Adjust RFC6283 getTokenCode to only show one token at a time.

Remove the tokens from client_logins.php and replace with a mouseover/hover to show mechanism using ajax.php
2026-02-28 10:54:52 +00:00 · 2022-04-24 13:48:27 +01:00
parent dcd772c5f6
commit fda40055f8
3 changed files with 39 additions and 14 deletions
--- a/client_logins.php
+++ b/client_logins.php
@@ -1,7 +1,5 @@
 <?php

-require_once("rfc6238.php");
-
 if(!empty($_GET['sb'])){
  $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
 }else{
@@ -84,11 +82,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
            }
            $login_password = htmlentities(decryptLoginEntry($row['login_password']));
            $login_otp_secret = $row['login_otp_secret'];
+            $login_id_with_secret = '"' . $row['login_id'] . '","' . $row['login_otp_secret'] . '"';
            if(empty($login_otp_secret)){
              $otp_display = "-";
            }else{
-              $otp = TokenAuth6238::getTokenCode($login_otp_secret,$rangein30s = 3);
-              $otp_display = "<i class='far fa-clock text-secondary'></i> $otp<button class='btn btn-sm clipboardjs' data-clipboard-text='$otp'><i class='far fa-copy text-secondary'></i></button>";
+              $otp_display = "<span onmouseover='showOTP($login_id_with_secret)'><i class='far fa-clock'></i> <span id='otp_$login_id'><i>Hover..</i></span></span>";
            }
            $login_note = $row['login_note'];
            $login_contact_id = $row['login_contact_id'];
@@ -141,6 +139,23 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
  </div>
 </div>

+<script>
+    function showOTP(id, secret){
+        //Send a GET request to ajax.php as ajax.php?get_totp_token=true&totp_secret=SECRET
+        jQuery.get(
+            "ajax.php",
+            {get_totp_token: 'true', totp_secret: secret},
+            function(data){
+                //If we get a response from post.php, parse it as JSON
+                const token = JSON.parse(data);
+
+                document.getElementById("otp_" + id).innerText = token
+
+            }
+        );
+    }
+</script>
+
 <?php
 include("client_login_add_modal.php");
 include("share_modal.php");