mirror of
https://github.com/fusionpbx/fusionpbx.git
synced 2026-02-13 14:45:01 +00:00
Documentation, format class, no modification. (#7628)
This commit is contained in:
frytimo
@@ -65,325 +65,322 @@ class plugin_totp {
|
||||
|
||||
/**
|
||||
* time based one time password aka totp
|
||||
*
|
||||
* @return array [authorized] => true or false
|
||||
*/
|
||||
function totp(authentication $auth, settings $settings) {
|
||||
|
||||
//pre-process some settings
|
||||
$theme_favicon = $settings->get('theme', 'favicon', PROJECT_PATH.'/themes/default/favicon.ico');
|
||||
$theme_logo = $settings->get('theme', 'logo', PROJECT_PATH.'/themes/default/images/logo_login.png');
|
||||
$theme_login_type = $settings->get('theme', 'login_brand_type', '');
|
||||
$theme_login_image = $settings->get('theme', 'login_brand_image', '');
|
||||
$theme_login_text = $settings->get('theme', 'login_brand_text', '');
|
||||
$theme_login_logo_width = $settings->get('theme', 'login_logo_width', 'auto; max-width: 300px');
|
||||
$theme_login_logo_height = $settings->get('theme', 'login_logo_height', 'auto; max-height: 300px');
|
||||
$theme_message_delay = 1000 * (float)$settings->get('theme', 'message_delay', 3000);
|
||||
$background_videos = $settings->get('theme', 'background_video', null);
|
||||
$theme_background_video = (isset($background_videos) && is_array($background_videos)) ? $background_videos[0] : null;
|
||||
//$login_domain_name_visible = $settings->get('login', 'domain_name_visible');
|
||||
//$login_domain_name = $settings->get('login', 'domain_name');
|
||||
$login_destination = $settings->get('login', 'destination');
|
||||
$users_unique = $settings->get('users', 'unique', '');
|
||||
$theme_favicon = $settings->get('theme', 'favicon', PROJECT_PATH . '/themes/default/favicon.ico');
|
||||
$theme_logo = $settings->get('theme', 'logo', PROJECT_PATH . '/themes/default/images/logo_login.png');
|
||||
$theme_login_type = $settings->get('theme', 'login_brand_type', '');
|
||||
$theme_login_image = $settings->get('theme', 'login_brand_image', '');
|
||||
$theme_login_text = $settings->get('theme', 'login_brand_text', '');
|
||||
$theme_login_logo_width = $settings->get('theme', 'login_logo_width', 'auto; max-width: 300px');
|
||||
$theme_login_logo_height = $settings->get('theme', 'login_logo_height', 'auto; max-height: 300px');
|
||||
$theme_message_delay = 1000 * (float)$settings->get('theme', 'message_delay', 3000);
|
||||
$background_videos = $settings->get('theme', 'background_video', null);
|
||||
$theme_background_video = (isset($background_videos) && is_array($background_videos)) ? $background_videos[0] : null;
|
||||
//$login_domain_name_visible = $settings->get('login', 'domain_name_visible');
|
||||
//$login_domain_name = $settings->get('login', 'domain_name');
|
||||
$login_destination = $settings->get('login', 'destination');
|
||||
$users_unique = $settings->get('users', 'unique', '');
|
||||
|
||||
//get the username
|
||||
if (isset($_SESSION["username"])) {
|
||||
$this->username = $_SESSION["username"];
|
||||
}
|
||||
if (isset($_POST['username'])) {
|
||||
$this->username = $_POST['username'];
|
||||
$_SESSION["username"] = $this->username;
|
||||
}
|
||||
if (isset($_SESSION["username"])) {
|
||||
$this->username = $_SESSION["username"];
|
||||
}
|
||||
if (isset($_POST['username'])) {
|
||||
$this->username = $_POST['username'];
|
||||
$_SESSION["username"] = $this->username;
|
||||
}
|
||||
|
||||
//request the username
|
||||
if (!$this->username && !isset($_POST['authentication_code'])) {
|
||||
if (!$this->username && !isset($_POST['authentication_code'])) {
|
||||
|
||||
//get the domain
|
||||
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
|
||||
$domain_name = $domain_array[0];
|
||||
//get the domain
|
||||
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
|
||||
$domain_name = $domain_array[0];
