ao74 Posted September 26, 2008 Share Posted September 26, 2008 Does anyone know where I can find an example of the phonefactor sdk integrated into a login script. I am trying to integrate it- have kind of a idea on how to do it, but I am stuck..... This script has to be integrated into a login script: ----------------------------------------------------------------------------------------------------------------------------------- (first)- pf_auth.php <?php /* * pf_auth.php: An SDK for authenticating with PhoneFactor. * version: 2.1 */ $elementNames = array(); $elements = array(); // // pf_authenticate: authenticates using PhoneFactor. // // Arguments: // 1) $username: the username to be auth'd // 2) $phone: the phone number to PhoneFactor authenticate // 3) $country_code: the country code to use for the call. defaults to 1. // 4) $allow_int_calls: a boolean value that determines whether international // calls should be allowed. defaults to false. note that this only needs to // be set to true if the call you are making is international, and thus could // cost you money. see www.phonefactor.net for the PhoneFactor rate table // that shows which calling zones will cost money and which are free. // 5) $hostname: the hostname this authentication is being sent from. // defaults to 'pfsdk-hostname' // 6) $ip: the ip address this authentication is being sent from. // defaults to '255.255.255.255' // 7) $ca_path: a string representing the path on disk to the folder // containing ca certs to validate the PhoneFactor backend against. // if you don't use this, the PhoneFactor backend's certificate will not // be validated. // $ca_file: similar to the ca_path parameter, except that this should // be the path on disk to a file containing one or more ca certificates // to use for validation of server certificates // 9) user_can_change_phone: if this is set to true, the users will be able to // change their phone number from the phone menu. If this is set to false they will // not be able to change the phone number. // // Return value: // An array containing 3 elements: a boolean value representing whether the auth // was successful or not, a string representing the status of the phonecall, and // a string containing an error id if the connection to the PhoneFactor backend // failed. If the authentication element is a true value, then the other two // elements can safely be ignored. // function pf_authenticate ($username, $phone, $country_code = '1', $allow_int_calls = false, $hostname = 'pfsdk-hostname', $ip = '255.255.255.255', $ca_path = '/etc/ssl/certs', $ca_file = '/etc/ssl/certs/cacert.pem', $user_can_change_phone = false) { $message = create_authenticate_message( $username, $phone, $country_code, $allow_int_calls, $hostname, $ip, $user_can_change_phone); $response = send_message($message, $ca_path, $ca_file); return get_response_status($response); } // // create_authenticate_message: generates an authenticate message to be sent // to the PhoneFactor backend. // // Arguments: // 1) $username: the username to be auth'd // 2) $phone: the phone number to PhoneFactor authenticate // 3) $country_code: the country code to use for the call. defaults to 1. // 4) $allow_int_calls: boolean value that determines whether international // calls should be allowed. // 5) $hostname: the hostname this authentication is being sent from // 6) $ip: the ip address this authentication is being sent from // 7) $user_can_change_phone: can user change their phonenumber // // Return value: // a complete authentication xml message ready to be sent to the PhoneFactor backend // function create_authenticate_message ($username, $phone, $country_code, $allow_int_calls, $hostname, $ip) { $xml = " <pfpMessage> <header> <source> <component type='pfsdk'> <host ip='$ip' hostname='$hostname'/> </component> </source> </header> <request request-id='" . rand(0, 10000) . "'> <authenticationRequest> <customer> <licenseKey> VCX8LXZOF83X </licenseKey> <groupKey> aa3bc857a5ad0c480177cae1785c5316 </groupKey> </customer> <countryCode> $country_code </countryCode> <authenticationType> pfsdk </authenticationType> <username> $username </username> <phonenumber userCanChangePhone='" . ($user_can_change_phone ? 'yes' : 'no') . "'> $phone </phonenumber> <allowInternationalCalls> " . ($allow_int_calls ? 