nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-02-22 02:46:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add mutli-factor authentication.

Browse Source
This commit is contained in:
markjcrane
2023-04-16 01:10:39 -06:00
parent 74f6630df4
commit 00801b5b04
14 changed files with 1436 additions and 293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
core/authentication/resources/classes/plugins/database.php
View File

@@ -1,7 +1,7 @@
<?php
/**
* plugin_database
* plugin_database
*
* @method validate uses authentication plugins to check if a user is authorized to login
* @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
@@ -11,7 +11,6 @@ class plugin_database {
/**
* Define variables and their scope
*/
public $debug;
public $domain_name;
public $domain_uuid;
public $user_uuid;
@@ -26,11 +25,122 @@ class plugin_database {
*/
function database() {
//already authorized
if (isset($_SESSION['authentication']['plugin']['database']) && $_SESSION['authentication']['plugin']['database']["authorized"]) {
//echo __line__;
return;
}
else {
if (isset($_SESSION['authentication']['plugin']['database']) && !$_SESSION['authentication']['plugin']['database']["authorized"]) {
//authorized false
session_unset();
session_destroy();
}
}
//show the authentication code view
if ($_REQUEST["username"] == '' && $_REQUEST["key"] == '') {
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//login logo source
if (isset($_SESSION['theme']['logo_login']['text']) && $_SESSION['theme']['logo_login']['text'] != '') {
$login_logo_source = $_SESSION['theme']['logo_login']['text'];
}
else if (isset($_SESSION['theme']['logo']['text']) && $_SESSION['theme']['logo']['text'] != '') {
$login_logo_source = $_SESSION['theme']['logo']['text'];
}
else {
$login_logo_source = PROJECT_PATH.'/themes/default/images/logo_login.png';
}
//login logo dimensions
if (isset($_SESSION['theme']['login_logo_width']['text']) && $_SESSION['theme']['login_logo_width']['text'] != '') {
$login_logo_width = $_SESSION['theme']['login_logo_width']['text'];
}
else {
$login_logo_width = 'auto; max-width: 300px';
}
if (isset($_SESSION['theme']['login_logo_height']['text']) && $_SESSION['theme']['login_logo_height']['text'] != '') {
$login_logo_height = $_SESSION['theme']['login_logo_height']['text'];
}
else {
$login_logo_height = 'auto; max-height: 300px';
}
//login destination url
$login_destination_url = $_SESSION['login']['destination']['url'];
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//add translations
$view->assign("login_title", $text['button-login']);
$view->assign("label_username", $text['label-username']);
$view->assign("label_password", $text['label-password']);
$view->assign("button_login", $text['button-login']);
//assign default values to the template
$view->assign("login_destination_url", $login_destination_url);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
//add the token name and hash to the view
//$view->assign("token_name", $token['name']);
//$view->assign("token_hash", $token['hash']);
//show the views
$content = $view->render('login.htm');
echo $content;
exit;
}
//validate the token
//$token = new token;
//if (!$token->validate($_SERVER['PHP_SELF'])) {
// message::add($text['message-invalid_token'],'negative');
// header('Location: domains.php');
// exit;
//}
//add the authentication details
if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])) {
$this->username = $_REQUEST["username"];
$this->password = $_REQUEST["password"];
}
if (isset($_REQUEST["key"])) {
$this->key = $_REQUEST["key"];
}
//set the default status
$user_authorized = false;
//check the username and password if they don't match then redirect to the login
$sql = "select u.user_uuid, u.contact_uuid, u.username, u.password, u.salt, u.api_key, u.domain_uuid, d.domain_name ";
$sql = "select u.user_uuid, u.contact_uuid, u.username, u.password, ";
$sql .= "u.user_email, u.salt, u.api_key, u.domain_uuid, d.domain_name ";
$sql .= "from v_users as u, v_domains as d ";
$sql .= "where u.domain_uuid = d.domain_uuid ";
if (strlen($this->key) > 30) {
@@ -52,7 +162,11 @@ class plugin_database {
$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (is_array($row) && @sizeof($row) !== 0) {
if (is_array($row)) {
//set the domain details
$this->domain_uuid = $_SESSION['domain_uuid'];
$this->domain_name = $_SESSION['domain_name'];
//get the domain uuid when users are unique globally
if ($_SESSION["users"]["unique"]["text"] === "global" && $row["domain_uuid"] !== $this->domain_uuid) {
@@ -70,10 +184,22 @@ class plugin_database {
$domain->set();
}
//set the user_uuid
//set the variables
$this->user_uuid = $row['user_uuid'];
$this->username = $row['username'];
