/**
* If there were no login attempt or it failed render login form page
* otherwise redirect him to wherever he should return to.
*
* Also, this endpoint serves as the AJAX endpoint for client-side validation of login info.
*/
public function run()
{
$user = Yii::app()->user;
$this->redirectAwayAlreadyAuthenticatedUsers($user);
$model = new BackendLoginForm();
$request = Yii::app()->request;
$gaform = new GoogleAuthForm();
$formData = $request->getPost(get_class($model), false);
$gaFormData = $request->getPost(get_class($gaform), false);
if ($formData) {
$model->attributes = $formData;
if ($model->validate(array('username', 'password', 'verifyCode')) && $model->login()) {
$ga = new GoogleAuthenticator();
$userdata = $user->data();
$usersettings = $userdata->twofactor_settings;
if (!$usersettings || $usersettings->deliveras != UserTwoFactorSettings::GOOGLE_AUTH) {
Yii::app()->user->setFlash('error', Yii::t('translation', 'Invalid Auth Code! '));
$this->controller->redirect('/site/logout');
}
$authok = false;
if ($gaFormData) {
$gaform->attributes = $gaFormData;
$authcode = $gaform->twofactorauthcode;
if ($ga->verifyCode($usersettings->googleauth_secret, $authcode)) {
$authok = true;
}
}
if (!$authok) {
Yii::app()->user->setFlash('error', Yii::t('translation', 'Invalid Auth Code! '));
$this->controller->redirect('/site/logout');
} else {
$this->controller->redirect($user->returnUrl);
}
}
}
$this->controller->render('login', compact('model'));
}
public function two_way()
{
/* Kijken of er een sleutel ingevuld is. */
if (!empty($_POST['sleutel'])) {
/* De secret van het ingelogde account ophalen */
$query = Database::query("SELECT secret FROM customer WHERE id = " . $_SESSION['login']['id']);
/* Controleren of de query is gelukt. */
if ($query) {
/* Controleren of er een row terug gegeven is. */
if ($query->num_rows != 0) {
/* Secret code ophalen. */
$secret = $query->fetch_object()->secret;
/* Nieuwe google object aanmaken. */
$google = new GoogleAuthenticator();
/* Controleren of de sleutel geldig is of niet. */
if ($google->verifyCode($secret, $_POST['sleutel'])) {
/* De secret op true zetten, om aan te geven dat de two_way gelukt is. */
$_SESSION['login']['secret'] = true;
/* De login log updaten, zodat de two_way als succes word weergeven. */
$this->update_login_log(true);
/* True returnen. */
return true;
} else {
/* De login log update, om aan te geven dat de two_way mislukt is. */
$this->update_login_log(false);
/* De ingevulde sleutel is onjuist. */
throw new Exception('De ingevulde sleutel is onjuist.');
}
} else {
/* Het account bestaat niet. */
throw new Exception('Dit account bestaat niet.');
}
} else {
/* MySQL foutmelding. */
throw new Exception('Er ging wat fout in de database.<br />' . Database::error());
}
} else {
/* Er is geen sleutel ingevuld. */
throw new Exception('Er dient een sleutel ingevuld te worden.');
}
}
// Check if user is configured to use 2-Factor Auth
$userKey = $userKeyCheck['userKey'];
if ($userKey) {
// If the user has a userKey setup continue - then check if the provided token has been used by this user previously
$submitHistory = $modx->getObject('UserHistory', array('internalKey' => $id, 'previousKey' => $token));
if ($submitHistory) {
$SHC = $submitHistory->get('id');
} else {
$SHC = 0;
}
if ($SHC == 0) {
// if user has not used the token before - continue - else return error
require_once 'core/components/gauthx/elements/plugins/GoogleAuthenticator.php';
$ga = new GoogleAuthenticator();
// validate if code matches user token
$checkResult = $ga->verifyCode($userKey, $token, $tolerance);
// 2 = 2*30sec clock tolerance
// if yes add provided token to user history, clean up user history & allow user to login. - Else return error
if ($checkResult) {
$log = $modx->newObject('UserHistory');
$log->set('internalKey', $id);
$log->set('previousKey', $token);
$log->save();
// get count of user hisotry for user who is logging in
$max = $modx->getCount('UserHistory', array('internalKey' => $id));
if ($max > $historyLimit) {
// if count is greater than history limit remove a row ()
$newlimit = $max - $historyLimit;
$query = $modx->newQuery('UserHistory');
$query->sortby('id', 'ASC');
$query->limit($newlimit);
$responseTpl = $modx->getOption('responseTpl', $scriptProperties, 'GAuthxResponse', true);
$tpl = $modx->getOption('tpl', $scriptProperties, 'GAuthxTpl', true);
if ($modx->user->get('id') != 0) {
if (!$pc) {
require_once 'core/components/gauthx/elements/plugins/GoogleAuthenticator.php';
$ga = new GoogleAuthenticator();
