function post_xhr()
{
if ($this->checkAuth()) {
$usernameOrEmail = mb_strtolower($_POST['usernameOrEmail']);
if (mb_strlen($usernameOrEmail) >= 8 && preg_match('/^[a-zA-Z0-9_\\-]+$/', $usernameOrEmail) || filter_var($usernameOrEmail, FILTER_VALIDATE_EMAIL)) {
$secondFactor = mb_strtolower($_POST['secondFactor']);
if (ctype_alnum($secondFactor) || empty($secondFactor)) {
$answer = mb_strtolower($_POST['answer']);
if (mb_strlen($answer) >= 6 || empty($answer)) {
$newPassword = $_POST['passwordForgot'];
$newRetypedPassword = $_POST['passwordRetypedForgot'];
if ($newPassword == $newRetypedPassword) {
$userForgot = new AuthUser();
$responseArr = $userForgot->forgotPassword($usernameOrEmail, $secondFactor, $answer, $newPassword);
if ($responseArr['continue'] == true) {
echo json_encode(StatusReturn::S200($responseArr));
} else {
echo json_encode(StatusReturn::E400('Unknown Error 5'));
}
} else {
echo json_encode(StatusReturn::E400('Unknown Error 4'));
}
} else {
echo json_encode(StatusReturn::E400('Unknown Error'));
}
} else {
echo json_encode(StatusReturn::E400('Unknown Error'));
}
} else {
echo json_encode(StatusReturn::E400('Unknown Error'));
}
}
}
function post_xhr()
{
if ($this->checkAuth()) {
if (!empty($_POST['oldPassword']) && !empty($_POST['newPassword'])) {
$headers = getallheaders();
$newUser = new AuthUser();
$newUser->loadUser(mb_strtolower($headers['Auth-User']));
if ($newUser->setPassword($_POST['oldPassword'], $_POST['newPassword'])) {
echo json_encode(StatusReturn::S200());
} else {
echo json_encode(StatusReturn::E400('Unknown Error'));
}
} else {
echo json_encode(StatusReturn::E400('Unknown Error'));
}
}
}
function post_xhr()
{
if ($this->checkAuth()) {
if (!empty($_POST['question']) && isset($_POST['answer']) && mb_strlen($_POST['answer']) >= _SECURITY_ANSWER_MIN_LENGTH_) {
$headers = getallheaders();
$newUser = new AuthUser();
$newUser->loadUser(mb_strtolower($headers['Auth-User']));
if ($newUser->setQuestion($_POST['question'], mb_strtolower($_POST['answer']))) {
echo json_encode(StatusReturn::S200());
} else {
echo json_encode(StatusReturn::E400('Unknown Error'));
}
} else {
echo json_encode(StatusReturn::E400('Unknown Error'));
}
}
}
function get_xhr($userName = null)
{
if ($this->checkAuth()) {
$headers = getallheaders();
$newUser = new AuthUser();
$newUser->loadUser(mb_strtolower($headers['Auth-User']));
if (is_null($userName)) {
echo json_encode(StatusReturn::S200($newUser->getManageUsersData()));
} else {
$singleUser = $newUser->getManageUserData(mb_strtolower($userName));
if (!is_null($singleUser)) {
echo json_encode(StatusReturn::S200($singleUser));
} else {
echo json_encode(StatusReturn::E400('User Name is not a child of this account!'));
}
}
}
}
function post_xhr()
{
if ($this->checkAuth()) {
if (isset($_POST['user'], $_POST['answer']) && mb_strlen($_POST['user']) >= _USERNAME_MIN_LENGTH_ && preg_match('/^[a-zA-Z0-9_\\-]+$/', $_POST['user']) && !empty($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['question']) && mb_strlen($_POST['answer']) >= _SECURITY_ANSWER_MIN_LENGTH_ && !empty($_POST['password']) && (empty($_POST['factor']) || mb_strlen($_POST['answer']) >= _SECURITY_ANSWER_MIN_LENGTH_)) {
$newUser = new AuthUser();
if ($newUser->createUser(mb_strtolower($_POST['user']), mb_strtolower($_POST['email']), $_POST['password'], $_POST['question'], mb_strtolower($_POST['answer']), $_POST['factor'])) {
