Compare revisions

In the config enter the url of api, id and secret.

**📌 Example**:

```php

<?php

    "appid" => "c1cabd22fbdb698861ad08b27de7399a",

    "shared_secret" => "p9wjjXSewZq0VkM1t5Sm3ZbI4ATEVetU",

    // "user"=> $_SERVER['REMOTE_USER']??'',

    "user"=> $_SERVER['REMOTE_USER']??'',

    "debug" => false,

];

```

The values for a secure connection are given in your mfa server. Open the administration -> tab "Wep apps" -> your application (or create a new app) and copy the values from the shown snippet.

| Key             | Type   | Descriptio

|---              |---     |---

| api 🔸          | string | api url

| appid 🔸        | string | Given ID for your application

| shared_secret 🔸| string | Generated secret for your application

| user            | string | User id of logged in user

| debug           | bool   | Flag: global debugging (for dev environment only)

🔸 required

If the user id is not in $_SERVER['REMOTE_USER'] then there are 2 options:

* mfaconfig.php: correct the fieldname of $_SERVER or set your own variable

* mfa-ensure.php: enable the line `$mfa->setUser(<your-function-to-fetch-userid>);`

**📌 Example**:

```php

<?php

require_once __DIR__.'/mfaclient.class.php';

$mfa = new mfaclient();

// if user was not set in config, set it manually

$mfa->setUser($this->getUserid());

$iHttpStatus=$mfa->ensure();

```

### Activate MFA after logon

This step depends on your code. You need to find a good place to embed the MFA process.

 * Docs: https://os-docs.iml.unibe.ch/mfa-client/index.html

 * License: GNU GPL 3.0

 * 

 * 2025-06-11  <axel.hahn@unibe.ch>  initial version

 * 2025-06-30  <axel.hahn@unibe.ch>  set version 1.0.1 in user agenmt in http requests

 * 2025-07-07  <axel.hahn@unibe.ch>  1.0.2 handle executed setUser() before ensure()

 */

```

/**

 * mfa-ensure.php

 * 

 * @author Axel Hahn <axel.hahn@unibe>

 * @author Axel Hahn <axel.hahn@unibe.ch>

 * 

 */

$mfa->debug($aConfig['debug']??false);

// if user was not set in config, set it manually

// $mfa->setUser($this->getUserid());

$iHttpStatus=$mfa->ensure();

// mfa was skipped? Enable this line to see the reason

 * 

 * 2025-06-11  <axel.hahn@unibe.ch>  initial version

 * 2025-06-30  <axel.hahn@unibe.ch>  set version 1.0.1 in user agenmt in http requests

 * 2025-07-07  <axel.hahn@unibe.ch>  1.0.2 handle executed setUser() before ensure()

 */

class mfaclient

{

    protected string $_sVersion = "1.0.1";

    protected string $_sVersion = "1.0.2";

    protected array $aConfig = [];

    // protected string $sSessionvarname = "mfaclient";

            $this->logout();

        }

        $aVerify=$this->aConfig;

        $aVerify['user']=$this->sUser ?: ($this->aConfig['user'] ?? null); 

        foreach(['api', 'appid', 'shared_secret', 'user'] as $sKey){

            if(!isset($this->aConfig[$sKey])){

            if(!isset($aVerify[$sKey])){

                $this->aStatus[] = "Skip: Key '$sKey' was not set in config.";

                return 200;

            }

            if(!$this->aConfig[$sKey]){

            if(!$aVerify[$sKey]){

                $this->aStatus[] = "Skip: Key '$sKey' is empty in config.";

                return 200;

            }