# U2F-php-server
[![Latest Stable Version](https://img.shields.io/packagist/v/samyoul/u2f-php-server.svg?style=flat-square)](https://packagist.org/packages/samyoul/u2f-php-server)
[![License](https://img.shields.io/badge/license-BSD_2_Clause-brightgreen.svg?style=flat-square)](LICENCE.md)
Server-side handling of FIDO U2F registration and authentication for PHP.
Securing your online accounts and doing your bit to protect your data is extremely important and increasingly more so as hackers get more sophisticated.
FIDO's U2F enables you to add a simple unobtrusive method of 2nd factor authentication, allowing users of your service and/or application to link a hardware key to their account.
## The Family of U2F php Libraries
**Base Library**
https://github.com/Samyoul/U2F-php-server
**Fido Test Suite (UTD)**
https://github.com/Samyoul/U2F-php-UTD
**Frameworks**
*Laravel* https://github.com/Samyoul/U2F-Laravel-server
*Yii* https://github.com/Samyoul/U2F-Yii-server
*CodeIgniter* https://github.com/Samyoul/U2F-CodeIgniter-server
## Contents
1. [Installation](#installation)
2. [Requirements](#requirements)
1. [OpenSSL](#openssl)
1. [Clientside Magic](#client-side-the-magic-javascript-bit-of-talking-with-a-usb-device)
1. [HTTPS and SSL](#https-and-ssl)
3. [Terminology](#terminology)
4. [Recommended Datastore Structure](#recommended-datastore-structure)
5. [Process Workflow](#process-workflow)
1. [Registration Process Flow](#registration-process-flow)
1. [Authentication Process Flow](#authentication-process-flow)
6. [Example Code](#example-code)
1. [Compatibility Check](#compatibility-code)
1. [Registration Code](#registration-code)
1. [Authentication Code](#authentication-code)
7. [Frameworks](#frameworks)
1. [Laravel](#laravel-framework)
1. [Yii](#yii-framework)
1. [CodeIgniter](#codeigniter-framework)
8. [Licence](#licence)
9. [Credits](#credits)
## Installation
`composer require samyoul/u2f-php-server`
## Requirements
A few **things you need** to know before working with this:
1. [**_OpenSSL_**](#openssl) You need at least OpenSSL 1.0.0 or higher.
2. [**_Client-side Handling_**](#client-side) You need to be able to communicate with a some kind of device.
3. [**_A HTTPS URL_**](#https-and-ssl) This is very important, without HTTPS U2F simply will not work.
4. [**_A Datastore_**](#recommended-datastore-structure) You need some kind of datastore for all your U2F registered users (although if you have a system with user authentication I'm presuming you've got this one sorted).
### OpenSSL
This repository requires OpenSSL 1.0.0 or higher. For further details on installing OpenSSL please refer to the php manual http://php.net/manual/en/openssl.installation.php .
Also see [Compatibility Code](#compatibility-code), to check if you have the correct version of OpenSSL installed, and are unsure how else to check.
### Client-side (The magic JavaScript Bit of talking with a USB device)
My presumption is that if you are looking to add U2F authentication to a php system, then you'll probably are also looking for some client-side handling. You've got a U2F enabled USB device and you want to get the USB device speaking with the browser and then with your server running php.
1. Google already have this bit sorted : https://github.com/google/u2f-ref-code/blob/master/u2f-gae-demo/war/js/u2f-api.js
2. [Mastahyeti](https://github.com/mastahyeti) has created a repo dedicated to Google's JavaScript Client-side API : https://github.com/mastahyeti/u2f-api
### HTTPS and SSL
For U2F to work your website/service must use a HTTPS URL. Without a HTTPS URL your code won't work, so get one for your localhost, get one for your production. https://letsencrypt.org/
Basically encrypt everything.
