if ('' != $base_dir) {
$folder_path = $base_dir;
$result = chdir($folder_path);
}
// Create a new Multiotp object
// The log and users subfolders are set by default under the folder of the script
// We set directly a specific encryption key for the config, tokens and users files
// PLEASE DO NOT CHANGE THIS LINE IF YOU DON'T KNOW WHAT YOU DO!
// IF YOU CHANGE THE ENCRYPTION KEY, YOUR PREVIOUS ENCRYPTED DATA WILL NOT BE READABLE ANYMORE
if ($command == "libhash" || $command == "help") {
if (!isset($multiotp)) {
$multiotp = new Multiotp('DefaultCliEncryptionKey', FALSE, $folder_path);
}
} else {
if (!isset($multiotp)) {
$multiotp = new Multiotp('DefaultCliEncryptionKey', $initialize_backend, $folder_path);
}
$multiotp->UpgradeSchemaIfNeeded();
$verbose_prefix = $multiotp->GetVerboseLogPrefix();
// for example Reply-Message :=
}
// Initialize multiOTP options
if ($enable_log) {
$multiotp->EnableLog();
}
if ($verbose_log) {
$multiotp->EnableVerboseLog();
}
if ($display_log) {
$multiotp->EnableDisplayLog();
}
/**
* check password function
* @param string $uid user id
* @param string $password value of the password
* @return boolean
*/
public function checkPassword($uid, $password)
{
//print_r($_SERVER);
OC_Log::write('OC_USER_OTP', __FUNCTION__ . '().', OC_Log::DEBUG);
$userBackend = $this->getRealBackend($uid);
if ($userBackend === null) {
return false;
}
// enable change password without ipunt OTP
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] == "/settings/personal/changepassword") {
return $userBackend->checkPassword($uid, $password);
}
//print_r($_SERVER['PATH_INFO']);exit;
// if access is made by remote.php and option is note set to force mtop, keep standard auth methode
// this for keep working webdav access and sync apps
// And news api for android new app
// And ocsms app, pictures thumbnails, file sharing
if ((basename($_SERVER['SCRIPT_NAME']) === 'remote.php' || isset($_SERVER['PATH_INFO']) && (preg_match("#^/apps/news/api/v1-2(.*)\$#i", $_SERVER['PATH_INFO']) || preg_match("#^/apps/ocsms(.*)\$#i", $_SERVER['PATH_INFO']) || preg_match("#^/apps/files/api/v1/thumbnail(.*)\$#i", $_SERVER['PATH_INFO']) || preg_match("#^/apps/files_sharing/api/v1/shares(.*)\$#i", $_SERVER['PATH_INFO']))) && OCP\Config::getAppValue('user_otp', 'disableOtpOnRemoteScript', true)) {
return $userBackend->checkPassword($uid, $password);
}
if (OCP\Config::getAppValue('user_otp', 'bypassOtpOnIntranet', false) && isset($_SERVER['REMOTE_ADDR']) && $this->is_private_ip($_SERVER['REMOTE_ADDR'])) {
OC_Log::write('OC_USER_OTP', 'Skipping OTP for user ' . $uid . ' from private ip ' . $_SERVER['REMOTE_ADDR'], OC_Log::WARN);
return $userBackend->checkPassword($uid, $password);
}
if (!$this->mOtp->CheckUserExists($uid)) {
OCP\Util::writeLog('OC_USER_OTP', $name . '().', OCP\Util::DEBUG);
return $userBackend->checkPassword($uid, $password);
} else {
$this->mOtp->SetUser($uid);
$authMethode = OCP\Config::getAppValue('user_otp', 'authMethod', _AUTH_DEFAULT_);
OCP\Util::writeLog('OC_USER_OTP', $name . '().', OCP\Util::DEBUG);
switch ($authMethode) {
case _AUTH_STANDARD_:
return $userBackend->checkPassword($uid, $password);
break;
case _AUTH_OTP_OR_STANDARD_:
$result = $userBackend->checkPassword($uid, $password);
if ($result) {
return $result;
}
// break; no break beacause we try with OTP
// break; no break beacause we try with OTP
case _AUTH_OTP_ONLY_:
$result = $this->mOtp->CheckToken($password);
if ($result === 0) {
return $uid;
} else {
if (isset($this->mOtp->_errors_text[$result])) {
echo $this->mOtp->_errors_text[$result];
}
}
return false;
break;
case _AUTH_TWOFACTOR_:
if (OCP\Config::getAppValue('user_otp', 'inputOtpAfterPwd', '0') === '1') {
