[Include] TFA_SAMP - 1st two-factor authentication method for SA-MP. - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Filterscripts (https://sampforum.blast.hk/forumdisplay.php?fid=17)
+---- Forum: Includes (https://sampforum.blast.hk/forumdisplay.php?fid=83)
+---- Thread: [Include] TFA_SAMP - 1st two-factor authentication method for SA-MP. (/showthread.php?tid=471559)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Filterscripts (https://sampforum.blast.hk/forumdisplay.php?fid=17)
+---- Forum: Includes (https://sampforum.blast.hk/forumdisplay.php?fid=83)
+---- Thread: [Include] TFA_SAMP - 1st two-factor authentication method for SA-MP. (/showthread.php?tid=471559)
Pages:
1
2
TFA_SAMP - first two-factor authentication method for SA-MP. - GiamPy. - 23.10.2013
TFA_SAMP - 1st two-factor authentication method for SA-MP.
A huge thanks to Authy (https://www.authy.com/) for providing the web APIs.
Include release under GPL v2 OSL (open source license) - click here for more information.
Part of the include is made in PHP.
Hello everyone.
Recently I was thinking of a new include to release, and I thought about a two-factor authentication method for SA-MP, something like it has never existed before. This include does not directly provide the authentication method, it is just a way to communicate with the service that provides so, which in this case is Authy.
Authy provides also free-plans for development or fairly small communities.
Visit https://www.authy.com/ for more information.
If you don't know what a two-factor authentication method is, read this page.
However, here's a short description.
Quote:
|
Multi-factor authentication (also MFA, Two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something only the user knows"), a possession factor ("something only the user has"), and an inherence factor ("something only the user is"). After presentation, each factor must be validated by the other party for authentication to occur. |
So, what is Authy? Authy is what gives us the API to communicate with the server and to send the SMS / verify the token taken by your phone.
If you are worried about security, the API requests through the production method are sent through HTTPS requests, and all the information are not saved in any TFA_SAMP database but in Authy's databases which are completely safe and secure.
Available Functions
- TFASAMP::prepareConnection(host[], password[], api_key[], type[] = "production", bool:tfa_debug = false)
- TFASAMP::createUser(playerid, email[], cellphone[], area_code[] = "1")
- TFASAMP::verifyToken(playerid, user_id, token[], bool: force = true)
- TFASAMP::setPlayerUserID(playerid, userid)
- TFASAMP::getPlayerUserID(playerid)
- TFASAMP::OnTokenVerify(playerid, result)
You may find here the updated functions documentation.
Bug Reporting
Please use GitHub's issues to report bugs by clicking here.
Contributions
Please use GitHub's pull requests to give a contribute by clicking here.
Example
You may find an example of the include here.
Requirements
You need to install this or the include will not work.
You also need y_hooks and y_stringhash from YSI library.
For any other question, feedback or anything else feel free to answer this thread, and don't forget to contribute on GitHub, if you'd like to!
Cheers.
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 24.10.2013
Updated, fixed some bugs and improved the example in the files.
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - iZN - 24.10.2013
Looking great, I might try it.
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 24.10.2013
Modified the commands structure.
https://github.com/GiampaoloFalqui/T...463d89d74f2f03
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - Tamer - 24.10.2013
Good job. Worth to give a try.
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - Akira297 - 24.10.2013
This is a very good include developed for servers. Additionally, these keys should be assigned to staff accounts and not just typical players for they are at risk on their own safety.
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 24.10.2013
Quote:
|
Originally Posted by Akira297
 This is a very good include developed for servers. Additionally, these keys should be assigned to staff accounts and not just typical players for they are at risk on their own safety.
|
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 26.12.2013
Released v0.2.2.
- Added :: syntactic sugar.
- Added TFASAMP::getPlayerUserID(playerid).
- Added TFASAMP::setPlayerUserID(playerid).
- Added versioning check.
- Internal changes.
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 26.12.2013
Quote:
|
Originally Posted by ******
Why are you using a polling timer to process the reply instead of a callback?
|
Quote:
|
Originally Posted by ******
Does the authy system handle knowledge as well as possession?
|
Quote:
|
Originally Posted by ******
OH PLEASE NO! - have you ever heard of input sanitation?
|
Quote:
|
Originally Posted by ******
Why are you using "PREFIX::functionName" syntax instead of the almost universally applied "Prefix_FunctionName" scheme? That's just introducing complexity in the form of inconsistency for no apparent reason. As is using all upper-case letters for variables.
|
Quote:
|
Originally Posted by ******
The "type" default should, IMHO, be "production" not "development", that way if people forget to set it correctly they don't get an unsafe default and will have issues alerting them to the problem.
|
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 27.12.2013
Quote:
|
Originally Posted by ******
That wasn't the only one - the PHP code is full of holes all over, I just happend to choose that one to point out.
|
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - Djole1337 - 27.12.2013
htmlspecialchars() will not provide you any extra "security".
Also you have made a syntax error (https://github.com/GiampaoloFalqui/T...xecute.php#L21).
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 27.12.2013
Therefore what do you suggest?
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 27.12.2013
Quote:
|
Originally Posted by ******
Nope, not in any way. You don't check if any of the inputs are strings, or if they contain valid paths only you want. I also find it amusing that using your two factor authentication system is protected by only a password.
|
Also, I was thinking if using POST to send the requests instead of GET, maybe it's more secure?
I am working on a way to sanitize the commands anyway.
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 27.12.2013
0.2.4 - attempt to improve command security.
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 27.12.2013
Quote:
|
Originally Posted by ******
Why not just do something like:
pawn Код:
|
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - feartonyb - 28.12.2013
Very nice work
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - Alphlax - 28.12.2013
Good system !
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 28.12.2013
v1.0.0-alpha has been introduced however it's not ready for production.
Please keep using the v0.2.4 for production enviroments.
For more information: https://github.com/GiampaoloFalqui/TFA_SAMP/releases
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - GiamPy. - 30.12.2013
v1.0.0-alpha.2 has been released.
https://github.com/GiampaoloFalqui/T...v1.0.0-alpha.2
Re: TFA_SAMP - 1st two-factor authentication method for SA-MP. - Alphlax - 30.12.2013
Good to know