|
||||
|
||||
//create token
|
||||
//$object = new token;
|
||||
//$token = $object->create('login');
|
||||
//create token
|
||||
//$object = new token;
|
||||
//$token = $object->create('login');
|
||||
|
||||
//add multi-lingual support
|
||||
$language = new text;
|
||||
$text = $language->get(null, '/core/authentication');
|
||||
//add multi-lingual support
|
||||
$language = new text;
|
||||
$text = $language->get(null, '/core/authentication');
|
||||
|
||||
//initialize a template object
|
||||
$view = new template();
|
||||
$view->engine = 'smarty';
|
||||
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
|
||||
$view->cache_dir = sys_get_temp_dir();
|
||||
$view->init();
|
||||
//initialize a template object
|
||||
$view = new template();
|
||||
$view->engine = 'smarty';
|
||||
$view->template_dir = $_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/authentication/resources/views/';
|
||||
$view->cache_dir = sys_get_temp_dir();
|
||||
$view->init();
|
||||
|
||||
//assign default values to the template
|
||||
$view->assign("project_path", PROJECT_PATH);
|
||||
$view->assign("login_destination_url", $login_destination);
|
||||
$view->assign("favicon", $theme_favicon);
|
||||
$view->assign("login_title", $text['label-username']);
|
||||
$view->assign("login_username", $text['label-username']);
|
||||
$view->assign("login_logo_width", $theme_login_logo_width);
|
||||
$view->assign("login_logo_height", $theme_login_logo_height);
|
||||
$view->assign("login_logo_source", $theme_logo);
|
||||
$view->assign("button_login", $text['button-login']);
|
||||
//assign default values to the template
|
||||
$view->assign("project_path", PROJECT_PATH);
|
||||
$view->assign("login_destination_url", $login_destination);
|
||||
$view->assign("favicon", $theme_favicon);
|
||||
$view->assign("login_title", $text['label-username']);
|
||||
$view->assign("login_username", $text['label-username']);
|
||||
$view->assign("login_logo_width", $theme_login_logo_width);
|
||||
$view->assign("login_logo_height", $theme_login_logo_height);
|
||||
$view->assign("login_logo_source", $theme_logo);
|
||||
$view->assign("button_login", $text['button-login']);
|
||||
$view->assign("favicon", $theme_favicon);
|
||||
$view->assign("message_delay", $theme_message_delay);
|
||||
|
||||
//messages
|
||||
$view->assign('messages', message::html(true, ' '));
|
||||
|
||||
//show the views
|
||||
$content = $view->render('username.htm');
|
||||
echo $content;
|
||||
exit;
|
||||
}
|
||||
|
||||
//show the authentication code view
|
||||
if (!isset($_POST['authentication_code'])) {
|
||||
|
||||
//get the username
|
||||
if (!isset($this->username) && isset($_REQUEST['username'])) {
|
||||
$this->username = $_REQUEST['username'];
|
||||
$_SESSION['username'] = $this->username;
|
||||
}
|
||||
|
||||
//get the domain name
|
||||
if (!empty($_SESSION['username'])) {
|
||||
$auth = new authentication;
|
||||
$auth->get_domain();
|
||||
$this->domain_uuid = $_SESSION['domain_uuid'];
|
||||
$this->domain_name = $_SESSION['domain_name'];
|
||||
$this->username = $_SESSION['username'];
|
||||
}
|
||||
|
||||
//get the user details
|
||||
$sql = "select user_uuid, username, user_email, contact_uuid, user_totp_secret\n";
|
||||
$sql .= "from v_users\n";
|
||||
$sql .= "where (\n";
|
||||
$sql .= " username = :username\n";
|
||||
$sql .= " or user_email = :username\n";
|
||||
$sql .= ")\n";
|
||||
if (empty($_SESSION["users"]["unique"]["text"]) || $_SESSION["users"]["unique"]["text"] != "global") {
|
||||
//unique username per domain (not globally unique across system - example: email address)
|
||||
$sql .= "and domain_uuid = :domain_uuid ";
|
||||
$parameters['domain_uuid'] = $this->domain_uuid;
|
||||
}
|
||||
$sql .= "and (user_type = 'default' or user_type is null) ";
|
||||
$parameters['username'] = $this->username;
|
||||
