public function requireLogin() { global $whmcs; if ($this->isLoggedIn()) { if (WHMCS_Session::get("2fabackupcodenew")) { $this->setTemplate("logintwofa"); $twofa = new WHMCS_2FA(); if ($twofa->setClientID($this->getUserID())) { $backupcode = $twofa->generateNewBackupCode(); $this->assign("newbackupcode", $backupcode); WHMCS_Session::delete("2fabackupcodenew"); } else { $this->assign("newbackupcodeerror", true); } $this->output(); exit; } return true; } $_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']); if (WHMCS_Session::get("2faverifyc")) { $this->setTemplate("logintwofa"); if (WHMCS_Session::get("2fabackupcodenew")) { $this->assign("newbackupcode", true); } else { if ($whmcs->get_req_var("incorrect")) { $this->assign("incorrect", true); } } $twofa = new WHMCS_2FA(); if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) { if (!$twofa->isActiveClients() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if ($whmcs->get_req_var("backupcode")) { $this->assign("backupcode", true); } else { $challenge = $twofa->moduleCall("challenge"); if ($challenge) { $this->assign("challenge", $challenge); } else { $this->assign("error", "Bad 2 Factor Auth Module. Please contact support."); } } } else { $this->assign("error", "An error occurred. Please try again."); } } else { $this->setTemplate("login"); $this->assign("loginpage", true); $this->assign("formaction", "dologin.php"); if ($whmcs->get_req_var("incorrect")) { $this->assign("incorrect", true); } } $this->output(); exit; }
if (defined("CLIENTAREA") && $CONFIG['MaintenanceMode'] && !$_SESSION['adminid']) { if ($CONFIG['MaintenanceModeURL']) { header("Location: " . $CONFIG['MaintenanceModeURL']); exit; } echo "<div style=\"border: 1px dashed #cc0000;font-family:Tahoma;background-color:#FBEEEB;width:100%;padding:10px;color:#cc0000;\"><strong>Down for Maintenance (Err 3)</strong><br>" . $CONFIG['MaintenanceModeMessage'] . "</div>"; exit; } $licensing = WHMCS_License::init(); if ($licensing->getVersionHash() != "9eb7da5f081b3fc7ae1e460afdcb89ea8239eca1") { exit("License Checking Error"); } if (defined("CLIENTAREA") && isset($_SESSION['uid']) && !isset($_SESSION['adminid'])) { $twofa = new WHMCS_2FA(); $twofa->setClientID($_SESSION['uid']); if ($twofa->isForced() && !$twofa->isEnabled() && $twofa->isActiveClients()) { if ($whmcs->get_filename() == "clientarea" && ($whmcs->get_req_var("action") == "security" || $whmcs->get_req_var("2fasetup"))) { } else { redir("action=security&2fasetup=1&enforce=1", "clientarea.php"); } } } if (isset($_SESSION['currency']) && is_array($_SESSION['currency'])) { $_SESSION['currency'] = $_SESSION['currency']['id']; } if (!isset($_SESSION['uid']) && isset($_REQUEST['currency'])) { $result = select_query("tblcurrencies", "id", array("id" => (int) $_REQUEST['currency'])); $data = mysql_fetch_array($result); if ($data['id']) { $_SESSION['currency'] = $data['id']; }
require "../init.php"; $aInt = new WHMCS_Admin("My Account", false); $aInt->title = $aInt->lang("global", "myaccount"); $aInt->sidebar = "config"; $aInt->icon = "home"; $aInt->requiredFiles(array("ticketfunctions")); $action = $whmcs->get_req_var("action"); $errormessage = ""; $twofa = new WHMCS_2FA(); $twofa->setAdminID($_SESSION['adminid']); if ($whmcs->get_req_var("2fasetup")) { if (!$twofa->isActiveAdmins()) { exit("Access denied"); } ob_start(); if ($twofa->isEnabled()) { echo "<div class=\"content\"><div style=\"padding:15px;\">"; $disabled = $incorrect = false; if ($password = $whmcs->get_req_var("pwverify")) { $auth = new WHMCS_Auth(); $auth->getInfobyID($_SESSION['adminid']); if ($auth->comparePassword($password)) { $twofa->disableUser(); $disabled = true; } else { $incorrect = true; } } echo "<h2>" . $aInt->lang("twofa", "disable") . "</h2>"; if (!$disabled) { echo "<p>" . $aInt->lang("twofa", "disableintro") . "</p>";