$account = urlencode($modx->getOption('site_name', null, 'Modx'));
if (!$_GET['token']) {
$secret = $ga->createSecret();
$qrCodeUrl = $ga->getQRCodeGoogleUrl($account, $secret);
$placeholders = array('secret' => $secret, 'qrCodeUrl' => $qrCodeUrl);
$output .= $modx->getChunk($tpl, $placeholders);
} else {
$token = $_GET['token'];
$secret = $_GET['secret'];
$checkResult = $ga->verifyCode($secret, $token, 2);
// 2 = 2*30sec clock tolerance
if ($checkResult) {
$response = $modx->setPlaceholder('response', 'Success, You will now be required use 2FAx upon login.');
$userKey = $profile->get('extended');
$userKey['userKey'] = $secret;
$profile->set('extended', $userKey);
$profile->save();
$output .= $modx->getChunk($responseTpl, $placeholders);
} else {
$qrCodeUrl = $ga->getQRCodeGoogleUrl($account, $secret);
$placeholders = array('secret' => $secret, 'qrCodeUrl' => $qrCodeUrl, 'response' => 'That token is incorrect, please try again');
$output .= $modx->getChunk($tpl, $placeholders);
}
}
} else {
public function verifyGACode($code)
{
$sk = $this->getGASk();
$sk = $sk['sk'];
$ga = new \GoogleAuthenticator();
return $ga->verifyCode($sk, $code);
}
public function actionIndex()
{
// $this->leftmenu = 'account';
$user = Yii::app()->user->data();
$ga = new GoogleAuthenticator();
$usersettings = $user->twofactor_settings;
if (!$usersettings) {
$usersettings = new UserTwoFactorSettings();
$usersettings->id_user = $user->id;
$usersettings->googleauth_secret = $ga->createSecret();
$usersettings->googleauth_url = $ga->getQRCodeGoogleUrl('MercadoBTX', $usersettings->googleauth_secret);
$usersettings->save();
}
$model = new SecurityForm();
$gaform = new GoogleAuthForm();
$smsform = new SmsAuthForm();
$request = Yii::app()->request;
$formData = $request->getPost(get_class($model), false);
$gaFormData = $request->getPost(get_class($gaform), false);
$smsFormData = $request->getPost(get_class($smsform), false);
if ($formData) {
$authok = false;
if ($usersettings->deliveras == UserTwoFactorSettings::GOOGLE_AUTH) {
if ($gaFormData) {
$gaform->attributes = $gaFormData;
$authcode = $gaform->twofactorauthcode;
if ($ga->verifyCode($usersettings->googleauth_secret, $authcode)) {
$authok = true;
}
}
} elseif ($usersettings->deliveras == UserTwoFactorSettings::SMS) {
if ($smsFormData) {
$smsform->attributes = $smsFormData;
$authcode = $smsform->twofactorauthcode;
if (strcasecmp($smsform->twofactorauthcode, $usersettings->smscode) == 0) {
$usersettings->regenerateSmsCode();
// prevent it from being used again
$authok = true;
}
}
} elseif ($usersettings->deliveras == UserTwoFactorSettings::NONE) {
$authok = true;
} else {
Yii::app()->user->setFlash('error', Yii::t('translation', 'Invalid setting'));
}
if (!$authok) {
Yii::app()->user->setFlash('error', Yii::t('translation', 'Invalid Auth Code! '));
} else {
$model->attributes = $formData;
if ($model->hasErrors()) {
Yii::app()->user->setFlash('error', Yii::t('translation', 'Save failed'));
} else {
$usersettings->smsphone = $model->smsphone;
$usersettings->deliveras = $model->deliveras;
if (!$usersettings->save()) {
Yii::log(var_dump($usersettings->getErrors()), 'error');
Yii::app()->user->setFlash('error', Yii::t('translation', 'Save failed! '));
} else {
Yii::app()->user->setFlash('success', Yii::t('translation', 'Information updated'));
}
}
}
}
$model->deliveras = $usersettings->deliveras;
$model->smsphone = $usersettings->smsphone;
$this->render('index', array('model' => $model, 'deliveras' => $model->deliveras, 'qrCodeUrl' => $usersettings->googleauth_url));
}
//check for first login
if ($secret == NULL) {
$user = get_user_by_username($username);
try {
login($user, $persistent);
// re-register at least the core language file for users with language other than site default
register_translations(dirname(dirname(__FILE__)) . "/languages/");
} catch (LoginException $e) {
register_error($e->getMessage());
forward(REFERER);
}
} else {
//verify code and secret
require_once 'GoogleAuthenticator.php';
$ga = new GoogleAuthenticator();
$output = $ga->verifyCode($secret, $code, 10);
// 10*30 = 300 sec time telorance
if ($output == true) {
$user = get_user_by_username($username);
try {
login($user, $persistent);
// re-register at least the core language file for users with language other than site default
register_translations(dirname(dirname(__FILE__)) . "/languages/");
} catch (LoginException $e) {
register_error($e->getMessage());
forward(REFERER);
}
} else {
//login with backup code
$backup = elgg_get_plugin_user_setting('backup', $userGuid, 'twostep');
if ($code == $backup) {
