<?php require_once('inc/prerequisites.inc.php'); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ); $u2f = new u2flib_server\U2F('https://' . $_SERVER['SERVER_NAME']); function getRegs($username) { global $pdo; $sel = $pdo->prepare("select * from tfa where username = ?"); $sel->execute(array($username)); return $sel->fetchAll(); } function addReg($username, $reg) { global $pdo; $ins = $pdo->prepare("INSERT INTO `tfa` (`username`, `keyHandle`, `publicKey`, `certificate`, `counter`) values (?, ?, ?, ?, ?)"); $ins->execute(array($username, $reg->keyHandle, $reg->publicKey, $reg->certificate, $reg->counter)); } function updateReg($reg) { global $pdo; $upd = $pdo->prepare("update tfa set counter = ? where id = ?"); $upd->execute(array($reg->counter, $reg->id)); } ?> <html> <head> <script src="js/u2f-api.js"></script> <?php if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ((empty($_POST['u2f_username'])) || (!isset($_POST['action']) && !isset($_POST['u2f_register_data']) && !isset($_POST['u2f_auth_data']))) { print_r($_POST); exit(); } else { $username = $_POST['u2f_username']; if (isset($_POST['action'])) { switch($_POST['action']) { case 'register': try { $data = $u2f->getRegisterData(getRegs($username)); list($req, $sigs) = $data; $_SESSION['regReq'] = json_encode($req); ?> <script> var req = <?=json_encode($req);?>; var sigs = <?=json_encode($sigs);?>; var username = "<?=$username;?>"; setTimeout(function() { console.log("Register: ", req); u2f.register([req], sigs, function(data) { var form = document.getElementById('u2f_form'); var reg = document.getElementById('u2f_register_data'); var user = document.getElementById('u2f_username'); var status = document.getElementById('u2f_status'); console.log("Register callback", data); if (data.errorCode && data.errorCode != 0) { var div = document.getElementById('u2f_return_code'); div.innerHTML = 'Error code: ' + data.errorCode; return; } reg.value = JSON.stringify(data); user.value = username; status.value = "1"; form.submit(); }); }, 1000); </script> <?php } catch( Exception $e ) { echo "U2F error: " . $e->getMessage(); } break; case 'authenticate': try { $reqs = json_encode($u2f->getAuthenticateData(getRegs($username))); $_SESSION['authReq'] = $reqs; ?> <script> var req = <?=$reqs;?>; var username = "<?=$username;?>"; setTimeout(function() { console.log("sign: ", req); u2f.sign(req, function(data) { var form = document.getElementById('u2f_form'); var auth = document.getElementById('u2f_auth_data'); var user = document.getElementById('u2f_username'); console.log("Authenticate callback", data); auth.value = JSON.stringify(data); user.value = username; form.submit(); }); }, 1000); </script> <?php } catch (Exception $e) { echo "U2F error: " . $e->getMessage(); } break; } } if (!empty($_POST['u2f_register_data'])) { try { $reg = $u2f->doRegister(json_decode($_SESSION['regReq']), json_decode($_POST['u2f_register_data'])); addReg($username, $reg); } catch (Exception $e) { echo "U2F error: " . $e->getMessage(); } finally { echo "Success"; $_SESSION['regReq'] = null; } } if (!empty($_POST['u2f_auth_data'])) { try { $reg = $u2f->doAuthenticate(json_decode($_SESSION['authReq']), getRegs($username), json_decode($_POST['u2f_auth_data'])); updateReg($reg); } catch (Exception $e) { echo "U2F error: " . $e->getMessage(); } finally { echo "Success"; $_SESSION['authReq'] = null; } } } ?> </head> <body> <div id="u2f_return_code"></div> <form method="POST" id="u2f_form"> <input type="hidden" name="u2f_register_data" id="u2f_register_data"/> <input type="hidden" name="u2f_auth_data" id="u2f_auth_data"/> <input type="hidden" name="u2f_username" id="u2f_username"/><br/> <input type="hidden" name="u2f_status" id="u2f_status"/><br/> </form> <?php } else { ?> <form method="POST" id="post_form"> Username: <input name="u2f_username" id="u2f_username"/><br/><hr> Action: <br /> <input value="register" name="action" type="radio"/> Register<br/> <input value="authenticate" name="action" type="radio"/> Authenticate<br/> <button type="submit">Submit!</button> </form> <?php } ?> </body> </html>