WebSVN – web_pages – Diff – /trunk/totp_opnsense/index.php

 <?php
 /**
-     Copyright (c) 2025, Daily Data, Inc.
+ * Copyright (c) 2025, Daily Data, Inc.
+ * All rights reserved.
+ *
-    Redistribution and use in source and binary forms, with or without modification,
+ * Redistribution and use in source and binary forms, with or without modification,
-    are permitted provided that the following conditions are met:
+ * are permitted provided that the following conditions are met:
+ *
-        Redistributions of source code must retain the above copyright notice, this
+ * 1. Redistributions of source code must retain the above copyright notice, this list
-           list of conditions and the following disclaimer.
+ *    of conditions and the following disclaimer.
-        Redistributions in binary form must reproduce the above copyright notice,
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this
-           this list of conditions and the following disclaimer in the documentation
+ *    list of conditions and the following disclaimer in the documentation and/or other
-           and/or other materials provided with the distribution.
+ *    materials provided with the distribution.
+ * 3. Neither the name of Daily Data, Inc. nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without specific
+ *    prior written permission.
+ *
-    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-    IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-    OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-    EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
-    PHP script which reads tab delimited file users.csv (defined in $csvFile). Users
-    are presented with a username and password box and a router selector.
-    When processed, will read data file and determine if the credentials match any line
-    and, if so, display a QR Code suitable for scanning with one time password program.
-    Assumes csv file and qr image created by processOPNSense.pl.
-    Version 1.0.0 RWR 2025-09-21
-       Initial Release
+ * DAMAGE.
-    Version 1.1.0 RWR 2025-09-27
-       Added capability of downloading VPN configuration file
  */
-// Define the path to the CSV file
-$csvFile = 'users.csv';
-// Define the path to the .ovpn files, if applicable
-$ovpnDir = 'ovpn_files/';
-$ovpnRegex = 'mcnoc_([a-z0-9]+)\.ovpn';
-$ovpnFileName = '';
-// name of image file
-$imageFileName = '';
-// topt code
-$code = '';
-function csvToArray( $csvFile, $delimiter = "\t" ) {
-   // Initialize an array to hold the data
-   $dataArray = [];
-   // Open the CSV file for reading
-   if (($handle = fopen($csvFile, 'r')) !== FALSE) {
-       // Get the headers from the first row
-       $headers = fgetcsv($handle, 1000, $delimiter);
-       // Loop through each row in the CSV
-       while (($data = fgetcsv($handle, 1000, $delimiter)) !== FALSE) {
-           // Combine headers with data to create an associative array
-           $rowData = array_combine($headers, $data);
-           // Add the associative array to the main data array
-           $dataArray[] = $rowData;
-       }
-       fclose($handle);
-   } else {
-       echo "Could not open the CSV file for reading.";
-   }
+/**
-   return $dataArray;
-} // csvToArray
+   PHP script which reads configuration file containing user information. Users
+   are presented with a username and password box and a router selector.
+   When processed, will read data file and determine if the credentials match any line
+   and
+   * display a QR Code suitable for scanning with one time authentication app
+   * display the OTP seed code in case user wants to enter it manually
+   * provide a link to download the OpenVPN configuration file for that user
-function ovpnFile ( $path, $username, $ovpnRegex ) {
+   Assumes configuration file generated by loadOpnSense.pl
+   Assumes QR code images are pre-generated and stored in a web accessible location
+   Assumes OpenVPN configuration files are pre-generated and stored in a web accessible location
+   Assumes passwords are hashed using password_hash function
+   The configuration file is a json file with the following structure
+   {
+      "router1" : {
-   if ( $files = scandir( $path ) ) {
+         "users" : {
-      foreach ($files as $key => $value ) {
+            "user1" : {
-         if ( preg_match( "/$ovpnRegex/", $value, $matches ) ) {
+               "password" : "<hashed password>",
-            if ( $matches[1] == $username ) {
+               "otp_seed" : "<otp seed>",
-               return $path . $matches[0];
+               "qrFile" : "<path to qr code image file>",
+               "ovpnFile" : "<path to openvpn config file>"
+            },
+            "user2" : {
+               ...
+            }
+         }
+      },
+      "router2" : {
+         ...
+      }
-   } else {
-      die( "Error trying to scan directory $path\n" );
+   }
+   Version 1.0.0 RWR 2025-09-21
-   return '';
+      Initial Release
+   Version 1.1.0 RWR 2025-09-27
+      Added capability of downloading VPN configuration file
+   Version 1.2.0 RWR 2025-10-01
