ramonsky wrote:
I'm interested in this topic too, as I'm a web developer.
I've read the documentation, but I'm still confused. I don't get all those extra parameters.
All I want to be able to do is ask the user for ONE parameter (the OTP), pass it to the API, and get back the answer "Yes" or "No". How do I do that? (I'm happy to rely on Yubico's servers, and I don't want to reflash my Yubikey).
Well, allright, as I had to write one myself, why not share it. Note that I choose to put this code in the public domain, folks.
I created this little class and an example. The code works fine with PHP4 (haven't tested with PHP5, but it probably will work too). Probably, the standard classes available to work with HTTP stuff (HttpRequest::*) will do fine too and there is a lot of other code available. Anyway, this is my solution.
PS: to get exactly what you wanted, you can simply test for the value in $r->stat, it is either "OK" - (substitute 'YES' then) or it is not (substitute "NO" then).
PS2: I have put part of the url inside the class, not sure if that was a good decision, but you can change it easily.
PS3: in this snippet the class is part of the file. However, you probably will want to store the class in its own file and 'require_once' it in.
PS4: as said, you'll need to register your own API key (and the OTP in this example is bogus too of course);
Code:
<?php
class yubilala {
var $hash; var $time; var $stat;
function set($a,$b,$c)
{
$this->hash=$a; $this->time=$b; $this->stat=$c;
}
function yubi_verify($url,$port,$timeout,$id,$otp)
{
$fp = fsockopen($url, $port, $errno, $errstr, $timeout);
if (!$fp) {
$this->set("","","$errstr ($errno)");
}
fputs($fp, "GET /wsapi/verify?id=" . $id . "&otp=" . $otp . "\r\n");
fputs($fp, "\r\n");
fflush($fp);
$buf = '';
while (!feof($fp)) {
$buf .= fgets($fp, 128);
}
fclose($fp);
if (ereg("^h=([^ ]*).*t=([^ ]*).*status=([^ ]*).*", $buf, $reg) ) {;
$this->set( trim($reg[1]),trim($reg[2]),trim($reg[3]));
} else {
$this->set("","",'Invalid response from server ' . $url);
}
}
}
/** USAGE **/
$r=new yubilala();
// the $otp variable is filled with the output of a yubikey
//
$otp='vvvvvvvvvvvvthktlegjijctflkkklbiggrjrntrehlr';
// acquire your own userid and set its value here:
//
$id='4711';
$r->yubi_verify("api.yubico.com", 80, 5, $id, $otp);
echo "Result: " . $r->stat;
?>
Login
FAQ
Search
) can do some GET actions to the Yubicom validation webserver, using your ID and the token received from the other party. The server will validate and return the 'Yes' or 'No' you required (albeit in another format than a strict 'yes' or 'no').