$row = $this->database->select($sql, $parameters, 'row');
|
||||
if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
|
||||
//clear submitted usernames
|
||||
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
|
||||
|
||||
//build the result array
|
||||
$result["plugin"] = "totp";
|
||||
$result["domain_uuid"] = $_SESSION["domain_uuid"];
|
||||
$result["domain_name"] = $_SESSION["domain_name"];
|
||||
$result["authorized"] = false;
|
||||
|
||||
//retun the array
|
||||
return $result;
|
||||
}
|
||||
unset($parameters);
|
||||
|
||||
//set class variables
|
||||
$this->user_uuid = $row['user_uuid'];
|
||||
$this->user_email = $row['user_email'];
|
||||
$this->contact_uuid = $row['contact_uuid'];
|
||||
$this->user_totp_secret = $row['user_totp_secret'];
|
||||
|
||||
//set a few session variables
|
||||
$_SESSION["user_uuid"] = $row['user_uuid'];
|
||||
$_SESSION["username"] = $row['username'];
|
||||
$_SESSION["user_email"] = $row['user_email'];
|
||||
$_SESSION["contact_uuid"] = $row["contact_uuid"];
|
||||
|
||||
//get the domain
|
||||
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
|
||||
$domain_name = $domain_array[0];
|
||||
|
||||
//create token
|
||||
//$object = new token;
|
||||
//$token = $object->create('login');
|
||||
|
||||
//add multi-lingual support
|
||||
$language = new text;
|
||||
$text = $language->get(null, '/core/authentication');
|
||||
|
||||
//initialize a template object
|
||||
$view = new template();
|
||||
$view->engine = 'smarty';
|
||||
$view->template_dir = $_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/authentication/resources/views/';
|
||||
$view->cache_dir = sys_get_temp_dir();
|
||||
$view->init();
|
||||
|
||||
//assign values to the template
|
||||
$view->assign("project_path", PROJECT_PATH);
|
||||
$view->assign("login_destination_url", $login_destination);
|
||||
$view->assign("favicon", $theme_favicon);
|
||||
$view->assign("login_title", $text['label-verify']);
|
||||
$view->assign("login_totp_description", $text['label-totp_description']);
|
||||
$view->assign("login_authentication_code", $text['label-authentication_code']);
|
||||
$view->assign("login_logo_width", $theme_login_logo_width);
|
||||
$view->assign("login_logo_height", $theme_login_logo_height);
|
||||
$view->assign("login_logo_source", $theme_logo);
|
||||
$view->assign("favicon", $theme_favicon);
|
||||
$view->assign("background_video", $theme_background_video);
|
||||
if (!empty($_SESSION['username'])) {
|
||||
$view->assign("username", $_SESSION['username']);
|
||||
$view->assign("button_cancel", $text['button-cancel']);
|
||||
}
|
||||
|
||||
//show the views
|
||||
if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && empty($this->user_totp_secret)) {
|
||||
|
||||
//create the totp secret
|
||||
$base32 = new base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', false, true, true);
|
||||
$user_totp_secret = $base32->encode(generate_password(20, 3));
|
||||
$this->user_totp_secret = $user_totp_secret;
|
||||
|
||||
//add user setting to array for update
|
||||
$x = 0;
|
||||
$array['users'][$x]['user_uuid'] = $this->user_uuid;
|
||||
$array['users'][$x]['domain_uuid'] = $this->domain_uuid;
|
||||
$array['users'][$x]['user_totp_secret'] = $this->user_totp_secret;
|
||||
|
||||
//add the user_edit permission
|
||||
$p = permissions::new();
|
||||
$p->add("user_edit", "temp");
|
||||
|
||||
//save the data
|
||||
$this->database->save($array);
|
||||
|
||||
//remove the temporary permission
|
||||
$p->delete("user_edit", "temp");
|
||||
|
||||
//qr code includes
|
||||
require_once 'resources/qr_code/QRErrorCorrectLevel.php';
|
||||
require_once 'resources/qr_code/QRCode.php';
|
||||
require_once 'resources/qr_code/QRCodeImage.php';
|
||||
|
||||
//build the otp authentication url
|
||||
$otpauth = "otpauth://totp/" . $this->username;
|
||||
$otpauth .= "?secret=" . $this->user_totp_secret;