$this->contact_uuid = $row['contact_uuid'];
//debug info
//echo "user_uuid ".$this->user_uuid."<br />\n";
//echo "username ".$this->username."<br />\n";
//echo "contact_uuid ".$this->contact_uuid."<br />\n";
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
//validate the password
$valid_password = false;
if (isset($this->key) && strlen($this->key) > 30 && $this->key === $row["api_key"]) {
@@ -82,7 +208,7 @@ class plugin_database {
else if (substr($row["password"], 0, 1) === '$') {
if (isset($this->password) && strlen($this->password) > 0) {
if (password_verify($this->password, $row["password"])) {
$valid_password = true;
$valid_password = true;
}
}
}
@@ -137,20 +263,15 @@ class plugin_database {
$result["plugin"] = "database";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
if ($this->debug) {
$result["password"] = $this->password;
}
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $this->domain_uuid;
$result["domain_uuid"] = $_SESSION['domain_uuid'];
$result["contact_uuid"] = $this->contact_uuid;
$result["sql"] = $sql;
if ($valid_password) {
$result["authorized"] = "true";
}
else {
$result["authorized"] = "false";
}
$result["authorized"] = $valid_password;
//return the results
return $result;
}
}

395
core/authentication/resources/classes/plugins/email.php Normal file
View File

@@ -0,0 +1,395 @@
<?php
/**
* plugin_email
*
* @method email time based one time password authenticate the user
*/
class plugin_email {
/**
* Define variables and their scope
*/
public $domain_name;
public $domain_uuid;
public $username;
public $password;
public $user_uuid;
public $user_email;
public $contact_uuid;
/**
* time based one time password with email
* @return array [authorized] => true or false
*/
function email() {
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//login logo source
if (isset($_SESSION['theme']['logo_login']['text']) && $_SESSION['theme']['logo_login']['text'] != '') {
$login_logo_source = $_SESSION['theme']['logo_login']['text'];
}
else if (isset($_SESSION['theme']['logo']['text']) && $_SESSION['theme']['logo']['text'] != '') {
$login_logo_source = $_SESSION['theme']['logo']['text'];
}
else {
$login_logo_source = PROJECT_PATH.'/themes/default/images/logo_login.png';
}
//login logo dimensions
if (isset($_SESSION['theme']['login_logo_width']['text']) && $_SESSION['theme']['login_logo_width']['text'] != '') {
$login_logo_width = $_SESSION['theme']['login_logo_width']['text'];
}
else {
$login_logo_width = 'auto; max-width: 300px';
}
if (isset($_SESSION['theme']['login_logo_height']['text']) && $_SESSION['theme']['login_logo_height']['text'] != '') {
$login_logo_height = $_SESSION['theme']['login_logo_height']['text'];
}
else {
$login_logo_height = 'auto; max-height: 300px';
}
//login destination url
$login_destination_url = $_SESSION['login']['destination']['url'];
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//request the username
if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//assign default values to the template
$view->assign("login_title", $text['label-username']);
$view->assign("login_username", $text['label-username']);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
$view->assign("button_login", $text['button-login']);
//show the views
$content = $view->render('username.htm');
echo $content;
exit;
}
//show the authentication code view
if (!isset($_POST['authentication_code'])) {
//get the username
//if (!isset($this->username) && isset($_REQUEST['username'])) {
// $this->username = $_REQUEST['username'];
//}
//get the user details
$sql = "select user_uuid, username, user_email, contact_uuid \n";
$sql .= "from v_users\n";
$sql .= "where username = :username\n";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_REQUEST['username'];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
unset($parameters);
//set class variables
//if (strlen($row["user_email"]) > 0) {
// $this->user_uuid = $row['user_uuid'];
// $this->user_email = $row['user_email'];
// $this->contact_uuid = $row['contact_uuid'];
//}
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
//user email not found
if (strlen($row["user_email"]) == 0) {
//build the result array
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_REQUEST['username'];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["authorized"] = false;
//add the failed login to user logs
user_logs::add($result);
//return the array
return $result;
}
//authentication code
$_SESSION["user"]["authentication"]["email"]["code"] = generate_password(6, 1);
$_SESSION["user"]["authentication"]["email"]["epoch"] = time();
////$_SESSION["authentication_address"] = $_SERVER['REMOTE_ADDR'];
