-
Notifications
You must be signed in to change notification settings - Fork 1
/
validate.php
59 lines (59 loc) · 2.56 KB
/
validate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<?php
function i2fverify($did,$token) { //you need some kind of distinct ID to identify the user, dont use sensitive data as it will be transferred to instant2fa.
$tol=120; //time tolerance in secs
$pub="pk_something";
$sec="sk_something";
$b64=base64_encode("$pub:$sec");
$apiurl = 'https://api.instant2fa.com/verification-response-tokens/'.$token.'/';
$curl=curl_init($apiurl);
curl_setopt_array($curl,array(
CURLOPT_HTTPHEADER=> array("Authorization: Basic $b64"),
CURLOPT_RETURNTRANSFER => true
));
$response=curl_exec($curl);
$cstat=curl_errno($curl);
$status=curl_getinfo($curl,CURLINFO_HTTP_CODE);
if($cstat==0) { //no problem, return the I2F URL
if($status>=200&&$status<=299) { //I2F answered properly
$data=json_decode($response,true)["data"];
if($data["attributes"]["distinct_id"]==$did) { //check the distinct-ID
if(strtotime($data["attributes"]["created_at"].' UTC')>(time()-$tol)) { // make sure the request isnt too old.
if($data["attributes"]["status"]=="succeeded") { //check success status
return true;
}
else { //something wrong
$log=fopen("i2f-log.txt","ab");
fwrite ($log,"Invoked URL: $apiurl Something went wrong: '$did' was requesting login at ".date("Y-m-d H:i:s")." but it didn't succeed. Status is: ".$data["attributes"]["status"]."\n");
fclose($log);
return false;
}
}
else { //too old
$log=fopen("i2f-log.txt","ab");
fwrite ($log,"Invoked URL: $apiurl Too late: '$did' was requesting login at ".date("Y-m-d H:i:s")." UTC, but the Validation from I2F was created at ".$data["attributes"]["created_at"].".\n");
fclose($log);
return false;
}
}
else { //That's not Your Request!
$log=fopen("i2f-log.txt","ab");
fwrite ($log,"Invoked URL: $apiurl Wrong Distinct-ID: '$did' was requesting login but '".$data["attributes"]["distinct_id"]."' was given by I2F.\n");
fclose($log);
return false;
}
}
else { //something is wrong with i2f. log the error and return false
$log=fopen("i2f-log.txt","ab");
fwrite ($log,"Pubkey: $pub, Secret Key: $sec Distinct-ID: $did, Response: $response\n");
fclose($log);
return false;
}
}
else{ //curl screwed up. log the error and return false
$log=fopen("i2f-log.txt","ab");
fwrite ($log,"Pubkey: $pub, Secret Key: $sec Distinct-ID: $did, Invoked URL: $apiurl cURL Error: $cstat / ".curl_error($curl)."\n");
fclose($log);
return false;
}
}
?>