$this->mOtp->SetUser($uid);
$otpSize = $this->mOtp->GetTokenNumberOfDigits() + strlen($this->mOtp->GetUserPin()) * $this->mOtp->GetUserPrefixPin();
$_POST['otpPassword'] = substr($password, -$otpSize);
$password = substr($password, 0, strlen($password) - $otpSize);
//~ var_dump($this->mOtp->GetUserPrefixPin());
//~ var_dump($otpSize);
//~ var_dump($password);
//~ var_dump($_POST['otpPassword']);
}
//~ var_dump($password);
//~ var_dump($_POST['otpPassword']);
//~ exit;
if (!isset($_POST['otpPassword']) || $_POST['otpPassword'] === "") {
return false;
}
OCP\Util::writeLog('OC_USER_OTP', $name . '().', OCP\Util::DEBUG);
$result = $this->mOtp->CheckToken($_POST['otpPassword']);
if ($result === 0) {
return $userBackend->checkPassword($uid, $password);
} else {
if (isset($this->mOtp->_errors_text[$result])) {
echo $this->mOtp->_errors_text[$result];
}
}
return false;
break;
}
}
}
/**
* check password function
* @param string $uid user id
* @param string $password value of the password
* @return boolean
*/
public function checkPassword($uid, $password)
{
//print_r($_SERVER);
OC_Log::write('OC_USER_OTP', __FUNCTION__ . '().', OC_Log::DEBUG);
$userBackend = $this->getRealBackend($uid);
if ($userBackend === null) {
return false;
}
// enable change password without ipunt OTP
if ($_SERVER['PATH_INFO'] == "/settings/personal/changepassword") {
return $userBackend->checkPassword($uid, $password);
}
//if access is made by remote.php and option is note set to force mtop, keep standard auth methode
// this for keep working webdav access and sync apps
if (basename($_SERVER['SCRIPT_NAME']) === 'remote.php' && OCP\Config::getAppValue('user_otp', 'disableOtpOnRemoteScript', true)) {
return $userBackend->checkPassword($uid, $password);
}
if (!$this->mOtp->CheckUserExists($uid)) {
OC_Log::write('OC_USER_OTP', 'No OTP for user ' . $uid . ' use user backend', OC_Log::DEBUG);
return $userBackend->checkPassword($uid, $password);
} else {
$this->mOtp->SetUser($uid);
$authMethode = OCP\Config::getAppValue('user_otp', 'authMethod', _AUTH_DEFAULT_);
OC_Log::write('OC_USER_OTP', 'used auth method : ' . $authMethode, OC_Log::DEBUG);
switch ($authMethode) {
case _AUTH_STANDARD_:
return $userBackend->checkPassword($uid, $password);
break;
case _AUTH_OTP_OR_STANDARD_:
$result = $userBackend->checkPassword($uid, $password);
if ($result) {
return $result;
}
// break; no break beacause we try with OTP
// break; no break beacause we try with OTP
case _AUTH_OTP_ONLY_:
$result = $this->mOtp->CheckToken($password);
if ($result === 0) {
return $uid;
} else {
if (isset($this->mOtp->_errors_text[$result])) {
echo $this->mOtp->_errors_text[$result];
}
}
return false;
break;
case _AUTH_TWOFACTOR_:
if (OCP\Config::getAppValue('user_otp', 'inputOtpAfterPwd', '0') === '1') {
$this->mOtp->SetUser($uid);
$otpSize = $this->mOtp->GetTokenNumberOfDigits() + strlen($this->mOtp->GetUserPin()) * $this->mOtp->GetUserPrefixPin();
$_POST['otpPassword'] = substr($password, -$otpSize);
$password = substr($password, 0, strlen($password) - $otpSize);
//~ var_dump($this->mOtp->GetUserPrefixPin());
//~ var_dump($otpSize);
//~ var_dump($password);
//~ var_dump($_POST['otpPassword']);
}
//~ var_dump($password);
//~ var_dump($_POST['otpPassword']);
//~ exit;
if (!isset($_POST['otpPassword']) || $_POST['otpPassword'] === "") {
return false;
}
OC_Log::write('OC_USER_OTP', 'used OTP : ' . $_POST['otpPassword'], OC_Log::DEBUG);
$result = $this->mOtp->CheckToken($_POST['otpPassword']);
if ($result === 0) {
return $userBackend->checkPassword($uid, $password);
} else {
if (isset($this->mOtp->_errors_text[$result])) {
echo $this->mOtp->_errors_text[$result];
}
}
return false;
break;
}
}
}
