|
|
大多数系统目前均使用的静态密码进行身份认证登录,但由于静态密码容易被窃取,其安全性无法满足安全要求。
动态口令采用一次一密、用过密码作废的方式防止了密码被窃取带来的安全问题。
动态口令分为HOTP(基于事件计数的动态口令,RFC4226)、TOTP(基于时间计数的动态口令,RFC6238)、OCRA(挑战应答式动态口令,RFC6287)等方式。
本文介绍了集成TOTP方式的动态口令认证的方案,PHP框架采用Thinkphp3.2.3,动态口令生成器使用的是google authtication。
1、为Thinkphp框架添加oath算法类
oath算法封装类oath.php代码如下:
.
*
* PHP Google two-factor authentication module.
*
* See http://www.idontplaydarts.com/2011/07/google-totp-two-factor-authentication-for-php/
* for more details
*
* @author Phil
**/
class Google2FA {
const keyRegeneration = 30; // Interval between key regeneration
const otpLength = 6; // Length of the Token generated
private static $lut = array( // Lookup needed for Base32 encoding
"A" => 0, "B" => 1,
"C" => 2, "D" => 3,
"E" => 4, "F" => 5,
"G" => 6, "H" => 7,
"I" => 8, "J" => 9,
"K" => 10, "L" => 11,
"M" => 12, "N" => 13,
"O" => 14, " " => 15,
"Q" => 16, "R" => 17,
"S" => 18, "T" => 19,
"U" => 20, "V" => 21,
"W" => 22, "X" => 23,
"Y" => 24, "Z" => 25,
"2" => 26, "3" => 27,
"4" => 28, "5" => 29,
"6" => 30, "7" => 31
);
/**
* Generates a 16 digit secret key in base32 format
* @return string
**/
public static function generate_secret_key($length = 16) {
$b32 = "234567QWERTYUIOPASDFGHJKLZXCVBNM";
$s = "";
for ($i = 0; $i = 8) {
$j = $j - 8;
$binary .= chr(($n & (0xFF > $j);
}
}
return $binary;
}
/*by tang*/
public static function base32_encode($data, $length){
$basestr = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
$count = 0;
if ($length > 0) {
$buffer = $data[0];
$next = 1;
$bitsLeft = 8;
while (($bitsLeft > 0 || $next > ($bitsLeft - 5));
$bitsLeft -= 5;
$result .= $basestr[$index];
$count++;
}
}
return $result;
}
/**
* Takes the secret key and the timestamp and returns the one time
* password.
*
* @param binary $key - Secret key in binary form.
* @param integer $counter - Timestamp as returned by get_timestamp.
* @return string
**/
public static function oath_hotp($key, $counter)
{
if (strlen($key)
|
|
|小黑屋|手机版|Archiver|cc!
( 吉ICP备2021009740号-8 )
发表于 2018-2-11 12:07:39