3 files changed, 57 insertions, 0 deletions

diff --git a/auth.php b/auth.php
new file mode 100644
index 0000000..7e839c9
--- /dev/null
+++ b/auth.php
@@ -0,0 +1,44 @@
+<?php
+include_once "vendor/autoload.php";
+use OTPHP\TOTP;
+
+function load_config($file) {
+  $json = file_get_contents($file);
+  if ($json === FALSE) die("Error reading config file $file\n");
+  $config = json_decode($json);
+  if (!is_object($config)) die("Bad config file $file\n");
+  return $config;
+}
+
+$lockfile = fopen(__FILE__, 'r');
+if ($lockfile === FALSE) die("Cannot open lock file\n");
+if (!flock($lockfile, LOCK_EX)) die("Cannot acquire exclisive lock\n");
+
+$options = getopt("c:");
+$config = load_config(@$options['c']);
+$config_default = load_config(__DIR__.'/config_default.json');
+
+foreach($config_default as $k => $v) if (!isset($config->{$k})) $config->{$k} = $v;
+
+if (!preg_match('/^[A-Z2-7]+$/i', $config->secret)) die("Base32 encoded secret required\n");
+$totp = new TOTP(null, $config->secret, $config->period, $config->digest, $config->digits);
+while(true) {
+  sleep($config->delay);
+  echo "Czas serwera: ";
+  $now = new DateTime();
+  echo $now->format('Y-m-d H:i:s');
+  echo "\n";
+  echo "Podaj kod:\n";
+  $code = readline();
+  if ($totp->verify($code, null, $config->window)) {
+    break;
+  } else {
+    echo "Zły kod\n";
+    echo "Spróbuj ponownie\n";
+  }
+}
+fclose($lockfile);
+
+$cmd = getenv('SSH_ORIGINAL_COMMAND');
+if ($cmd !== FALSE) passthru($cmd);
+else passthru(getenv('SHELL').' -');
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000..c259f57
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,5 @@
+{
+    "require": {
+        "spomky-labs/otphp": "^8.3"
+    }
+}
diff --git a/config_default.json b/config_default.json
new file mode 100644
index 0000000..a0f795d
--- /dev/null
+++ b/config_default.json
@@ -0,0 +1,8 @@
+{
+  "secret": "*** Base32 encoded secret ***",
+  "period": 30,
+  "window": 1,
+  "digest": "sha1",
+  "digits": 6,
+  "delay": 3
+}
\ No newline at end of file