PHP Classes

Pure PHP Yubicloud authentication: Check YubiKeys OTP in multiple servers

Recommend this page to a friend!
  Info   View files Example   Demos   View files View files (4)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2024-01-10 (2 months ago) RSS 2.0 feedNot enough user ratingsTotal: 145 This week: 1All time: 9,136 This week: 560Up
Version License PHP version Categories
yubicloud 4.3.30GNU Lesser Genera...5.3.0PHP 5, Web services, Security
Description 

Author

This class can check YubiKeys OTP in multiple servers.

It sends HTTP requests to one or more YubiCloud servers to validate OTP (one time password) keys.

The class can send multiple validation HTTP requests in parallel to multiple servers.

Innovation Award
PHP Programming Innovation award nominee
December 2014
Number 8


Prize: One downloadable copy of PhpED Professional
One time passwords are used to implement systems that are more secure by avoiding replay attacks usually caused by reusing stollen passwords.

This class can validate YubiKeys (one time password keys) against network of multiple YubiCloud servers.

Manuel Lemos
Picture of André Liechti
  Performance   Level  
Name: André Liechti <contact>
Classes: 9 packages by
Country: Switzerland Switzerland
Age: 55
All time rank: 4016 in Switzerland Switzerland
Week rank: 51 Up1 in Switzerland Switzerland Up
Innovation award
Innovation award
Nominee: 8x

Winner: 2x

Example

<?php
/**
 * @file yubicloud.demo.php
 * @brief Yubicloud LGPLv3 PHP class demo implementation
 *
 * @mainpage
 *
 * This is a small demo implementation of the Yubicloud PHP class.
 *
 * PHP 5.3.0 or higher is supported.
 *
 * @author Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
 * @version 4.3.3.2
 * @date 2019-04-24
 * @since 2014-11-04
 * @copyright (c) 2014-2019 SysCo systemes de communication sa
 * @license GNU Lesser General Public License
 * @link http://www.multiotp.net/
 *
 *//*
 *
 * LICENCE
 *
 * Copyright (c) 2014-2019 SysCo systemes de communication sa
 * SysCo (tm) is a trademark of SysCo systemes de communication sa
 * (http://www.sysco.ch/)
 * All rights reserved.
 *
 * This file is part of the Yubicloud PHP class.
 *
 * Yubicloud PHP class is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation, either version 3 of the License,
 * or (at your option) any later version.
 *
 * Yubicloud PHP class is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with Yubicloud PHP class.
 * If not, see <http://www.gnu.org/licenses/>.
 *
 *
 * Usage
 *
 * You need a Yubico API key which is free if you have at least one Yubikey.
 * You can ask for your own key here: https://upgrade.yubico.com/getapikey/
 *
 *
 * Change Log
 *
 * 2019-04-24 4.3.3.2 SysCo/al https is now the default connection, merged from matthieuonfray fork on GitHub
 * 2016-11-12 4.3.2.2 SysCo/al Merge the constructor change proposed by My1 on GitHub (PHP4 style is deprecated in PHP7)
 * 2014-12-29 4.3.2.1 SysCo/al Adding information about the server which answered
 * 2014-12-29 4.3.2.0 SysCo/al Some modifications for future PSR compliance (http://www.php-fig.org/)
 * 2014-12-26 4.3.1.3 SysCo/al Additional detailed information
 * 2014-12-22 4.3.1.2 SysCo/al Detailed response information
 * 2014-11-04 4.3.0.0 SysCo/al Initial release, version number is synchronized with the multiOTP project
 *********************************************************************/
   
   
require_once('yubicloud.class.php');
   
   
$otp_to_check = trim(isset($_POST['otp'])?$_POST['otp']:'');
   
    echo
"<html>\n";
    echo
"<head>\n";
    echo
"<title>Yubicloud PHP class demo</title>\n";
    echo
"</head>\n";
    echo
"<body onload=\"document.getElementById('otp').focus();\">\n";
    echo
"<form method=\"post\" action=\"yubicloud.demo.php\">\n";
    echo
"<fieldset>\n";
    echo
"<legend>YubiCloud demo</legend>\n";
    echo
"Touch the YubiKey button:<br />\n";
    echo
"<input type=\"text\" id=\"otp\" name=\"otp\" value=\"\" size=\"80\">\n";
    echo
"<input type=\"submit\" value=\"Submit\">\n";
    echo
"</fieldset>\n";
    echo
"</form>\n";

    if (
0 != strlen($otp_to_check))
    {
       
$yubicloud = new Yubicloud();
       
$result = $yubicloud->checkOnYubiCloud($otp_to_check);
       
        echo
"<hr />";
        echo
"OTP to check: <b>$otp_to_check</b>\n";
        echo
"<br />";
        echo
"YubiCloud result: <b>$result</b>\n";
        echo
"<br /><br />\n";
       