public function __construct($reqpermission, $releaseSession = true) { global $CONFIG; global $licensing; global $_ADMINLANG; global $infobox; global $whmcs; $infobox = ""; $licensing->remoteCheck(); if ($licensing->getStatus() != "Active") { redir("licenseerror=" . $licensing->getStatus(), "licenseerror.php"); } if ($CONFIG['AdminForceSSL'] && $CONFIG['SystemSSLURL']) { if (!$_SERVER['HTTPS'] || $_SERVER['HTTPS'] == "off") { $requesturl = $_SERVER['PHP_SELF'] . "?"; foreach ($_REQUEST as $key => $value) { if (!is_array($value)) { $requesturl .= "" . $key . "=" . urlencode($value) . "&"; continue; } } $requesturl = substr($requesturl, 0, 0 - 1); $requesturl = substr($requesturl, strrpos($requesturl, "/")); header("Location: " . $CONFIG['SystemSSLURL'] . "/" . $whmcs->get_admin_folder_name() . $requesturl); exit; } } if ($reqpermission == "loginonly") { $this->loginRequired = true; } else { if ($reqpermission) { $this->requiredPermission = $reqpermission; } else { $this->loginRequired = false; } } require ROOTDIR . "/includes/smarty/Smarty.class.php"; if ($this->loginRequired) { $auth = new WHMCS_Auth(); if (!$auth->isLoggedIn()) { $_SESSION['admloginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']); redir("", "login.php"); } $auth->getInfobyID($_SESSION['adminid']); if ($auth->isSessionPWHashValid()) { $auth->updateAdminLog(); $this->adminTemplate = $auth->getAdminTemplate(); if ($auth->getAdminLanguage()) { $this->language = $auth->getAdminLanguage(); } } else { $auth->destroySession(); redir("", "login.php"); } } if ($releaseSession) { releaseSession(); } if ($this->requiredPermission) { $permid = array_search($this->requiredPermission, getAdminPermsArray()); $result = select_query("tbladmins", "roleid", array("id" => $_SESSION['adminid'])); $data = mysql_fetch_array($result); $roleid = $data['roleid']; $result = select_query("tbladminperms", "COUNT(*)", array("roleid" => $roleid, "permid" => $permid)); $data = mysql_fetch_array($result); $match = $data[0]; if (!$match) { redir("permid=" . $permid, "accessdenied.php"); exit; } } $filename = $_SERVER['PHP_SELF']; $filename = substr($filename, strrpos($filename, "/")); $filename = str_replace(array("/", ".php"), "", $filename); if (isset($_SESSION['adminid'])) { $twofa = new WHMCS_2FA(); $twofa->setAdminID($_SESSION['adminid']); if ($filename != "myaccount" && $twofa->isForced() && !$twofa->isEnabled() && $twofa->isActiveAdmins()) { redir("2faenforce=1", "myaccount.php"); } } $this->filename = $filename; $this->rowLimit = $CONFIG['NumRecordstoDisplay']; if (isset($_SESSION['adminlang']) && $_SESSION['adminlang']) { $this->language = $_SESSION['adminlang']; } $this->language = $whmcs->validateLanguage($this->language, true); $whmcs->loadLanguage($this->language, true); }
