[Plugin] TOTP Plugin
#1

TOTP plugin v1.0.1

This plugin allows you to generate one-time passwords based on time (and computing on algorithm based TOTP RFC 6238 ) are also used by Gооgle in the Gооgle Authenticator.

With this plugin, you can protect your server accounts of subsidiary protection, providing the One-time Password on the user side using Gооgle Authenticator and comparing it to the server using this plugin.

The secret key for the user, you can generate and set, for example, in the UCP your WebSite.

Natives

Code:
native Goo gleAuthenticatorCode(key[], tm); //anti-advertising removes the word Gооgle. Remove the space
The parameters:
  • key[] - secret key
  • tm - UNIXTIME
Example

Code:
#include <a_samp>
#include <TOTP>

main()
{
	new code = Goo gleAuthenticatorCode("3ADXVY3HXVYX6XWZ", gettime()); //anti-advertising removes the word Gооgle. Remove the space
	printf("CODE: %06d", code);
}
Downloads

GitHub repository:

https://github.com/GamesDV/TOTP

Pre-built binaries for Linux and Windows (releases page):

https://github.com/GamesDV/TOTP/releases
Reply
#2

Cool, thank you)
Reply
#3

Nice,thank u very much,can I know,we can verify email,password,etc via email
Reply
#4

Nice. Though consider renaming the function. As far as I know the protocol wasn't invented by ******, nor is it exclusively used by ******.
Reply
#5

Quote:
Originally Posted by Vince
View Post
Nice. Though consider renaming the function. As far as I know the protocol wasn't invented by ******, nor is it exclusively used by ******.
Second that.

It's just a standard, RFC 6239: https://tools.ietf.org/html/rfc6238
Only thing ****** has to do with it is that that have a slightly modified version of it available on github. ( https://github.com/******/******-authenticator )
Reply
#6

Nice idea, wonder why this hasnt been done before. Heres +1 mauzolike.
Reply
#7

Quote:
Originally Posted by Vince
View Post
Nice. Though consider renaming the function. As far as I know the protocol wasn't invented by ******, nor is it exclusively used by ******.
I did not say that ****** invented it.
Function so named because plugin was written specifically for integration with ****** Authenticator.
Who wants to - can rename function and compile plugin

Or just use #define:
PHP Code:
#define TOTP ******AuthenticatorCode 
Reply
#8

What is secret code will by same for 2 users? they will get same code?
Reply
#9

Nice one, will definitely mess around with this one when I'm home.



----


The codes do not seem to match for me

The codes also seem to be refreshing at different times for me

Could it be the timezone?
Reply
#10

You need to be in the same timezone, or at least use the same time in the App and on your server. Also you should check for codes ±30 seconds as the time on the device could be slightly out, or in the time taken to input the code it has expired.
Reply
#11

Quote:
Originally Posted by Scranton
View Post
You need to be in the same timezone, or at least use the same time in the App and on your server. Also you should check for codes ±30 seconds as the time on the device could be slightly out, or in the time taken to input the code it has expired.
There's a 7 hour difference with my server & me....
Reply
#12

very nice, was waiting for this in samp
Reply
#13

Quote:
Originally Posted by JaydenJason
View Post
There's a 7 hour difference with my server & me....
Then you need to make sure the server and whatever OTP device you're using are using the same time zone. Not sure how ****** Authenticator does it, but I created an app which detects the phones timezone and adjusts it to GMT for the password, as the server was in the UK.
Reply
#14

How to generate right secret keys?
Reply
#15

Quote:
Originally Posted by MerryDeer
View Post
How to generate right secret keys?
Secret key generator (base32):

PHP Code:
<?php
//by PHPGangsta
function _getBase32LookupTable()
{
    return array(
        
'A''B''C''D''E''F''G''H'//  7
        
'I''J''K''L''M''N''O''P'// 15
        
'Q''R''S''T''U''V''W''X'// 23
        
'Y''Z''2''3''4''5''6''7'// 31
        
'='  // padding char
    
);
}
function 
createSecret($secretLength 16)
{
    
$validChars _getBase32LookupTable();
    unset(
$validChars[32]);
    
$secret '';
    for (
$i 0$i $secretLength$i++) {
        
$secret .= $validChars[array_rand($validChars)];
    }
    return 
$secret;
}
echo 
createSecret();
?>
Reply
#16

How that look in sa-mp?
Reply
#17

I don't know what I could be doing wrong but timezones are both the same on my phone and on my server, still shows different codes
Reply
#18

Update v.1.0.1
Fix crash strlen(NULL), if you send empty string in function.

Commit:

https://github.com/GamesDV/TOTP/comm...130c0849160199

Download:

https://github.com/GamesDV/TOTP/releases
Reply
#19

Quote:
Originally Posted by Igorek
View Post
Update v.1.0.1
Fix crash strlen(NULL), if you send empty string in function.

Commit:

https://github.com/GamesDV/TOTP/comm...130c0849160199

Download:

https://github.com/GamesDV/TOTP/releases
Please create a wiki page.
Reply
#20

Quote:
Originally Posted by Igorek
View Post
Update v.1.0.1
Fix crash strlen(NULL), if you send empty string in function.

Commit:

https://github.com/GamesDV/TOTP/comm...130c0849160199

Download:

https://github.com/GamesDV/TOTP/releases
it's not working. I got those messages in the console
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)