       
$response = $yubicloud->getYubiCloudLastResponse();
       
ksort($response);
        echo
"Detailed response: <br />\n";
        echo
"<table>\n";
        foreach(
$response as $key=>$value) {
            echo
"<tr><td>$key:</td><td><b>$value</b></td><td><i>";
            switch (
$key) {
                case
"otp":
                    echo
"The OTP from the YubiKey, from request.";
                    break;
                case
"nonce":
                    echo
"Random unique data, from request.";
                    break;
                case
"h":
                    echo
"Signature (base64).";
                    break;
                case
"now_utc":
                    echo
"Unix timestamp of the PHP server in UTC.";
                    break;
                case
"t":
                    echo
"Timestamp of the YubiCloud server in UTC.";
                    break;
                case
"t_utc":
                    echo
"Unix timestamp of the Yubicloud server in UTC.";
                    break;
                case
"status":
                    echo
"The status of the operation, see below.";
                    break;
                case
"timestamp":
                    echo
"YubiKey internal timestamp value when key was pressed.";
                    break;
                case
"sessioncounter":
                    echo
"YubiKey internal usage counter when key was pressed.";
                    break;
                case
"sessionuse":
                    echo
"YubiKey internal session usage counter when key was pressed.";
                    break;
                case
"sl":
                    echo
"Percentage of external validation server that replied successfully (0 to 100).";
                    break;
            }
            echo
"</i></td></tr>\n";
        }
        echo
"</table>\n";
    }
    echo <<< EOT
<hr />
<pre>
                   OK The OTP is valid.
              BAD_OTP The OTP is invalid format.
         REPLAYED_OTP The OTP has already been seen by the service.
        BAD_SIGNATURE The HMAC signature verification failed.
    MISSING_PARAMETER The request lacks a parameter.
       NO_SUCH_CLIENT The request id does not exist.
OPERATION_NOT_ALLOWED The request id is not allowed to verify OTPs.
        BACKEND_ERROR Unexpected error in Yubico servers. Please contact them if you see this error.
   NOT_ENOUGH_ANSWERS Server could not get requested number of syncs during before timeout.
     REPLAYED_REQUEST Server has seen the OTP/Nonce combination before.
            BAD_NONCE Answer Nonce is different from the request Nonce.
     CONNECTION_ERROR Impossible to make a connection with the YubiCloud servers.
     OTP_IS_DIFFERENT Answer OTP is different from request OTP.
   OUT_OF_TIME_WINDOW Timestamp difference with the Yubico servers is bigger than yubicloud_max_time_window.
       SERVER_TIMEOUT Timeout while waiting an answer from the server.
</pre>
EOT;
    echo
"</body>\n";
    echo
"</html>";


Details

Yubicloud PHP class

Yubicloud PHP class is a GNU LGPL class to check YubiKeys using YubiCloud.

(c) 2014-2019 SysCo systemes de communication sa The Yubicloud PHP class is a subset of the multiOTP open source project. http://www.multiOTP.net/

Current build: 4.3.3.2 (2019-04-24)

No external file is needed (no PEAR, no PECL, no cURL).

Usage

You need a Yubico API key which is free if you have at least one Yubikey. You can ask for your own key here: https://upgrade.yubico.com/getapikey/


<?php
    require_once('yubicloud.class.php');
    $yubicloud = new Yubicloud("my_client_id", "my_secret_key");
    $result = $yubicloud->checkOnYubiCloud($otp_to_check);
?>

Possible returned value is one of the following:


                   OK  The OTP is valid.
              BAD_OTP  The OTP is invalid format.
         REPLAYED_OTP  The OTP has already been seen by the service.
        BAD_SIGNATURE  The HMAC signature verification failed.
    MISSING_PARAMETER  The request lacks a parameter.
       NO_SUCH_CLIENT  The request id does not exist.
OPERATION_NOT_ALLOWED  The request id is not allowed to verify OTPs.
        BACKEND_ERROR  Unexpected error in Yubico servers. Please contact them if you see this error.
   NOT_ENOUGH_ANSWERS  Server could not get requested number of syncs during before timeout.
     REPLAYED_REQUEST  Server has seen the OTP/Nonce combination before.
            BAD_NONCE  Answer Nonce is different from the request Nonce.
     CONNECTION_ERROR  Impossible to make a connection with the YubiCloud servers.
     OTP_IS_DIFFERENT  Answer OTP is different from request OTP.
   OUT_OF_TIME_WINDOW  Timestamp difference with the Yubico servers is bigger than yubicloud_max_time_window.
       SERVER_TIMEOUT  Timeout while waiting an answer from the server.

Check yubicloud.demo.php for a full implementation example.

You can support our open source projects with donations and sponsoring. Sponsorships are crucial for ongoing and future development! If you'd like to support our work, then consider making a donation, any support is always welcome even if it's as low as $1! You can also sponsor the development of a specific feature. Please contact us in order to discuss the detail of the implementation.

[Donate via PayPal by clicking here][1]. [![Donate via PayPal][2]][1] [1]: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=N56M9E2SEAUD4 [2]: https://www.paypalobjects.com/webstatic/mktg/logo/pp_cc_mark_37x23.jpg

And for more PHP classes, have a look on PHPclasses.org, where a lot of authors are sharing their classes for free.


  Yubicloud PHP class demoExternal page  
  Files folder image Files  
File Role Description
Accessible without login Plain text file README.md Doc. Documentation
Plain text file yubicloud.class.php Class Main file (class)
Accessible without login Plain text file LICENSE.md Lic. License text
Accessible without login Plain text file yubicloud.demo.php Example Implementation example

 Version Control Unique User Downloads Download Rankings  
 100%
Total:145
This week:1
All time:9,136
This week:560Up