From ebf552e448003d1d074a482fb0c1b38818cdb838 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Fri, 12 May 2023 19:30:29 -0600
Subject: [PATCH] Refinements for the authentication class

---
 .../resources/classes/plugins/totp.php        | 34 +++++++++++++------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/core/authentication/resources/classes/plugins/totp.php b/core/authentication/resources/classes/plugins/totp.php
index 81ec83e5e4..5f32e837df 100644
--- a/core/authentication/resources/classes/plugins/totp.php
+++ b/core/authentication/resources/classes/plugins/totp.php
@@ -26,8 +26,12 @@ class plugin_totp {
 	function totp() {
 
 		//pre-process some settings
-			$settings['theme']['favicon'] = !empty($settings['theme']['favicon']) ? $settings['theme']['favicon'] : PROJECT_PATH.'/themes/default/favicon.ico';
-			$settings['login']['destination'] = !empty($settings['login']['destination']) ? $settings['login']['destination'] : '';
+			$settings['theme']['favicon'] = !empty($_SESSION['theme']['favicon']['text']) ? $_SESSION['theme']['favicon']['text'] : PROJECT_PATH.'/themes/default/favicon.ico';
+			$settings['login']['destination'] = !empty($_SESSION['login']['destination']['text']) ? $_SESSION['login']['destination']['text'] : '';
+			$settings['users']['unique'] = !empty($_SESSION['users']['unique']['text']) ? $_SESSION['users']['unique']['text'] : '';
+			$settings['theme']['logo'] = !empty($_SESSION['theme']['logo']['text']) ? $_SESSION['theme']['logo']['text'] : PROJECT_PATH.'/themes/default/images/logo_login.png';
+			$settings['theme']['login_logo_width'] = !empty($_SESSION['theme']['login_logo_width']['text']) ? $_SESSION['theme']['login_logo_width']['text'] : 'auto; max-width: 300px';
+			$settings['theme']['login_logo_height'] = !empty($_SESSION['theme']['login_logo_height']['text']) ? $_SESSION['theme']['login_logo_height']['text'] : 'auto; max-height: 300px';
 
 		//get the username
 			if (isset($_SESSION["username"])) {
@@ -73,9 +77,9 @@ class plugin_totp {
 				$view->assign("favicon", $settings['theme']['favicon']);
 				$view->assign("login_title", $text['label-username']);
 				$view->assign("login_username", $text['label-username']);
-				$view->assign("login_logo_width", $login_logo_width);
-				$view->assign("login_logo_height", $login_logo_height);
-				$view->assign("login_logo_source", $login_logo_source);
+				$view->assign("login_logo_width", $settings['theme']['login_logo_width']);
+				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
+				$view->assign("login_logo_source", $settings['theme']['logo']);
 				$view->assign("button_login", $text['button-login']);
 				$view->assign("favicon", $settings['theme']['favicon']);
 
@@ -91,6 +95,16 @@ class plugin_totp {
 				//get the username
 				if (!isset($this->username) && isset($_REQUEST['username'])) {
 					$this->username = $_REQUEST['username'];
+					$_SESSION['username'] = $this->username;
+				}
+
+				//get the domain name
+				if (!empty($_SESSION['username'])) {
+					$auth = new authentication;
+					$auth->get_domain();
+					$this->domain_uuid = $_SESSION['domain_uuid'];
+					$this->domain_name = $_SESSION['domain_name'];
+					$this->username = $_SESSION['username'];
 				}
 
 				//get the user details
@@ -154,9 +168,9 @@ class plugin_totp {
 				$view->assign("favicon", $settings['theme']['favicon']);
 				$view->assign("login_title", $text['label-verify']);
 				$view->assign("login_authentication_code", $text['label-authentication_code']);
-				$view->assign("login_logo_width", $login_logo_width);
-				$view->assign("login_logo_height", $login_logo_height);
-				$view->assign("login_logo_source", $login_logo_source);
+				$view->assign("login_logo_width", $settings['theme']['login_logo_width']);
+				$view->assign("login_logo_height", $settings['theme']['login_logo_height']);
+				$view->assign("login_logo_source", $settings['theme']['logo']);
 				$view->assign("favicon", $settings['theme']['favicon']);
 
 				//show the views
@@ -241,7 +255,7 @@ class plugin_totp {
 				$sql .= "	username = :username\n";
 				$sql .= "	or user_email = :username\n";
 				$sql .= ")\n";
-				if ($_SESSION["users"]["unique"]["text"] != "global") {
+				if ($settings['users']['unique'] != "global") {
 					//unique username per domain (not globally unique across system - example: email address)
 					$sql .= "and domain_uuid = :domain_uuid ";
 					$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
@@ -272,7 +286,7 @@ class plugin_totp {
 					$sql = "select user_uuid, username, user_email, contact_uuid ";
 					$sql .= "from v_users ";
 					$sql .= "where user_uuid = :user_uuid ";
-					if ($_SESSION["users"]["unique"]["text"] != "global") {
+					if ($settings['users']['unique'] != "global") {
 						//unique username per domain (not globally unique across system - example: email address)
 						$sql .= "and domain_uuid = :domain_uuid ";
 						$parameters['domain_uuid'] = $_SESSION["domain_uuid"];