRUE at the end states we want the raw value, not hexadecimal form $hmac = hash_hmac('sha1', utf8_encode($qs), $apiKey, true); $hmac = base64_encode($hmac); if ($debug) { debug('h='.$hmac); } return $hmac; } // sign an array of query string function hex2b64 ($hex_str) { $bin = pack("H*", $hex_str); return base64_encode($bin); } function modhex2b64 ($modhex_str) { $hex_str = strtr ($modhex_str, "cbdefghijklnrtuv", "0123456789abcdef"); return hex2b64($hex_str); } // decryptOTP using YK-KSM function decryptOTP($otp) { global $baseParams; $url = $baseParams['__YKKMS_URL__'] . $otp; $ch = curl_init($url); curl_setopt($ch, CURLOPT_USERAGENT, "YK-VAL"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($ch); curl_close($ch); debug($response); if (sscanf ($response, "OK counter=%04x high=%02x low=%04x use=%02x", $ret["session_counter"], $ret["high"], $ret["low"], $ret["session_use"]) != 4) { return false; } return $ret; } // End decryptOTP // $devId: The first 12 chars from the OTP function getAuthData($devId) { $tokenId = modhex2b64($devId); $stmt = 'SELECT id, client_id, active, counter, '. 'sessionUse, low, high, accessed FROM yubikeys WHERE active '. 'AND tokenId='.mysql_quote($tokenId); $r = query($stmt); if (mysql_num_rows($r) > 0) { $row = mysql_fetch_assoc($r); mysql_free_result($r); return $row; } return null; } // End getAuthData // $clientId: The decimal client identity function getClientData($clientId) { $stmt = 'SELECT secret, chk_sig, chk_owner, chk_time'. ' FROM clients WHERE active AND id='.mysql_quote($clientId); $r = query($stmt); if (mysql_num_rows($r) > 0) { $row = mysql_fetch_assoc($r); mysql_free_result($r); return $row; } return null; } // End getClientData ?>