////$_SESSION["authentication_date"] = 'now()';
//set the authentication code
//$sql = "update v_users \n";
//$sql .= "set auth_code = :auth_code \n";
//$sql .= "where user_uuid = :user_uuid;";
//$parameters['auth_code'] = $auth_code_hash;
//$parameters['user_uuid'] = $this->user_uuid;
//$database->execute($sql, $parameters);
//unset($sql);
//email settings
//$email_address = $this->user_email;
//$email_subject = 'Validation Code';
//$email_body = 'Validation Code: '.$authentication_code;
//send email with the authentication_code
//ob_start();
//$sent = !send_email($email_address, $email_subject, $email_body, $email_error, null, null, 3, 3) ? false : true;
//$response = ob_get_clean();
//get the language code
$language_code = $_SESSION['domain']['language']['code'];
//get the email template from the database
$sql = "select template_subject, template_body ";
$sql .= "from v_email_templates ";
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
$sql .= "and template_language = :template_language ";
$sql .= "and template_category = :template_category ";
$sql .= "and template_subcategory = :template_subcategory ";
$sql .= "and template_type = :template_type ";
$sql .= "and template_enabled = 'true' ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
$parameters['template_language'] = $language_code;
$parameters['template_category'] = 'authentication';
$parameters['template_subcategory'] = 'email';
$parameters['template_type'] = 'html';
$database = new database;
$row = $database->select($sql, $parameters, 'row');
$email_subject = $row['template_subject'];
$email_body = $row['template_body'];
unset($sql, $parameters, $row);
//replace variables in email subject
$email_subject = str_replace('${domain_name}', $_SESSION["domain_name"], $email_subject);
//replace variables in email body
$email_body = str_replace('${domain_name}', $_SESSION["domain_name"], $email_body);
$email_body = str_replace('${auth_code}', $_SESSION["user"]["authentication"]["email"]["code"], $email_body);
//get the email from name and address
$email_from_address = $_SESSION['email']['smtp_from']['text'];
$email_from_name = $_SESSION['email']['smtp_from_name']['text'];
//send email - direct
$email = new email;
$email->recipients = $_SESSION["user_email"];
$email->subject = $email_subject;
$email->body = $email_body;
$email->from_address = $email_from_address;
$email->from_name = $email_from_name;
//$email->attachments = $email_attachments;
$email->debug_level = 0;
$email->method = 'direct';
$sent = $email->send();
//debug informations
//$email_response = $email->response;
//$email_error = $email->email_error;
//echo $email_response."<br />\n";
//echo $email_error."<br />\n";
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//assign default values to the template
$view->assign("login_title", $text['label-verify']);
$view->assign("login_email_description", $text['label-email_description']);
$view->assign("login_authentication_code", $text['label-authentication_code']);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
$view->assign("button_verify", $text['label-verify']);
//debug information
//echo "<pre>\n";
//print_r($text);
//echo "</pre>\n";
//show the views
$content = $view->render('email.htm');
echo $content;
exit;
}
//if authorized then verify
if (isset($_POST['authentication_code'])) {
//check if the authentication code has expired. if expired return false
if ($_SESSION["user"]["authentication"]["email"]["epoch"] + 3 > time()) {
//authentication code expired
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["error_message"] = 'code expired';
$result["authorized"] = false;
print_r($result);
return $result;
exit;
}
//get the user details
$sql = "select user_uuid, user_email, contact_uuid, user_email_secret\n";
$sql .= "from v_users\n";
$sql .= "where username = :username\n";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_SESSION["username"];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_email_secret = $row['user_email_secret'];
unset($parameters);
//validate the code
if ($_SESSION["user"]["authentication"]["email"]["code"] === $_POST['authentication_code']) {
$auth_valid = true;
}
else {
$auth_valid = false;
}
//get the user details
if ($auth_valid) {
//get user data from the database
$sql = "select user_uuid, username, user_email, contact_uuid from v_users ";
$sql .= "where user_uuid = :user_uuid ";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
//view_array($row);
unset($parameters);
//set a few session variables
//$_SESSION["username"] = $row['username']; //setting the username makes it skip the rest of the authentication
//$_SESSION["user_email"] = $row['user_email'];
