One time password generator, validator, and qrcode generator that has no web dependencies (self-contained) in PHP

Overview

otp-thing

One time password generator, validator, and qrcode generator that has no web dependencies (self-contained) in PHP

Introduction

This started out as a straight drop-in class which you can still download from here, however it has been developed into a full admin/usercp system using the gentelella theme converted to smarty 3.

Attribution to other Authors

All other 3rd party libraries (jquery, jquery extensions, etc) and languages (javascript/ecma, css, etc) are under their respective licenses having attribution included in the respective file(s), or in the directory containing the file(s). Absense of said license does not mean that no license applies, but it is assumed the strongest license in this project would then apply where no other license is available. If a license file/attribution was not included and you believe this to be an error, please submit it as a bug report or pull request with any license details that may have been omitted.

Installation

Download the application, and set the appropriate values in config.inc.php, then run /app/install . If everything passes, the database will be installed if it doesn't exist, and a new user admin with the the password admin will be created using ACL 9999 which should give plenty of access levels to play with for lower level users or admins.

Once installed, all users and administrators have access to add an authenticator to their account, and edit the following basic settings for their own account : Name, Password, Email

Requirements

This was tested and runs well on the following detailed lists of all modules and extensions loaded for Apache and PHP. Many of the modules or extensions come pre-loaded but since this varies between distributions, I have included a more comprehensive list which you can tweak.

Apache/2.4.10

  • access_compat_module (shared)
  • actions_module (shared)
  • alias_module (shared)
  • auth_basic_module (shared)
  • authn_core_module (shared)
  • authn_file_module (shared)
  • authz_core_module (shared)
  • authz_host_module (shared)
  • authz_user_module (shared)
  • autoindex_module (shared)
  • core_module (static)
  • deflate_module (shared)
  • dir_module (shared)
  • env_module (shared)
  • fastcgi_module (shared)
  • filter_module (shared)
  • headers_module (shared)
  • http_module (static)

Loaded Modules:

  • log_config_module (static)
  • logio_module (static)
  • mime_module (shared)
  • mpm_event_module (shared)
  • negotiation_module (shared)
  • rewrite_module (shared)
  • setenvif_module (shared)
  • socache_shmcb_module (shared)
  • so_module (static)
  • ssl_module (shared)
  • status_module (shared)
  • unixd_module (static)
  • version_module (static)
  • watchdog_module (static)

PHP 5.6.17

[PHP Modules]

  • bcmath
  • bz2
  • calendar
  • Core
  • ctype
  • date
  • dba
  • dom
  • ereg
  • exif
  • fileinfo
  • filter
  • ftp
  • gd
  • gettext
  • hash
  • iconv
  • json
  • libxml
  • mbstring
  • mhash
  • mysql
  • mysqli
  • mysqlnd
  • openssl
  • pcntl
  • pcre
  • PDO
  • pdo_mysql
  • pdo_sqlite
  • Phar
  • posix
  • readline
  • Reflection
  • session
  • shmop
  • SimpleXML
  • soap
  • sockets
  • SPL
  • sqlite3
  • standard
  • sysvmsg
  • sysvsem
  • sysvshm
  • tokenizer
  • wddx
  • xml
  • xmlreader
  • xmlwriter
  • Zend OPcache
  • zip
  • zlib

[Zend Modules]

  • Zend OPcache

MariaDB 10.0.23

This should not matter too much which database platform you choose either MariaDB or MySQL, however you will need it compiled with mysqlnd (native driver) support as well as compiled into PHP.


Login

If an authenticator is not on the users account, the authenticator code field is disregarded. If any part of the credentials fail including if the authenticator code is invalid or not a valid scratch code, a generic message is displayed stating 'Invalid Credentials' so that no clue is given making it more difficult for an attacker to guess which part of the credential system was correct by messages such as 'Invalid Password'.

image

Dashboard

image

Settings

image

Authenticator

If no authenticator is on the users account

image

image

If an authenticator exists on the users account:

image

image

Accounts : Add

image

Accounts : Added

image

Accounts : List

image

Notifications

image

image

Generic Error Page handles

410 Gone instead of 404 for pages that do not have a valid modal. This script only checks for the physical existence of resource files (jpg, png, js, etc.) and denies any direct access to physical php/html/etc files. As you can see in the screenshot, if the physical resource file is missing, it will also trigger a 410 gone, showing the missing element and virtual path in the address bar. image

400 error message for resources that the user does not have permission to access. image

You might also like...
CocoPass is a password management system based on Laravel5.3.

CocoPass is a password management system based on Laravel5.3. You can safely and easily store your password here. If course, it is the first version.

A simple, intuitive, yet powerful password manager.