## Terminology
**_HID_** : _Human Interface Device_, like A USB Device [like these things](https://www.google.co.uk/search?q=fido+usb+key&safe=off&tbm=isch)
## Recommended Datastore Structure
You don't need to follow this structure exactly, but you will need to associate your Registration data with a user. You'll also need to store the key handle, public key and the certificate, counter isn't 100% essential but it makes your application more secure.
|Name|Type|Description|
|---|---|---|
|id|integer primary key||
|user_id|integer||
|key_handle|varchar(255)||
|public_key|varchar(255)||
|certificate|text||
|counter|integer||
TODO the descriptions
## Process Workflow
### Registration Process Flow
1. User navigates to a 2nd factor authentication page in your application.
... TODO add the rest of the registration process flow ...
### Authentication Process Flow
1. User navigates to their login page as they usually would, submits username and password.
1. Server received POST request authentication data, normal username + password validation occurs
1. On successful authentication, the application checks 2nd factor authentication is required. We're going to presume it is, otherwise the user would just be logged in at this stage.
1. Application gets the user's registered signatures from the application datastore: `$registrations`.
1. Application gets its ID, usually the domain the application is accessible from: `$appId`
1. Application makes a `U2F::makeAuthentication($registrations, $appId)` call, the method returns an array of `SignRequest` objects: `$authenticationRequest`.
1. Application JSON encodes the array and passes the data to the view
1. When the browser loads the page the JavaScript fires the `u2f.sign(authenticationRequest, function(data){ // Callback logic })` function
1. The view will use JavaScript / Browser to poll the host machine's ports for a FIDO U2F device
1. Once the HID has been found the JavaScript / Browser will send the sign request with data.
1. The HID will prompt the user to authorise the sign request
1. On success the HID returns authentication data
1. The JavaScript receives the HID's returned data and passes it to the server
1. The application takes the returned data passes it to the `U2F::authenticate($authenticationRequest, $registrations, $authenticationResponse)` method
1. If the method returns a registration and doesn't throw an Exception, authentication is complete.
1. Set the user's session, inform the user of the success, and redirect them.
## Example Code
For a full working code example for this repository please see [the dedicated example repository](https://github.com/Samyoul/U2F-php-server-examples)
You can also install it with the following:
```bash
$ git clone https://github.com/Samyoul/U2F-php-server-examples.git
$ cd u2f-php-server-examples
$ composer install
```
1. [Compatibility Code](#compatibility-code)
2. [Registration Code](#registration-code)
1. [Step 1: Starting](#registration-step-1)
1. [Step 2: Talking to the HID](#registration-step-2)
1. [Step 3: Validation & Storage](#registration-step-3)
3. [Authentication Code]()
1. [Step 1: Starting]()
1. [Step 2: Talking to the HID]()
1. [Step 3: Validation]()
---
### Compatibility Code
You'll only ever need to use this method call once per installation and only in the context of debugging if the class is giving you unexpected errors. This method call will check your OpenSSL version and ensure it is at least 1.0.0 .
```php
<?php
require('vendor/autoload.php');
use Samyoul\U2F\U2FServer\U2FServer as U2F;
var_dump(U2F::checkOpenSSLVersion());
```
---
### Registration Code
#### Registration Step 1:
**Starting the registration process:**
We assume that user has successfully authenticated and wishes to register.
```php
<?php
require('vendor/autoload.php');
use Samyoul\U2F\U2FServer\U2FServer as U2F;
session_start();
// This can be anything, but usually easier if you choose your applications domain and top level domain.