//$_SESSION["contact_uuid"] = $row["contact_uuid"];
}
else {
//destroy session
session_unset();
session_destroy();
//$_SESSION['authentication']['plugin']
//send http 403
header('HTTP/1.0 403 Forbidden', true, 403);
//redirect to the root of the website
header("Location: ".PROJECT_PATH."/");
//exit the code
exit();
}
/*
//check if user successfully logged in during the interval
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
$sql = "select count(*) as count ";
$sql .= "from v_user_logs ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_agent = :user_agent ";
$sql .= "and type = 'login' ";
$sql .= "and result = 'success' ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['user_uuid'] = $this->user_uuid;
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$database = new database;
$user_log_count = $database->select($sql, $parameters, 'all');
//view_array($user_log_count);
unset($sql, $parameters);
*/
//result array
$result["plugin"] = "email";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["authorized"] = $auth_valid ? true : false;
return $result;
//$_SESSION['authentication']['plugin']['email']['plugin'] = "email";
//$_SESSION['authentication']['plugin']['email']['domain_name'] = $_SESSION["domain_name"];
//$_SESSION['authentication']['plugin']['email']['username'] = $row['username'];
//$_SESSION['authentication']['plugin']['email']['user_uuid'] = $_SESSION["user_uuid"];
//$_SESSION['authentication']['plugin']['email']['contact_uuid'] = $_SESSION["contact_uuid"];
//$_SESSION['authentication']['plugin']['email']['domain_uuid'] = $_SESSION["domain_uuid"];
//$_SESSION['authentication']['plugin']['email']['authorized'] = $auth_valid ? true : false;
}
}
}
?>

14
core/authentication/resources/classes/plugins/ldap.php
View File

@@ -140,15 +140,15 @@ class plugin_ldap {
}
//result array
$result["plugin"] = "ldap";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
$result["ldap"]["plugin"] = "ldap";
$result["ldap"]["domain_name"] = $this->domain_name;
$result["ldap"]["username"] = $this->username;
if ($this->debug) {
$result["password"] = $this->password;
$result["ldap"]["password"] = $this->password;
}
$result["user_uuid"] = $this->user_uuid;
$result["domain_uuid"] = $this->domain_uuid;
$result["authorized"] = $user_authorized ? 'true' : 'false';
$result["ldap"]["user_uuid"] = $this->user_uuid;
$result["ldap"]["domain_uuid"] = $this->domain_uuid;
$result["ldap"]["authorized"] = $user_authorized ? true : false;
return $result;
}
}

266
core/authentication/resources/classes/plugins/totp.php Normal file
View File

@@ -0,0 +1,266 @@
<?php
/**
* plugin_totp
*
* @method totp time based one time password authenticate the user
*/
class plugin_totp {
/**
* Define variables and their scope
*/
public $debug;
public $domain_name;
public $username;
public $password;
public $user_uuid;
public $user_email;
public $contact_uuid;
private $user_totp_secret;
/**
* time based one time password aka totp
* @return array [authorized] => true or false
*/
function totp() {
//request the username
if (!isset($_POST['username']) && !isset($_POST['authentication_code'])) {
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//assign default values to the template
$view->assign("login_title", $text['label-username']);
$view->assign("login_username", $text['label-username']);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
$view->assign("button_login", $text['button-login']);
//show the views
$content = $view->render('username.htm');
echo $content;
exit;
}
//show the authentication code view
if (!isset($_POST['authentication_code'])) {
//get the username
if (!isset($this->username) && isset($_REQUEST['username'])) {
$this->username = $_REQUEST['username'];
}
//get the user details
$sql = "select user_uuid, username, user_email, contact_uuid, user_totp_secret\n";
$sql .= "from v_users\n";
$sql .= "where username = :username\n";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $this->domain_uuid;
}
$parameters['username'] = $this->username;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
unset($parameters);
//set class variables
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_totp_secret = $row['user_totp_secret'];
//set a few session variables
$_SESSION["user_uuid"] = $row['user_uuid'];
$_SESSION["username"] = $row['username'];
$_SESSION["user_email"] = $row['user_email'];
$_SESSION["contact_uuid"] = $row["contact_uuid"];
//set a default template
$_SESSION['domain']['template']['name'] = 'default';
$_SESSION['theme']['menu_brand_image']['text'] = PROJECT_PATH.'/themes/default/images/logo.png';
$_SESSION['theme']['menu_brand_type']['text'] = 'image';
//get the domain
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
