public function verifyFromInput($context, XenForo_Input $input, array $user, array &$providerData)
{
$code = $input->filterSingle('code', XenForo_Input::STRING);
$code = preg_replace('/[^0-9]/', '', $code);
if (!$code) {
return false;
}
$matched = null;
foreach ($providerData['codes'] as $i => $expectedCode) {
if (XenForo_Application::hashEquals($expectedCode, $code)) {
$matched = $i;
break;
}
}
if ($matched === null) {
return false;
}
$providerData['used'][] = $providerData['codes'][$matched];
unset($providerData['codes'][$matched]);
if (!$providerData['codes']) {
// regenerate automatically
$regenerated = true;
$this->generateInitialData($user, array());
} else {
$regenerated = false;
}
$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
$mail = XenForo_Mail::create('two_step_login_backup', array('user' => $user, 'ip' => $ip, 'regenerated' => $regenerated), $user['language_id']);
$mail->send($user['email'], $user['username']);
return true;
}
/**
* Validates a user confirmation record against a specific key.
*
* @param string $key
* @param array $confirmation Confirmation record from DB.
*
* @return boolean
*/
public function validateUserConfirmationRecord($key, array $confirmation)
{
if (!XenForo_Application::hashEquals($confirmation['confirmation_key'], $key)) {
return false;
}
if ($confirmation['confirmation_date'] < XenForo_Application::$time - 3 * 86400) {
return false;
}
if ($confirmation['confirmation_type'] == 'password' && $confirmation['confirmation_date'] < XenForo_Application::$time - 12 * 3600) {
return false;
}
return true;
}
public function verifyFromInput($context, XenForo_Input $input, array $user, array &$providerData)
{
if (empty($providerData['code']) || empty($providerData['codeGenerated'])) {
return false;
}
if (time() - $providerData['codeGenerated'] > 900) {
return false;
}
$code = $input->filterSingle('code', XenForo_Input::STRING);
$code = preg_replace('/[^0-9]/', '', $code);
if (!XenForo_Application::hashEquals($providerData['code'], $code)) {
return false;
}
unset($providerData['code']);
unset($providerData['codeGenerated']);
return true;
}
/**
* Logs a user in based on their remember key from a cookie.
*
* @param integer $userId
* @param string $rememberKey
* @param array|false|null $auth User's auth record (retrieved if null)
*
* @return boolean
*/
public function loginUserByRememberKeyFromCookie($userId, $rememberKey, $auth = null)
{
if ($auth === null) {
$auth = $this->getUserAuthenticationRecordByUserId($userId);
}
if (!$auth) {
return false;
}
$known = $this->prepareRememberKeyForCookie($auth['remember_key']);
if (!$known || !$rememberKey) {
return false;
}
return XenForo_Application::hashEquals($known, $rememberKey);
}
/**
* Check if the code is correct. This will accept codes starting from $discrepancy*30sec ago to $discrepancy*30sec from now
*
* @param string $secret
* @param string $code
* @param int $discrepancy This is the allowed time drift in 30 second units (8 means 4 minutes before or after)
* @param int|null $currentTimeSlice time slice if we want use other that time()
* @return bool
*/
public function verifyCode($secret, $code, $discrepancy = 1, $currentTimeSlice = null)
{
if ($currentTimeSlice === null) {
$currentTimeSlice = floor(time() / 30);
}
for ($i = -$discrepancy; $i <= $discrepancy; $i++) {
$calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
if (XenForo_Application::hashEquals($calculatedCode, $code)) {
return true;
}
}
return false;
}