if (isset($_POST['lang']) && $_POST['lang'] != '' && mb_strlen($_POST['lang']) == 2 && ctype_alpha($_POST['lang'])) {
$newUser->setLanguage($_POST['lang']);
}
echo json_encode(StatusReturn::S200());
} else {
echo json_encode(StatusReturn::E400('Unknown Error'));
}
} else {
echo json_encode(StatusReturn::E400('Unknown Error'));
}
}
}
function post_xhr()
{
if ($this->checkAuth()) {
if (isset($_POST['baseLang'], $_POST['twoFactorType']) && !empty($_POST['baseLang']) && TwoFactor::isValidValue($_POST['twoFactorType'], false)) {
$headers = getallheaders();
$newUser = new AuthUser();
$newUser->loadUser(mb_strtolower($headers['Auth-User']));
$packages = array();
if (isset($_POST['packages'])) {
$packages = $_POST['packages'];
}
if ($newUser->setSettings($_POST['baseLang'], $_POST['twoFactorType'], $packages)) {
echo json_encode(StatusReturn::S200());
} else {
echo json_encode(StatusReturn::E400('Failed to save settings!'));
}
} else {
echo json_encode(StatusReturn::E400('Missing or bad data!'));
}
}
}
public static function checkAuth($roles, $initialize = false, $whenLocked = false)
{
$headers = getallheaders();
if (!isset($headers['Auth-User']) || !isset($headers['Auth-Timestamp']) || !isset($headers['Auth-Signature'])) {
return false;
}
if (!is_numeric($headers['Auth-Timestamp']) || $headers['Auth-Timestamp'] < strtotime("-" . _TIME_TO_LIVE_IN_MINUTES_ . " minute", time())) {
return false;
}
$requestedURI = parse_url($_SERVER['REQUEST_URI']);
if (_USE_HTTPS_ONLY_ && $requestedURI['scheme'] != 'https') {
return false;
}
$userData = new AuthUser();
if (!$userData->loadUser(mb_strtolower($headers['Auth-User']), $initialize)) {
return false;
}
if ($userData->isLocked() && !$whenLocked) {
return false;
}
$userSecret = null;
if ($initialize) {
$userSecret = $userData->getUserPassword();
$salt = $userData->getSalt();
$challenge = $userData->getChallengeKey();
if (!array_key_exists('challenge', $_POST)) {
if (hash_equals(hash_pbkdf2('sha512', $_POST['password'], $salt, 1000), $userSecret)) {
$userData->askClientChallenge();
return true;
} else {
$userData->addFailedLogin();
return false;
}
} else {
if ($_POST['challenge'] != $challenge) {
$userData->addFailedLogin();
return false;
} else {
if ($_POST['challenge'] == $challenge) {
$userData->initiateConnection();
}
}
}
} else {
$userSecret = $userData->getUserSecret();
}
$data = '';
foreach ($_POST as $key => $value) {
if ($data != "") {
$data .= "&";
}
if (is_array($value)) {
$currentCount = 0;
$data .= $key . '=';
foreach ($value as $arrValue) {
$currentCount++;
$data .= $arrValue;
if (count($value) > 1 && $currentCount != count($value)) {
$data .= ',';
}
}
} else {
$data .= $key . '=' . $value;
}
}
$signatureData = $_SERVER['REQUEST_METHOD'] . _DOMAIN_API_HOST_ . $_SERVER['REQUEST_URI'] . $data . $headers['Auth-Timestamp'];
$newAuthSignature = hash_hmac('sha512', $signatureData, $userSecret, true);
$newAuthSignature = base64_encode($newAuthSignature);
if (hash_equals($newAuthSignature, $headers['Auth-Signature']) && !empty(array_intersect($userData->getUserRoles(), $roles))) {
$userData->makeSuccessfulLogin($initialize);
return true;
}
// initiate connection add secret, but the hash test needs to pass, so if it fails, remove secret and 2nd factor header.
header_remove('Auth-Secret');
header_remove('Auth-Second-Factor');
if ($initialize) {
$userData->addFailedLogin();
}
return false;
}