$domain_name = $domain_array[0];
//temp directory
$_SESSION['server']['temp']['dir'] = '/tmp';
//create token
//$object = new token;
//$token = $object->create('login');
//add multi-lingual support
$language = new text;
$text = $language->get(null, '/core/authentication');
//initialize a template object
$view = new template();
$view->engine = 'smarty';
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
$view->cache_dir = $_SESSION['server']['temp']['dir'];
$view->init();
//assign default values to the template
$view->assign("login_title", $text['label-verify']);
$view->assign("login_authentication_code", $text['label-authentication_code']);
$view->assign("login_logo_width", $login_logo_width);
$view->assign("login_logo_height", $login_logo_height);
$view->assign("login_logo_source", $login_logo_source);
$view->assign("button_verify", $text['label-verify']);
//show the views
$content = $view->render('totp.htm');
echo $content;
exit;
}
//if authorized then verify
if (isset($_POST['authentication_code'])) {
//get the user details
$sql = "select user_uuid, user_email, contact_uuid, user_totp_secret\n";
$sql .= "from v_users\n";
$sql .= "where username = :username\n";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['username'] = $_SESSION["username"];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
$this->user_uuid = $row['user_uuid'];
$this->user_email = $row['user_email'];
$this->contact_uuid = $row['contact_uuid'];
$this->user_totp_secret = $row['user_totp_secret'];
unset($parameters);
//include the google authenticator
include_once "resources/google_authenticator/GoogleAuthenticatorInterface.php";
include_once "resources/google_authenticator/FixedBitNotation.php";
include_once "resources/google_authenticator/GoogleAuthenticator.php";
//create the authenticator object
$totp = new \Sonata\GoogleAuthenticator\GoogleAuthenticator();
//validate the code
if ($totp->checkCode($this->user_totp_secret, $_POST['authentication_code'])) {
$auth_valid = true;
}
else {
$auth_valid = false;
}
//get the user details
if ($auth_valid) {
//get user data from the database
$sql = "select user_uuid, username, user_email, contact_uuid from v_users ";
$sql .= "where user_uuid = :user_uuid ";
if ($_SESSION["users"]["unique"]["text"] != "global") {
//unique username per domain (not globally unique across system - example: email address)
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
}
$parameters['user_uuid'] = $_SESSION["user_uuid"];
$database = new database;
$row = $database->select($sql, $parameters, 'row');
//view_array($row);
unset($parameters);
}
else {
//destroy session
session_unset();
session_destroy();
//$_SESSION['authentication']['plugin']
//send http 403
header('HTTP/1.0 403 Forbidden', true, 403);
//redirect to the root of the website
header("Location: ".PROJECT_PATH."/");
//exit the code
exit();
}
/*
//check if user successfully logged in during the interval
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
$sql = "select count(*) as count ";
$sql .= "from v_user_logs ";
$sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and user_uuid = :user_uuid ";
$sql .= "and user_agent = :user_agent ";
$sql .= "and type = 'login' ";
$sql .= "and result = 'success' ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
$parameters['domain_uuid'] = $this->domain_uuid;
$parameters['user_uuid'] = $this->user_uuid;
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$database = new database;
$user_log_count = $database->select($sql, $parameters, 'all');
//view_array($user_log_count);
unset($sql, $parameters);
*/
//build the result array
$result["plugin"] = "totp";
$result["domain_name"] = $_SESSION["domain_name"];
$result["username"] = $_SESSION["username"];
$result["user_uuid"] = $_SESSION["user_uuid"];
$result["domain_uuid"] = $_SESSION["domain_uuid"];
$result["contact_uuid"] = $_SESSION["contact_uuid"];
$result["authorized"] = $auth_valid ? true : false;
//add the failed login to user logs
if (!$auth_valid) {
user_logs::add($result);
}
//retun the array
return $result;
//$_SESSION['authentication']['plugin']['totp']['plugin'] = "totp";
//$_SESSION['authentication']['plugin']['totp']['domain_name'] = $_SESSION["domain_name"];
//$_SESSION['authentication']['plugin']['totp']['username'] = $row['username'];
//$_SESSION['authentication']['plugin']['totp']['user_uuid'] = $_SESSION["user_uuid"];
//$_SESSION['authentication']['plugin']['totp']['contact_uuid'] = $_SESSION["contact_uuid"];
//$_SESSION['authentication']['plugin']['totp']['domain_uuid'] = $_SESSION["domain_uuid"];
//$_SESSION['authentication']['plugin']['totp']['authorized'] = $auth_valid ? true : false;
}
}
}
?>