} } echo "<div id=\"login_msg\"><span style=\"font-size:14px;\"><strong>" . $msgtitle . "</strong></span><br>" . $msg . "</div>"; if (isset($_SESSION['2fabackupcodenew'])) { $twofa = new WHMCS_2FA(); if ($twofa->setAdminID($_SESSION['2faadminid'])) { $backupcode = $twofa->generateNewBackupCode(); echo "<div id=\"login\"><p align=\"center\">Your New Backup Code is:</p><div style=\"margin:20px auto;padding:10px;width:280px;background-color:#F2D4CE;border:1px dashed #AE432E;text-align:center;font-size:20px;\">" . $backupcode . "</div><p align=\"center\">Write this down on paper and keep it safe.<br />It will be needed if you ever lose your 2nd factor device or it is unavailable to you again in future.</p><form method=\"post\" action=\"dologin.php\"><p align=\"center\"><input type=\"submit\" value=\"Continue to Admin Area »\" /></p></form></div>"; } else { echo "<div id=\"login\">An error occurred. Please try again.</div>"; } } else { if (isset($_SESSION['2faverify'])) { $twofa = new WHMCS_2FA(); if ($twofa->setAdminID($_SESSION['2faadminid'])) { if (!$twofa->isActiveAdmins() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if ($whmcs->get_req_var("backupcode")) { echo "<div id=\"login\"><form method=\"post\" action=\"dologin.php\"><input type=\"hidden\" name=\"backupcode\" value=\"1\" /><p align=\"center\"><input type=\"text\" name=\"code\" size=\"25\" /> <input type=\"submit\" value=\"Login »\" /></p><p align=\"center\">Enter Your Backup Code Above to Login</p></form></div>"; } else { $challenge = $twofa->moduleCall("challenge"); if ($challenge) { echo "<div id=\"login\">" . $challenge . "<p align=\"center\">Can't Access Your 2nd Factor Device? <a href=\"login.php?backupcode=1\">Login using Backup Code</a></p></div>"; } else { echo "<div id=\"login\">Bad 2 Factor Auth Module. Please contact support.</div>"; } } } else { echo "<div id=\"login\">An error occurred. Please try again.</div>";
$ca->setTemplate("clientareasecurity"); $ca->addToBreadCrumb("clientarea.php?action=details", $whmcs->get_lang("clientareanavdetails")); $ca->addToBreadCrumb("clientarea.php?action=security", $whmcs->get_lang("clientareanavsecurity")); if ($whmcs->get_req_var("successful")) { $smartyvalues['successful'] = true; } $twofa = new WHMCS_2FA(); $twofa->setClientID($ca->getUserID()); if ($twofa->isActiveClients()) { $ca->assign("twofaavailable", true); if ($whmcs->get_req_var("2fasetup")) { if (!$twofa->isActiveClients()) { exit("Access denied"); } ob_start(); if ($twofa->isEnabled()) { echo "<div class=\"content\"><div style=\"padding:15px;\">"; $disabled = $incorrect = false; if ($password = $whmcs->get_req_var("pwverify")) { $dbpwd = get_query_val("tblclients", "password", array("id" => $ca->getUserID())); if ($whmcs->get_config("NOMD5")) { $check_pwd = decrypt($dbpwd); } else { $salt = explode(":", $dbpwd); $salt = $salt[1]; $password = generateClientPW($password, $salt); $check_pwd = $dbpwd; } if ($password == $check_pwd) { $twofa->disableUser(); $disabled = true;
header("Location: clientarea.php"); exit; } $_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']); if (WHMCS_Session::get("2faverifyc")) { $templatefile = "logintwofa"; if (WHMCS_Session::get("2fabackupcodenew")) { $smartyvalues['newbackupcode'] = true; } else { if ($whmcs->get_req_var("incorrect")) { $smartyvalues['incorrect'] = true; } } $twofa = new WHMCS_2FA(); if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) { if (!$twofa->isActiveClients() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if ($whmcs->get_req_var("backupcode")) { $smartyvalues['backupcode'] = true; } else { $challenge = $twofa->moduleCall("challenge"); if ($challenge) { $smartyvalues['challenge'] = $challenge; } else { $smartyvalues['error'] = "Bad 2 Factor Auth Module. Please contact support."; } } } else { $smartyvalues['error'] = "An error occurred. Please try again.";