Hi Everybody my first post. I am new to PHPRunner and have not done much web based development work before.
Now I am not looking for a answer as such, but asking if this would be the correct way to do this. I wanted to use our Yubikey that we use to log onto our desktop PCS with the application I am currently developing in PHPRunner for added security.
So this is what I did. Fingers XXXXXX
Setup an API account with Yubicloud and registered a couple of keys.
Downloaded the Yubico PHP library and placed it in my output folder.
![Posted Image]()
Modified the login form in HTML mode. Added the following lines to give the OTP input field I required. This was just after the password input.
Added this code to the BeforeProcessLogin event. To pass the value from the form to a session var.
Added this code to the BeforeLogin event which basically checks the OTP with the Yubikey servers.
And Bob's your uncle and Fanny's your aunt. It all works, but is this the best method.
Edit:- oops wrong forum, can a admin please move this to the PHPRunner forum, thought I was in there when posting. Sorry newbie mistake.
Now I am not looking for a answer as such, but asking if this would be the correct way to do this. I wanted to use our Yubikey that we use to log onto our desktop PCS with the application I am currently developing in PHPRunner for added security.
So this is what I did. Fingers XXXXXX
Setup an API account with Yubicloud and registered a couple of keys.
Downloaded the Yubico PHP library and placed it in my output folder.
Modified the login form in HTML mode. Added the following lines to give the OTP input field I required. This was just after the password input.
<DIV class="form-group"><LABEL class="col-md-4 control-label" for="password">OTP:</LABEL> <DIV class="col-md-6"><INPUT name="yubico" class="form-control" id="yubi" type="password"></DIV></DIV>
Added this code to the BeforeProcessLogin event. To pass the value from the form to a session var.
$_SESSION["yubico"] = postvalue("yubico");Added this code to the BeforeLogin event which basically checks the OTP with the Yubikey servers.
require_once 'Yubico.php';
// Yubicon CLientID and secretkey when you register for there API
$clientID="94536"; // Made up key not real
$secretkey="8732ijhfbnfio789342fd="; // Made up API key not real
$yubicoOTP=$_SESSION["yubico"];
$yubi = new Auth_Yubico($clientID, $secretkey);
$auth = $yubi->verify($yubicoOTP);
if (PEAR::isError($auth)) {
return false;
} else {
return true;
}And Bob's your uncle and Fanny's your aunt. It all works, but is this the best method.
Edit:- oops wrong forum, can a admin please move this to the PHPRunner forum, thought I was in there when posting. Sorry newbie mistake.