'yes' : 'no') . " </allowInternationalCalls> <pinInfo pinMode='standard'/> </authenticationRequest> </request> </pfpMessage> "; return $xml; } // // send_message: sends a message to the PhoneFactor backend // // Arguments: // 1) $message: the message to be sent // 2) $ca_path: a string representing the path on disk to the folder // containing ca certs to validate the PhoneFactor backend against // 3) $ca_file: similar to the ca_path parameter, except that this should // be the path on disk to a file containing one or more ca certificates // to use for validation of server certificates // // Return value: // The response text from the PhoneFactor backend. This will // likely be an XML message ready to be parsed. Note that the // return value could be NULL if the communication with the // backend was not possible. // function send_message($message, $ca_path, $ca_file) { $validate = (strlen($ca_path) > 0 || strlen($ca_file) > 0 ? TRUE : FALSE); $curl = curl_init("https://pfd.phonefactor.net/pfd/pfd.pl"); $curl_options = array( CURLOPT_PORT => '443', CURLOPT_POST => true, CURLOPT_POSTFIELDS => $message, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_SSL_VERIFYHOST => 2, CURLOPT_SSL_VERIFYPEER => $validate, CURLOPT_CAPATH => $ca_path, CURLOPT_CAINFO => $ca_file, CURLOPT_SSLCERT => dirname(__FILE__) . '/certs/cert.pem', CURLOPT_SSLKEY => dirname(__FILE__) . '/certs/pkey.pem', ); foreach ($curl_options as $option => $value) curl_setopt($curl, $option, $value); $doc = curl_exec($curl); if (curl_errno($curl)) print curl_error($curl); curl_close($curl); return $doc; } // // startElement: handler for the beginning of an XML element // // Arguments: // 1) $parser: a reference to the XML parser // 2) $name: the name of the XML element being parsed // 3) $attrs: the attributes found in this element // // Return value: // none // function startElement ($parser, $name, $attrs) { global $elementNames, $elements; $elementNames[] = "$name"; $elements[$name]['attrs'] = array(); foreach ($attrs as $key => $value) { $elements[$name]['attrs'][$key] = $value; } } // // endElement: handler for the end of an XML element // // Arguments: // 1) $parser: a reference to the XML parser // 2) $name: the name of the XML element being parsed // // Return value: // none // function endElement ($parser, $name) { } // // characterData: handler for character data // // Arguments: // 1) $parser: a reference to the XML parser // 2) $data: the character data between element tags // // Return value: // none // function characterData ($parser, $data) { global $elementNames, $elements; $name = array_pop($elementNames); $elements[$name]['data'] = trim($data); } // // get_response_status: parses the response from the PhoneFactor backend // // Arguments: // 1) $response: the XML response string to be parsed // // Return value: // Same as the return value for pf_authenticate // function get_response_status ($response) { global $elements; if (!$response) return array(false, 0, 0); $disposition = false; $authenticated = false; $call_status = 0; $error_id = 0; $ret = false; $xml_parser = xml_parser_create(); xml_set_element_handler($xml_parser, 'startElement', 'endElement'); xml_set_character_data_handler($xml_parser, 'characterData'); xml_parse($xml_parser, $response); xml_parser_free($xml_parser); if ($elements['STATUS']['attrs']['disposition'] == 'success') $disposition = true; else $ret = false; if ($elements['AUTHENTICATED']['data'] == 'yes') { $authenticated = true; $ret = true; } else $ret = false; $call_status = $elements['CALLSTATUS']['data']; $error_id = $elements['ERROR-ID']['data']; return array($ret, $call_status, $error_id); } ?> ---------------------------------------------------------------------------------------------------------------- (second) <?php require('pf/pf_auth.php'); // note that the phone number contains no dashes, spaces, or any other // special characters. $res = pf_authenticate( 'bob_g_user', // username '9135552368', // phone '1', // country code (optional) false, // allow international calls (optional) 'SomeHostname', // hostname (optional) '255.255.255.255', // ip (optional) '/etc/ssl/certs', // ca path (optional) '/etc/ssl/certs/cacert.pem', // ca file (optional) false); // user can change phone (optional) // the return value from the above function is an array with three elements, // the result of the authentication (boolean), the result of the phonecall // itself, and the result of the connection with the PhoneFactor backed, // respectively. see call_results.txt for a list of call results and // descriptions that correspond to the second value in the array. if ($res[0]) print "yes, $res[1], $res[2]\n"; else print "no, $res[1], $res[2]\n"; ?> -------------------------------------------------------------------------------------------------------------- Any help would be greatly welcomed..... I will make a mysql DB with users, but I got stuck on how to implement it into my login-exec.php <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: chat2.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ------------------------------------------------------------------------------------------------- These are the 3 scripts I have to work with....... I started to google for examples of a successfull implementation, but nothing came up- so I was wondering if any might know where there might be some, or if any has a working script. Thanx in advance Adam Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.