WebSVN – web_pages – Diff – /trunk/totp_opnsense/index.php

 <?php
 /**
  * Copyright (c) 2025, Daily Data, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without modification,
    Assumes configuration file generated by loadOpnSense.pl
    Assumes QR code images are pre-generated and stored in a web accessible location
    Assumes OpenVPN configuration files are pre-generated and stored in a web accessible location
    Assumes passwords are hashed using password_hash function
-   The configuration file is a json file with the following structure
-   {
-      "router1" : {
-         "users" : {
-            "user1" : {
-               "password" : "<hashed password>",
-               "otp_seed" : "<otp seed>",
-               "qrFile" : "<path to qr code image file>",
-               "ovpnFile" : "<path to openvpn config file>"
-            },
-            "user2" : {
-               ...
-            }
-         }
-      },
-      "router2" : {
-         ...
-      }
-   }
    Version 1.0.0 RWR 2025-09-21
       Initial Release
    Version 1.1.0 RWR 2025-09-27
       Added capability of downloading VPN configuration file
    Version 1.2.0 RWR 2025-10-01
      automatically generate router list from config file
      Added some error checking for missing qr code image file and ovpn file
  */
+   define('VERSION', '1.2.0');
 // this is the only variable you may need to change
 // everything else is in the configuration file
-$configFile = './users.json';
+$configFile = __DIR__ . '/users.json';
+$isValidUser = false;
 // we need the config data for form processing and validation, so always load it
-if ( file_exists( $configFile ) ) {
+if (file_exists($configFile)) {
-   $configData = json_decode( file_get_contents( $configFile ), true );
+    $configData = json_decode(file_get_contents($configFile), true);
 } else {
-   die( "Configuration file $configFile not found" );
+    die("Configuration file $configFile not found");
+}
 // Check if the form is submitted
-if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset( $_REQUEST['btnLogin'])) {
-   // Get the username and password from the form
+    // Get the username and password from the form
     $username = $_POST['username'];
     $password = $_POST['password'];
     $router = $_POST['router'];
-    if ( $configData ) {
+    if ($configData) {
-      $isValidUser = false;
+        $isValidUser = false;
-      if ( isset( $configData[$router]) && isset( $configData[$router]['users'][$username] ) ) {
+        if (isset($configData[$router]) && isset($configData[$router]['users'][$username])) {
-         $data = $configData[$router]['users'][$username];
+            $data = $configData[$router]['users'][$username];
-         if ( password_verify( $password, $data['password'] ) ) {
+            if (password_verify($password, $data['password'])) {
-            $isValidUser = true;
+                $isValidUser = true;
-            $code = $data['otp_seed'];
+                $code = $data['otp_seed'];
-            $imageFileName = $data['qrFile'];
+                $imageFileName = $data['qrFile'];
-            $ovpnFileName = $data['ovpnFile'];
+                $ovpnFileName = $data['ovpnFile'];
-            $log = date("Y-m-d H:i:s") . "\t" . $_SERVER['REMOTE_ADDR'] . "\t" .
+                $log = date("Y-m-d H:i:s") . "\t" . $_SERVER['REMOTE_ADDR'] . "\t" .
-            "Success\t" . $username."\t" .PHP_EOL;
+                "Success\t" . $username."\t" .PHP_EOL;
-            file_put_contents( './log_'.date("j.n.Y").'.log', $log, FILE_APPEND );
+                file_put_contents('./log_'.date("j.n.Y").'.log', $log, FILE_APPEND);
-         }
+            }
-      }
+        }
-   } else {
+    } else {
-      print '<h1>Could not open the configuration file.</h1>';
+        print '<h1>Could not open the configuration file.</h1>';
-   }
+    }
+} else if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['refreshRouter'])) {
+    $router = preg_replace('/[^A-Za-z0-9_-]/', '', $_POST['refreshRouter']);
-   if ( ! $isValidUser )
+    $file = "/tmp/update_$router";
-         print "<h1>Password wrong, or invalid user $username for router $router</h1>";
+    file_put_contents($file, time());
-} // if form submitted
+    exit;
+}
 ?>
 <!DOCTYPE html>
 <html lang="en">
 <head>
-    <meta charset="UTF-8">
+   <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Get QR Code</title>
+   <title>Get QR Code</title>
 </head>
 <body>
+   <h1 style='text-align: center;'>OTP and OVPN configuration download</h1>
+   <div id='debug'>
-    <?php
+      <?php
-       if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+         //print "<pre>REQUEST<br/>" . print_r( $_REQUEST, true) . "</pre>";
+      ?>
-          print "<div style='text-align: center;'>";
+   <div id='qr' style='text-align: center;'>
+      <?php
+         if ( isset( $_REQUEST['btnLogin']) ) {
+            if ( $isValidUser ) {
-            if ( empty( $code ) || empty($imageFileName) || !file_exists($imageFileName)) {
+               if (empty($code) || empty($imageFileName) || !file_exists($imageFileName)) {
-               print "<p><b>QR Code image file not found</b></p>";