$appId = "yourdomain.tld";
// Call the makeRegistration method, passing in the app ID
$registrationData = U2F::makeRegistration($appId);
// Store the request for later
$_
没有合适的资源?快使用搜索试试~ 我知道了~
聚合支付系统四方源码最新更新安全升级修复XSS漏洞和补单漏洞新增诸多实用功能
共2000个文件
png:5451个
js:3994个
php:3456个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
5星 · 超过95%的资源 1 下载量 116 浏览量
2022-07-12
15:36:50
上传
评论
收藏 209.28MB ZIP 举报
温馨提示
虚拟主机空间不支持平台搭建的。需要使用widows、Linux系统搭 【主要功能说明】 1、支付类型可包含 H5、当面付、公众号、扫码、银联、快捷; 2、结算类型包含 普通结算、代付结算、手动结算; 3、枫控限制 轮询、IP限制、金额限制、当日总金额等; 4、完整的账单统计; 5、文档分为在线文档和可下载文档压缩包; 【应用场景】作为第三方、四方支付平台。该有的功能都有。 作为可以对接微信支付宝官方接口也可以对接第三方支付接口还可以对接免签约接口还可以对接微信公众号支付支付宝当面付、对接其他四方支付系统、跑分系统等.可以多通道轮训,可对单个帐户设置多种规则。 【帐号类型】系统后台多类型管理员、商户代理、普通商户、接口用户;对用的板块后台都不一样相关的数据统计齐全有效。
资源推荐
资源详情
资源评论
收起资源包目录
聚合支付系统四方源码最新更新安全升级修复XSS漏洞和补单漏洞新增诸多实用功能 (2000个子文件)
twig.c 35KB
php_xxtea.c 6KB
xxtea.c 2KB
backend.min.css 374KB
master_style.css 361KB
transfer.ltr.css 355KB
app-service-nav.ltr.css 274KB
app-service-nav.ltr.css 274KB
app.min.css 271KB
app.css 270KB
app1.css 270KB
oneui.css 254KB
oneui.css 254KB
oneui.css 254KB
amazeui.min.css 249KB
bootstrap-extend.css 244KB
index.css 227KB
app.min.css 207KB
lyui.min.css 206KB
index.css 187KB
bootstrap.css 174KB
bootstrap.css 170KB
base2.css 166KB
base2.css 166KB
bootstrap.min.css 161KB
bootstrap.min.css 156KB
icons.min.css 155KB
style.css 150KB
bootstrap.css 149KB
bootstrap.min.css 149KB
style.css 143KB
summernote-bs3.css 143KB
bootstrap.css 143KB
bootstrap.min.css 141KB
bootstrap.min.css 141KB
bootstrap.min.css 138KB
bootstrap.min.css 138KB
style.css 136KB
style.css 136KB
vendor.css 134KB
bootstrap.min.css 133KB
bootstrap.min.css 133KB
bootstrap.min.css 133KB
bootstrap.min.css 126KB
bootstrap.css 124KB
bootstrap.min.css 123KB
bootstrap.min.css 119KB
bootstrap.min.css 118KB
bootstrap.min.css 118KB
bootstrap.min.css 118KB
bootstrap.min.css 118KB
base.css 116KB
base.css 116KB
bootstrap.min.css 115KB
materialdesignicons.css 106KB
iconmind.css 104KB
materialdesignicons.min.css 103KB
mui.css 100KB
bootstrap.min.css 98KB
style.css 90KB
materialdesignicons.min.css 85KB
animate.css 77KB
materialdesignicons.min.css 76KB
mui.min.css 74KB
animate.css 74KB
jquery-weui.css 68KB
layui.css 68KB
style.violet.css 66KB
style.sea.css 66KB
style.blue.css 66KB
style.pink.css 66KB
style.red.css 66KB
style.green.css 66KB
samples.css 66KB
layui.css 65KB
layui.css 65KB
animate.css 64KB
animate.css 64KB
style.default.css 64KB
custom.css 64KB
animate.min.css 62KB
fontawesome.min.css 58KB
ionicons.css 56KB
_all-skins.css 56KB
animate.css 55KB
layui.css 54KB
jquery.mCustomScrollbar.css 52KB
antui.css 52KB
style.css 52KB
ionicons.min.css 50KB
layui2019.css 50KB
weui.min.css 49KB
linea.css 48KB
style.css 48KB
weui.min.css 46KB
vx-header-footer.min.css 45KB
2019custom.css 44KB
bootstrap-grid.css 43KB
responsive.css 41KB
custombox.min.css 41KB
共 2000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 20
资源评论
- 2301_809637442023-11-18资源简直太好了,完美解决了当下遇到的难题,这样的资源很难不支持~
智慧浩海
- 粉丝: 1w+
- 资源: 5145
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功