Poziomy zabezpieczeń Brak zabezpieczeń Kod jest widoczny bez konieczności podejmowania żadnej akcji. Nie jest szyfrowany. Można udostępniać. Niski poz

Passbolt - Open source password manager for teams
Passbolt - Open source password manager for teams

Passbolt - Open source password manager for teams

Self hosted project management and collaboration tool powered by TALL stack
Self hosted project management and collaboration tool powered by TALL stack

Sponsored By: Self hosted project management and collaboration tool inspired by basecamp. Notice: Project under some major change, do not use until st

A self hosted download manager for movie and tv show trailers.

Introduction Trailarr is a self hosted download manager for movie and tv show trailers. Features: A beautiful, easy to use UI. Easy setup, readily con

A self-hosted, drag-and-drop, & nosql file conversion server that supports 62x file formats
A self-hosted, drag-and-drop, & nosql file conversion server that supports 62x file formats

A self-hosted, drag-and-drop, & nosql file conversion server that supports 62x file formats

Cloudlog is a self-hosted PHP application that allows you to log your amateur radio contacts anywhere.

Web based amateur radio logging application built using PHP & MySQL supports general station logging tasks from HF to Microwave with supporting applications to support CAT control.

Self-hosted CMS platform based on the Laravel PHP Framework.
Self-hosted CMS platform based on the Laravel PHP Framework.

October is a Content Management System (CMS) and web platform whose sole purpose is to make your development workflow simple again. It was born out of

FreeScout — Free self-hosted help desk & shared mailbox (Zendesk / Help Scout alternative)
FreeScout — Free self-hosted help desk & shared mailbox (Zendesk / Help Scout alternative)

Free Self-Hosted Zendesk & Help Scout Alternative FreeScout is the super lightweight free open source help desk and shared inbox written in PHP7+ (Lar

Comments
  • Install error

    Install error

    I'm getting an error before install it. The error is: Parse error: syntax error, unexpected '*', expecting ',' or ';' in /home/ubuntu/workspace/app/lib/session.class.php on line 21 Call Stack: 0.0016 238920 1. {main}() /home/ubuntu/workspace/app/controller.php:0 0.0020 240400 2. require_once('/home/ubuntu/workspace/app/lib/autoload.php') /home/ubuntu/workspace/app/controller.php:3

    opened by marcoafsilva 1
  • Generating passwords?

    Generating passwords?

    Hi,

    I installed the application without any issues to speak of, but I'm wondering: where exactly do I generate passwords? I only glanced over the README.md file and understood this to be a sort of fancy version of passwordgenerator.net.

    Thanks in advance.

    opened by k0nsl 1
Releases(1.0.1)
Owner
Daniel Krusky
Daniel Krusky
Server manager is a open source project made for people so that they can add the servers to one single place irrespective of their provider and manage it through one location.

Server Manager Are you sick of having to log into hundreads of different website just to access your server? Well we got you, Server manager is a open

null 8 Aug 9, 2022
PHP web based Password Manager for business and personal use.

sysPass - Systems Password Manager Join us in the Gitter chat room: PHP web based Password Manager for business and personal use. AES-256 encryption i

RubénD 896 Dec 26, 2022
Self-hosted platform to keep and share your content: web links, posts, passwords and pictures.

Shaark is a self-hosted platform to keep and share your content: web links, posts, passwords and pictures. All of your data can be private, public or

MarceauKa 482 Dec 30, 2022
An open source self hosted notes and bookmarks taking web app.

Benotes An open source self hosted web app for your notes and bookmarks side by side. This project is currently in Beta. You may encounter bugs or err

null 264 Jan 2, 2023
An online quiz system built on PHP, JS and HTML. It has inbuilt Timer support along with Admin Panel

Skill's Breaker An online quiz system built on PHP, JS and HTML. It has inbuilt Timer support along with Admin Panel #Added features: Added Timer supp

null 2 Jul 16, 2022
Simple Dynamic DNS Web management self-hosting. Run over dnsmasq.

MyDDNS [BETA] Simple Dynamic DNS Web management self-hosting. It use dnsmasq. It was inspired on duckdns.org. Preparation You need root access to a se

Iván Eixarch 4 Jul 6, 2022
Online web application developed in PHP using Laravel framework for managing real-time kitchen orders in a restaurant.

Online web application developed in PHP using Laravel framework for managing real-time kitchen orders in a restaurant. It allows, through a web panel, real-time communication between chefs and waiters about the status of orders.

Fernando 2 Nov 9, 2022
AdoteUm.Dev has the proposal to connect people who are looking for developers for their projects

AdoteUm.Dev has the proposal to connect people who are looking for developers for their projects. AdoteUmDev is a web application, developed in PHP language and the Laravel Framework.

Beer And Code 101 Oct 19, 2022
All in one ban system web (light version for all)

All in one - Ban system web (light version) All in one ban system web (light version for all) This database of players who violate or use third-party

Awesomium Team LLC 1 May 3, 2022
🔐 Password Manager written in PHP with MySQL database.

Password Manager A very basic password manager. Tech stack: PHP MySQL Bootstrap Setup Download and install XAMPP. Clone this repository: git clone htt

Olivér 4 Jun 25, 2022