+     Reading from json file instead of csv
+     Removed dependency on exec and external commands
+     Added logging of successful logins
+     automatically generate router list from config file
+     Added some error checking for missing qr code image file and ovpn file
+ */
+// this is the only variable you may need to change
+// everything else is in the configuration file
+$configFile = './users.json';
+// we need the config data for form processing and validation, so always load it
+if ( file_exists( $configFile ) ) {
+   $configData = json_decode( file_get_contents( $configFile ), true );
-} // ovpnFile
+} else {
+   die( "Configuration file $configFile not found" );
+}
 // Check if the form is submitted
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-    // Get the username and password from the form
+   // Get the username and password from the form
     $username = $_POST['username'];
     $password = $_POST['password'];
     $router = $_POST['router'];
-    $users = csvToArray( $csvFile, "\t" );
-    if ( $users ) {
+    if ( $configData ) {
        $isValidUser = false;
-       foreach ( $users as $key => $data ) {
+      if ( isset( $configData[$router]) && isset( $configData[$router]['users'][$username] ) ) {
-          if ( $data['name'] === $username && $data['router'] === $router ) {
+         $data = $configData[$router]['users'][$username];
-             if ( password_verify( $password, $data['password'] ) ) {
+         if ( password_verify( $password, $data['password'] ) ) {
-                $code = $data['otp'];
+            $isValidUser = true;
-                $imageFileName = $data['filename'];
+            $code = $data['otp_seed'] ?? 'unknown';
-                $isValidUser = true;
+            $imageFileName = $data['qrFile'];
-                $ovpnFileName = ovpnFile( $ovpnDir, $data['name'], $ovpnRegex );
+            $ovpnFileName = $data['ovpnFile'];
-                $log = date("Y-m-d H:i:s") . "\t" . $_SERVER['REMOTE_ADDR'] . "\t" .
+            $log = date("Y-m-d H:i:s") . "\t" . $_SERVER['REMOTE_ADDR'] . "\t" .
-                  "Success\t" . $username."\t" .PHP_EOL;
+            "Success\t" . $username."\t" .PHP_EOL;
-                file_put_contents( './log_'.date("j.n.Y").'.log', $log, FILE_APPEND );
+            file_put_contents( './log_'.date("j.n.Y").'.log', $log, FILE_APPEND );
-             }
-             break;
+         }
+      }
-      if ( ! $isValidUser )
-         echo "<h1>Password wrong, or invalid user $username for router $router</h1>";
-    } else {
+   } else {
-        echo '<h1>Could not open the CSV file.</h1>';
+      print '<h1>Could not open the configuration file.</h1>';
-    }
+   }
+   if ( ! $isValidUser )
+         print "<h1>Password wrong, or invalid user $username for router $router</h1>";
-}
+} // if form submitted
 ?>
 <!DOCTYPE html>
 <html lang="en">
     <title>Get QR Code</title>
 </head>
 <body>
     <?php
        if ( ! empty( $imageFileName ) && ! empty( $code ) ) {
-          echo "<div style='text-align: center;'>";
+         print "<div style='text-align: center;'>";
+         if ( empty($imageFileName) || !file_exists($imageFileName)) {
+            print "<p><b>QR Code image file not found</b></p>";
+         } else {
+            // all good
-          echo "<img src='$imageFileName' alt='$code'>";
+            print "<img src='$imageFileName' alt='$code'>";
+         }
-          echo "<br />Your code for $router is<br /><b>$code</b>";
+         print "<br />Your code for $router is<br /><b>$code</b>";
-          if ( !empty( $ovpnFileName ) ) {
+         if ( empty( $ovpnFileName ) ) {
+            print "<br />No OpenVPN configuration file available";
+         } else {
-             echo "<br /><a href='$ovpnFileName' download>Download your OpenVPN Config File</a>";
+            print "<br /><a href='$ovpnFileName' download>Download your OpenVPN Config File</a>";
-          }
+         }
-          echo '</div>';
+         print '</div>';
-       }
+      }
     ?>
     <p>This page is updated hourly. If change your password, it will not be reflected here for an hour</p>
     <form method="POST" action="">
         <label for="username">Username:</label>
         <input type="text" id="username" name="username" required>
         <input type="password" id="password" name="password" required>
         <br>
         <label for="router">Router:</label>
          <select name="router" id="router">
              <?php
-                // gets a list of all routers listed in $csvFile into array $routers
+               // gets a list of all routers listed in $csvFile into array $routers
-                exec( "tail -n+2 $csvFile | cut -f1 | sort | uniq | sort", $routers );
+               $routers = array_keys( $configData );
                 #die( "<pre>" . print_r( $routers, true) . "</pre>" );
                 foreach ( $routers as $index => $name ) {
                    print "<option value='$name'>$name</option>\n";
+                }
             ?>

Subversion Repositories web_pages

(root)/trunk/totp_opnsense/index.php – Rev 13 → 14