|
||||
$otpauth .= "&issuer=" . $_SESSION['domain_name'];
|
||||
|
||||
//build the qr code image
|
||||
try {
|
||||
$code = new QRCode (-1, QRErrorCorrectLevel::H);
|
||||
$code->addData($otpauth);
|
||||
$code->make();
|
||||
$img = new QRCodeImage ($code, $width = 210, $height = 210, $quality = 50);
|
||||
$img->draw();
|
||||
$image = $img->getImage();
|
||||
$img->finish();
|
||||
} catch (Exception $error) {
|
||||
echo $error;
|
||||
}
|
||||
|
||||
//assign values to the template
|
||||
$view->assign("totp_secret", $this->user_totp_secret);
|
||||
$view->assign("totp_image", base64_encode($image));
|
||||
$view->assign("totp_description", $text['description-totp']);
|
||||
$view->assign("button_next", $text['button-next']);
|
||||
$view->assign("favicon", $theme_favicon);
|
||||
$view->assign("message_delay", $theme_message_delay);
|
||||
|
||||
//messages
|
||||
$view->assign('messages', message::html(true, ' '));
|
||||
|
||||
//show the views
|
||||
$content = $view->render('username.htm');
|
||||
echo $content;
|
||||
exit;
|
||||
}
|
||||
|
||||
//show the authentication code view
|
||||
if (!isset($_POST['authentication_code'])) {
|
||||
|
||||
//get the username
|
||||
if (!isset($this->username) && isset($_REQUEST['username'])) {
|
||||
$this->username = $_REQUEST['username'];
|
||||
$_SESSION['username'] = $this->username;
|
||||
}
|
||||
|
||||
//get the domain name
|
||||
if (!empty($_SESSION['username'])) {
|
||||
$auth = new authentication;
|
||||
$auth->get_domain();
|
||||
$this->domain_uuid = $_SESSION['domain_uuid'];
|
||||
$this->domain_name = $_SESSION['domain_name'];
|
||||
$this->username = $_SESSION['username'];
|
||||
}
|
||||
|
||||
//get the user details
|
||||
$sql = "select user_uuid, username, user_email, contact_uuid, user_totp_secret\n";
|
||||
$sql .= "from v_users\n";
|
||||
$sql .= "where (\n";
|
||||
$sql .= " username = :username\n";
|
||||
$sql .= " or user_email = :username\n";
|
||||
$sql .= ")\n";
|
||||
if (empty($_SESSION["users"]["unique"]["text"]) || $_SESSION["users"]["unique"]["text"] != "global") {
|
||||
//unique username per domain (not globally unique across system - example: email address)
|
||||
$sql .= "and domain_uuid = :domain_uuid ";
|
||||
$parameters['domain_uuid'] = $this->domain_uuid;
|
||||
}
|
||||
$sql .= "and (user_type = 'default' or user_type is null) ";
|
||||
$parameters['username'] = $this->username;
|
||||
$row = $this->database->select($sql, $parameters, 'row');
|
||||
if (empty($row) || !is_array($row) || @sizeof($row) == 0) {
|
||||
//clear submitted usernames
|
||||
unset($this->username, $_SESSION['username'], $_REQUEST['username'], $_POST['username']);
|
||||
|
||||
//build the result array
|
||||
$result["plugin"] = "totp";
|
||||
$result["domain_uuid"] = $_SESSION["domain_uuid"];
|
||||
$result["domain_name"] = $_SESSION["domain_name"];
|
||||
$result["authorized"] = false;
|
||||
|
||||
//retun the array
|
||||
return $result;
|
||||
}
|
||||
unset($parameters);
|
||||
|
||||
//set class variables
|
||||
$this->user_uuid = $row['user_uuid'];
|
||||
$this->user_email = $row['user_email'];
|
||||
$this->contact_uuid = $row['contact_uuid'];
|
||||
$this->user_totp_secret = $row['user_totp_secret'];
|
||||
|
||||
//set a few session variables
|
||||
$_SESSION["user_uuid"] = $row['user_uuid'];
|
||||
$_SESSION["username"] = $row['username'];
|
||||
$_SESSION["user_email"] = $row['user_email'];
|
||||
$_SESSION["contact_uuid"] = $row["contact_uuid"];
|
||||
|
||||
//get the domain
|
||||
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
|
||||
$domain_name = $domain_array[0];
|
||||
|
||||
//create token
|
||||
//$object = new token;
|
||||
//$token = $object->create('login');
|
||||
|
||||
//add multi-lingual support
|
||||
$language = new text;
|
||||
$text = $language->get(null, '/core/authentication');
|
||||