+                  print "<p><b>QR Code image file not found</b></p>";
-               print "<p>You may not be set up with a TOTP code on $router, talk to an administrator</p>";
+                  print "<p>You may not be set up with a TOTP code on $router, talk to an administrator</p>";
+               } else {
+                  // all good
+                  print "<img src='$imageFileName' alt='$code'>";
+                  print "<br />Your code for $router is<br /><b>$code</b>";
+               }
+               if (empty($ovpnFileName)) {
+                  print "<br />No OpenVPN configuration file available";
+               } else {
+                  print "<br /><a href='$ovpnFileName' download>Download your OpenVPN Config File</a>";
+               }
             } else {
-               // all good
-               print "<img src='$imageFileName' alt='$code'>";
-               print "<br />Your code for $router is<br /><b>$code</b>";
+               print "<h1>Password wrong, or invalid user $username for router $router</h1>";
+            }
+         }
+      ?>
+   </div>
+   <div id='login'>
+      <form method="POST" action="">
-            if ( empty( $ovpnFileName ) ) {
+         <label for="username">Username:</label>
-               print "<br />No OpenVPN configuration file available";
+         <input type="text" id="username" name="username" required>
+         <br>
+         <label for="password">Password:</label>
+         <input type="password" id="password" name="password" required>
+         <br>
+         <label for="router">Router:</label>
+            <select name="router" id="router" onchange="updateTimestampAndRefreshLink()">
-            } else {
+               <?php
+                  $routers = array_keys($configData);
+                  foreach ($routers as $index => $name) {
-               print "<br /><a href='$ovpnFileName' download>Download your OpenVPN Config File</a>";
+                     print "<option value='$name'>$name</option>\n";
-            }
+                  }
-         print '</div>';
+               ?>
+            </select>
+         <br>
+         <input type="submit" name="btnLogin" value="Login" id="loginBtn">
+         <button type="button" id="refreshBtn" style="margin-left:10px;">Request Refresh</button>
+         <div id="routerTimestamp" style="margin-top:10px;"></div>
+         <div id="refreshDiv" style="margin-top:10px;"></div>
+      </form>
+   </div>
+   <script>
+   const configData = <?php echo json_encode($configData); ?>;
+   function updateTimestampAndRefreshLink() {
+      var router = document.getElementById('router').value;
+      var tsDiv = document.getElementById('routerTimestamp');
+      if (configData[router] && configData[router]['lastUpdate']) {
+         var date = new Date(configData[router]['lastUpdate'] * 1000);
+         tsDiv.innerHTML = '<b>Last update for ' + router + ':</b> ' + date.toLocaleString();
+      } else {
+         tsDiv.innerHTML = '<b>No update timestamp available for ' + router + '</b>';
+      }
-    ?>
+   }
-    <p>This page is updated hourly. If change your password, it will not be reflected here for an hour</p>
+   function requestRefresh(router) {
-    <form method="POST" action="">
+      var xhr = new XMLHttpRequest();
-        <label for="username">Username:</label>
+      xhr.open('POST', '', true);
-        <input type="text" id="username" name="username" required>
+      xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
-        <br>
-        <label for="password">Password:</label>
+      xhr.send('refreshRouter=' + encodeURIComponent(router));
-        <input type="password" id="password" name="password" required>
+      alert('Refresh requested for ' + router + "\nPlease wait 2 minutes before retrying");
-        <br>
+   }
-        <label for="router">Router:</label>
+   document.getElementById('router').addEventListener('change', updateTimestampAndRefreshLink);
-         <select name="router" id="router">
+   window.onload = function() {
-             <?php
+      updateTimestampAndRefreshLink();
-               // gets a list of all routers listed in $csvFile into array $routers
+      document.getElementById('refreshBtn').onclick = function() {
-               $routers = array_keys( $configData );
+         var router = document.getElementById('router').value;
-                #die( "<pre>" . print_r( $routers, true) . "</pre>" );
+         requestRefresh(router);
+      };
-                foreach ( $routers as $index => $name ) {
+      document.getElementById('loginBtn').focus();
+   };
-                   print "<option value='$name'>$name</option>\n";
+   document.querySelector('form').addEventListener('keydown', function(e) {
-                }
+      if (e.key === 'Enter') {
-            ?>
+         e.preventDefault();
-         </select>
+         document.getElementById('loginBtn').click();
-        <br>
+      }
-        <input type="submit" value="Login">
+   });
-    </form>
+   </script>
 </body>
 </html>

Subversion Repositories web_pages

(root)/trunk/totp_opnsense/index.php – Rev 15 → 16