From 146a24efad4e068cf602f38fb0397b3afd62b628 Mon Sep 17 00:00:00 2001
From: Peter Knut <peter@pematon.com>
Date: Fri, 6 Sep 2024 23:31:04 +0200
Subject: [PATCH] AdminerLoginOtp: Autocomplete hints for OTP input field, code
 refactoring

Tanks to SGCBB (https://github.com/vrana/adminer/pull/488)
---
 plugins/login-otp.php | 109 ++++++++++++++++++++++++++----------------
 1 file changed, 67 insertions(+), 42 deletions(-)

diff --git a/plugins/login-otp.php b/plugins/login-otp.php
index 0460eed3..9bdc9d81 100644
--- a/plugins/login-otp.php
+++ b/plugins/login-otp.php
@@ -1,54 +1,79 @@
 <?php
 
 /** Require One-Time Password at login
-* @link https://www.adminer.org/plugins/otp/
-* @author Jakub Vrana, https://www.vrana.cz/
-* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
-* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
-*/
-class AdminerLoginOtp {
-	/** @access protected */
-	var $secret;
-	
-	/** 
-	* @param string decoded secret, e.g. base32_decode("SECRET")
-	*/
-	function __construct($secret) {
+ * @link https://www.adminer.org/plugins/otp/
+ * @author Jakub Vrana, https://www.vrana.cz/
+ * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
+ * @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
+ */
+class AdminerLoginOtp
+{
+	/** @var string */
+	private $secret;
+
+	/**
+	 * @param string $secret Decoded secret, e.g. base64_decode("ENCODED_SECRET").
+	 */
+	public function __construct($secret) {
 		$this->secret = $secret;
-		if ($_POST["auth"]) {
-			$_SESSION["otp"] = (string) $_POST["auth"]["otp"];
-		}
-	}
-	
-	function loginFormField($name, $heading, $value) {
-		if ($name == 'password') {
-			return $heading . $value
-				. "<tr><th><acronym title='One Time Password' lang='en'>OTP</acronym>"
-				. "<td><input type='number' name='auth[otp]' value='" . h($_SESSION["otp"]) . "' size='6' autocomplete='off'>\n"
-			;
+
+		if (isset($_POST["auth"])) {
+			$_SESSION["otp"] = (string)$_POST["auth"]["otp"];
 		}
 	}
 
-	function login($login, $password) {
-		if (isset($_SESSION["otp"])) {
-			$timeSlot = floor(time() / 30);
-			foreach (array(0, -1, 1) as $skew) {
-				if ($_SESSION["otp"] == $this->getOtp($timeSlot + $skew)) {
-					restart_session();
-					unset($_SESSION["otp"]);
-					stop_session();
-					return;
-				}
-			}
-			return 'Invalid OTP.';
-		}
+	/**
+	 * @param string $name
+	 * @param string $heading
+	 * @param string $value
+	 *
+	 * @return string|null
+	 */
+	public function loginFormField($name, $heading, $value) {
+		if ($name != "password") return null;
+
+		return $heading . $value .
+			"<tr><th><abbr title='" . lang('One Time Password') . "' lang='en'>OTP</abbr></th>" .
+			"<td><input type='text' name='auth[otp]' value='" . h($_SESSION["otp"]) . "' " .
+			"size='6' autocomplete='one-time-code' inputmode='numeric' maxlength='6' pattern='\d{6}'/></td>" .
+			"</tr>\n";
 	}
-	
-	function getOtp($timeSlot) {
-		$data = str_pad(pack('N', $timeSlot), 8, "\0", STR_PAD_LEFT);
-		$hash = hash_hmac('sha1', $data, $this->secret, true);
+
+	/**
+	 * @param string $login
+	 * @param string $password
+	 *
+	 * @return string|null
+	 */
+	public function login($login, $password) {
+		if (!isset($_SESSION["otp"])) return null;
+
+		$timeSlot = floor(time() / 30);
+
+		foreach (array(0, -1, 1) as $skew) {
+			if ($_SESSION["otp"] == $this->getOtp($timeSlot + $skew)) {
+				restart_session();
+				unset($_SESSION["otp"]);
+				stop_session();
+
+				return null;
+			}
+		}
+
+		return lang('Invalid OTP code.');
+	}
+
+	/**
+	 * @param int $timeSlot
+	 *
+	 * @return int
+	 */
+	private function getOtp($timeSlot) {
+		$data = str_pad(pack("N", $timeSlot), 8, "\0", STR_PAD_LEFT);
+		$hash = hash_hmac("sha1", $data, $this->secret, true);
 		$offset = ord(substr($hash, -1)) & 0xF;
-		$unpacked = unpack('N', substr($hash, $offset, 4));
+		$unpacked = unpack("N", substr($hash, $offset, 4));
+
 		return ($unpacked[1] & 0x7FFFFFFF) % 1e6;
 	}
 }