|
||||
//initialize a template object
|
||||
$view = new template();
|
||||
$view->engine = 'smarty';
|
||||
$view->template_dir = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/authentication/resources/views/';
|
||||
$view->cache_dir = sys_get_temp_dir();
|
||||
$view->init();
|
||||
|
||||
//render the template
|
||||
$content = $view->render('totp_secret.htm');
|
||||
} else {
|
||||
//assign values to the template
|
||||
$view->assign("project_path", PROJECT_PATH);
|
||||
$view->assign("login_destination_url", $login_destination);
|
||||
$view->assign("favicon", $theme_favicon);
|
||||
$view->assign("login_title", $text['label-verify']);
|
||||
$view->assign("login_totp_description", $text['label-totp_description']);
|
||||
$view->assign("login_authentication_code", $text['label-authentication_code']);
|
||||
$view->assign("login_logo_width", $theme_login_logo_width);
|
||||
$view->assign("login_logo_height", $theme_login_logo_height);
|
||||
$view->assign("login_logo_source", $theme_logo);
|
||||
$view->assign("favicon", $theme_favicon);
|
||||
$view->assign("background_video", $theme_background_video);
|
||||
if (!empty($_SESSION['username'])) {
|
||||
$view->assign("username", $_SESSION['username']);
|
||||
$view->assign("button_cancel", $text['button-cancel']);
|
||||
}
|
||||
$view->assign("button_verify", $text['label-verify']);
|
||||
$view->assign("message_delay", $theme_message_delay);
|
||||
|
||||
//show the views
|
||||
if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && empty($this->user_totp_secret)) {
|
||||
//messages
|
||||
$view->assign('messages', message::html(true, ' '));
|
||||
|
||||
//create the totp secret
|
||||
$base32 = new base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE);
|
||||
$user_totp_secret = $base32->encode(generate_password(20,3));
|
||||
$this->user_totp_secret = $user_totp_secret;
|
||||
|
||||
//add user setting to array for update
|
||||
$x = 0;
|
||||
$array['users'][$x]['user_uuid'] = $this->user_uuid;
|
||||
$array['users'][$x]['domain_uuid'] = $this->domain_uuid;
|
||||
$array['users'][$x]['user_totp_secret'] = $this->user_totp_secret;
|
||||
|
||||
//add the user_edit permission
|
||||
$p = permissions::new();
|
||||
$p->add("user_edit", "temp");
|
||||
|
||||
//save the data
|
||||
$this->database->save($array);
|
||||
|
||||
//remove the temporary permission
|
||||
$p->delete("user_edit", "temp");
|
||||
|
||||
//qr code includes
|
||||
require_once 'resources/qr_code/QRErrorCorrectLevel.php';
|
||||
require_once 'resources/qr_code/QRCode.php';
|
||||
require_once 'resources/qr_code/QRCodeImage.php';
|
||||
|
||||
//build the otp authentication url
|
||||
$otpauth = "otpauth://totp/".$this->username;
|
||||
$otpauth .= "?secret=".$this->user_totp_secret;
|
||||
$otpauth .= "&issuer=".$_SESSION['domain_name'];
|
||||
|
||||
//build the qr code image
|
||||
try {
|
||||
$code = new QRCode (- 1, QRErrorCorrectLevel::H);
|
||||
$code->addData($otpauth);
|
||||
$code->make();
|
||||
$img = new QRCodeImage ($code, $width=210, $height=210, $quality=50);
|
||||
$img->draw();
|
||||
$image = $img->getImage();
|
||||
$img->finish();
|
||||
}
|
||||
catch (Exception $error) {
|
||||
echo $error;
|
||||
}
|
||||
|
||||
//assign values to the template
|
||||
$view->assign("totp_secret", $this->user_totp_secret);
|
||||
$view->assign("totp_image", base64_encode($image));
|
||||
$view->assign("totp_description", $text['description-totp']);
|
||||
$view->assign("button_next", $text['button-next']);
|
||||
$view->assign("favicon", $theme_favicon);
|
||||
$view->assign("message_delay", $theme_message_delay);
|
||||
|
||||
//messages
|
||||
$view->assign('messages', message::html(true, ' '));
|
||||
|
||||
//render the template
|
||||
$content = $view->render('totp_secret.htm');
|
||||
}
|
||||
else {
|
||||
//assign values to the template
|
||||
$view->assign("button_verify", $text['label-verify']);
|
||||
$view->assign("message_delay", $theme_message_delay);
|
||||
|
||||
//messages
|
||||
$view->assign('messages', message::html(true, ' '));
|
||||
|
||||
//render the template
|
||||
$content = $view->render('totp.htm');
|
||||
}
|
||||
echo $content;
|
||||
exit;
|
||||
//render the template
|
||||
$content = $view->render('totp.htm');
|
||||
}
|
||||
echo $content;
|
||||
exit;
|
||||
}
|
||||
|
||||
//if authorized then verify
|
||||
if (isset($_POST['authentication_code'])) {
|
||||
if (isset($_POST['authentication_code'])) {
|
||||
|
||||
//get the user details
|
||||
$sql = "select user_uuid, user_email, contact_uuid, user_totp_secret\n";
|
||||
$sql .= "from v_users\n";
|
||||
$sql .= "where (\n";
|
||||
$sql .= " username = :username\n";
|
||||
$sql .= " or user_email = :username\n";
|
||||
$sql .= ")\n";
|
||||
//get the user details
|
||||
$sql = "select user_uuid, user_email, contact_uuid, user_totp_secret\n";
|
||||
$sql .= "from v_users\n";
|
||||
$sql .= "where (\n";
|
||||
$sql .= " username = :username\n";
|
||||
$sql .= " or user_email = :username\n";
|
||||
$sql .= ")\n";
|
||||
if ($users_unique != "global") {
|
||||
//unique username per domain (not globally unique across system - example: email address)
|
||||
$sql .= "and domain_uuid = :domain_uuid ";
|
||||
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
|
||||
}
|
||||
$parameters['username'] = $_SESSION["username"];
|
||||
$row = $this->database->select($sql, $parameters, 'row');
|
||||
$this->user_uuid = $row['user_uuid'];
|
||||
$this->user_email = $row['user_email'];
|
||||
$this->contact_uuid = $row['contact_uuid'];
|
||||
$this->user_totp_secret = $row['user_totp_secret'];
|
||||
unset($parameters);
|
||||
|
||||
//create the authenticator object
|
||||
$totp = new google_authenticator;
|
||||
|
||||
//validate the code
|
||||
if ($totp->checkCode($this->user_totp_secret, $_POST['authentication_code'])) {
|
||||
$auth_valid = true;
|
||||
} else {
|
||||
$auth_valid = false;
|
||||
}
|
||||
|
||||
//clear posted authentication code
|
||||
unset($_POST['authentication_code']);
|
||||
|
||||
//check if contacts app exists
|
||||
$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"] . PROJECT_PATH . '/core/contacts/') ? true : false;
|
||||
|
||||
//get the user details
|
||||
if ($auth_valid) {
|
||||
//get user data from the database
|
||||
$sql = "select ";
|
||||
$sql .= " u.user_uuid, ";
|
||||
$sql .= " u.username, ";
|
||||
$sql .= " u.user_email, ";
|
||||
$sql .= " u.contact_uuid ";
|
||||
if ($contacts_exists) {
|
||||
$sql .= ",";
|
||||
$sql .= "c.contact_organization, ";
|
||||
$sql .= "c.contact_name_given, ";
|
||||
$sql .= "c.contact_name_family, ";
|
||||
$sql .= "a.contact_attachment_uuid ";
|
||||
}
|
||||
$sql .= "from ";
|
||||
$sql .= " v_users as u ";
|
||||
if ($contacts_exists) {
|
||||
$sql .= "left join v_contacts as c on u.contact_uuid = c.contact_uuid and u.contact_uuid is not null ";
|
||||
$sql .= "left join v_contact_attachments as a on u.contact_uuid = a.contact_uuid and u.contact_uuid is not null and a.attachment_primary = true and a.attachment_filename is not null and a.attachment_content is not null ";
|
||||
}
|
||||
$sql .= "where ";
|
||||
$sql .= " u.user_uuid = :user_uuid ";
|
||||
if ($users_unique != "global") {
|
||||
//unique username per domain (not globally unique across system - example: email address)
|
||||
$sql .= "and domain_uuid = :domain_uuid ";
|
||||
$sql .= "and u.domain_uuid = :domain_uuid ";
|
||||
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
|
||||
}
|
||||
$parameters['username'] = $_SESSION["username"];
|
||||
$row = $this->database->select($sql, $parameters, 'row');
|
||||
$this->user_uuid = $row['user_uuid'];
|
||||
$this->user_email = $row['user_email'];
|
||||
$this->contact_uuid = $row['contact_uuid'];
|
||||
$this->user_totp_secret = $row['user_totp_secret'];
|
||||
$parameters['user_uuid'] = $_SESSION["user_uuid"];
|
||||
$row = $this->database->select($sql, $parameters, 'row');
|
||||
unset($parameters);
|
||||
|
||||
//create the authenticator object
|
||||
$totp = new google_authenticator;
|
||||
|
||||
//validate the code
|
||||
if ($totp->checkCode($this->user_totp_secret, $_POST['authentication_code'])) {
|
||||
$auth_valid = true;
|
||||
}
|
||||
else {
|
||||
$auth_valid = false;
|
||||
}
|
||||
|
||||
//clear posted authentication code
|
||||
unset($_POST['authentication_code']);
|
||||
|
||||
//check if contacts app exists
|
||||
$contacts_exists = file_exists($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/core/contacts/') ? true : false;
|
||||
|
||||
//get the user details
|
||||
if ($auth_valid) {
|
||||
//get user data from the database
|
||||
$sql = "select ";
|
||||
$sql .= " u.user_uuid, ";
|
||||
$sql .= " u.username, ";
|
||||
$sql .= " u.user_email, ";
|
||||
$sql .= " u.contact_uuid ";
|
||||
if ($contacts_exists) {
|
||||
$sql .= ",";
|
||||
$sql .= "c.contact_organization, ";
|
||||
$sql .= "c.contact_name_given, ";
|
||||
$sql .= "c.contact_name_family, ";
|
||||
$sql .= "a.contact_attachment_uuid ";
|
||||
}
|
||||
$sql .= "from ";
|
||||
$sql .= " v_users as u ";
|
||||
if ($contacts_exists) {
|
||||
$sql .= "left join v_contacts as c on u.contact_uuid = c.contact_uuid and u.contact_uuid is not null ";
|
||||
$sql .= "left join v_contact_attachments as a on u.contact_uuid = a.contact_uuid and u.contact_uuid is not null and a.attachment_primary = true and a.attachment_filename is not null and a.attachment_content is not null ";
|
||||
}
|
||||
$sql .= "where ";
|
||||
$sql .= " u.user_uuid = :user_uuid ";
|
||||
if ($users_unique != "global") {
|
||||
//unique username per domain (not globally unique across system - example: email address)
|
||||
$sql .= "and u.domain_uuid = :domain_uuid ";
|
||||
$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
|
||||
}
|
||||
$parameters['user_uuid'] = $_SESSION["user_uuid"];
|
||||
$row = $this->database->select($sql, $parameters, 'row');
|
||||
unset($parameters);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
// //destroy session
|
||||
// session_unset();
|
||||
// session_destroy();
|
||||
@@ -397,64 +394,64 @@ class plugin_totp {
|
||||
// //exit the code
|
||||
// exit();
|
||||
|
||||
//clear authentication session
|
||||
unset($_SESSION['authentication']);
|
||||
//clear authentication session
|
||||
unset($_SESSION['authentication']);
|
||||
|
||||
// clear username
|
||||
unset($_SESSION["username"]);
|
||||
}
|
||||
|
||||
/*
|
||||
//check if user successfully logged in during the interval
|
||||
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
|
||||
$sql = "select count(*) as count ";
|
||||
$sql .= "from v_user_logs ";
|
||||
$sql .= "where domain_uuid = :domain_uuid ";
|
||||
$sql .= "and user_uuid = :user_uuid ";
|
||||
$sql .= "and user_agent = :user_agent ";
|
||||
$sql .= "and type = 'login' ";
|
||||
$sql .= "and result = 'success' ";
|
||||
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
|
||||
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
|
||||
$parameters['domain_uuid'] = $this->domain_uuid;
|
||||
$parameters['user_uuid'] = $this->user_uuid;
|
||||
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
|
||||
$user_log_count = $this->database->select($sql, $parameters, 'all');
|
||||
//view_array($user_log_count);
|
||||
unset($sql, $parameters);
|
||||
*/
|
||||
|
||||
//build the result array
|
||||
$result["plugin"] = "totp";
|
||||
$result["domain_name"] = $_SESSION["domain_name"];
|
||||
$result["username"] = $_SESSION["username"] ?? null;
|
||||
$result["user_uuid"] = $_SESSION["user_uuid"];
|
||||
$result["domain_uuid"] = $_SESSION["domain_uuid"];
|
||||
$result["contact_uuid"] = $_SESSION["contact_uuid"];
|
||||
if ($contacts_exists) {
|
||||
$result["contact_organization"] = $row["contact_organization"];
|
||||
$result["contact_name_given"] = $row["contact_name_given"];
|
||||
$result["contact_name_family"] = $row["contact_name_family"];
|
||||
$result["contact_image"] = $row["contact_attachment_uuid"];
|
||||
}
|
||||
$result["authorized"] = $auth_valid ? true : false;
|
||||
|
||||
//add the failed login to user logs
|
||||
if (!$auth_valid) {
|
||||
user_logs::add($result);
|
||||
}
|
||||
|
||||
//retun the array
|
||||
return $result;
|
||||
|
||||
//$_SESSION['authentication']['plugin']['totp']['plugin'] = "totp";
|
||||
//$_SESSION['authentication']['plugin']['totp']['domain_name'] = $_SESSION["domain_name"];
|
||||
//$_SESSION['authentication']['plugin']['totp']['username'] = $row['username'];
|
||||
//$_SESSION['authentication']['plugin']['totp']['user_uuid'] = $_SESSION["user_uuid"];
|
||||
//$_SESSION['authentication']['plugin']['totp']['contact_uuid'] = $_SESSION["contact_uuid"];
|
||||
//$_SESSION['authentication']['plugin']['totp']['domain_uuid'] = $_SESSION["domain_uuid"];
|
||||
//$_SESSION['authentication']['plugin']['totp']['authorized'] = $auth_valid ? true : false;
|
||||
// clear username
|
||||
unset($_SESSION["username"]);
|
||||
}
|
||||
|
||||
/*
|
||||
//check if user successfully logged in during the interval
|
||||
//$sql = "select user_log_uuid, timestamp, user_name, user_agent, remote_address ";
|
||||
$sql = "select count(*) as count ";
|
||||
$sql .= "from v_user_logs ";
|
||||
$sql .= "where domain_uuid = :domain_uuid ";
|
||||
$sql .= "and user_uuid = :user_uuid ";
|
||||
$sql .= "and user_agent = :user_agent ";
|
||||
$sql .= "and type = 'login' ";
|
||||
$sql .= "and result = 'success' ";
|
||||
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) > 3 ";
|
||||
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < 300 ";
|
||||
$parameters['domain_uuid'] = $this->domain_uuid;
|
||||
$parameters['user_uuid'] = $this->user_uuid;
|
||||
$parameters['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
|
||||
$user_log_count = $this->database->select($sql, $parameters, 'all');
|
||||
//view_array($user_log_count);
|
||||
unset($sql, $parameters);
|
||||
*/
|
||||
|
||||
//build the result array
|
||||
$result["plugin"] = "totp";
|
||||
$result["domain_name"] = $_SESSION["domain_name"];
|
||||
$result["username"] = $_SESSION["username"] ?? null;
|
||||
$result["user_uuid"] = $_SESSION["user_uuid"];
|
||||
$result["domain_uuid"] = $_SESSION["domain_uuid"];
|
||||
$result["contact_uuid"] = $_SESSION["contact_uuid"];
|
||||
if ($contacts_exists) {
|
||||
$result["contact_organization"] = $row["contact_organization"];
|
||||
$result["contact_name_given"] = $row["contact_name_given"];
|
||||
$result["contact_name_family"] = $row["contact_name_family"];
|
||||
$result["contact_image"] = $row["contact_attachment_uuid"];
|
||||
}
|
||||
$result["authorized"] = $auth_valid ? true : false;
|
||||
|
||||
//add the failed login to user logs
|
||||
if (!$auth_valid) {
|
||||
user_logs::add($result);
|
||||
}
|
||||
|
||||
//retun the array
|
||||
return $result;
|
||||
|
||||
//$_SESSION['authentication']['plugin']['totp']['plugin'] = "totp";
|
||||
//$_SESSION['authentication']['plugin']['totp']['domain_name'] = $_SESSION["domain_name"];
|
||||
//$_SESSION['authentication']['plugin']['totp']['username'] = $row['username'];
|
||||
//$_SESSION['authentication']['plugin']['totp']['user_uuid'] = $_SESSION["user_uuid"];
|
||||
//$_SESSION['authentication']['plugin']['totp']['contact_uuid'] = $_SESSION["contact_uuid"];
|
||||
//$_SESSION['authentication']['plugin']['totp']['domain_uuid'] = $_SESSION["domain_uuid"];
|
||||
//$_SESSION['authentication']['plugin']['totp']['authorized'] = $auth_valid ? true : false;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user