public function requireLogin() { global $whmcs; if ($this->isLoggedIn()) { if (WHMCS_Session::get("2fabackupcodenew")) { $this->setTemplate("logintwofa"); $twofa = new WHMCS_2FA(); if ($twofa->setClientID($this->getUserID())) { $backupcode = $twofa->generateNewBackupCode(); $this->assign("newbackupcode", $backupcode); WHMCS_Session::delete("2fabackupcodenew"); } else { $this->assign("newbackupcodeerror", true); } $this->output(); exit; } return true; } $_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']); if (WHMCS_Session::get("2faverifyc")) { $this->setTemplate("logintwofa"); if (WHMCS_Session::get("2fabackupcodenew")) { $this->assign("newbackupcode", true); } else { if ($whmcs->get_req_var("incorrect")) { $this->assign("incorrect", true); } } $twofa = new WHMCS_2FA(); if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) { if (!$twofa->isActiveClients() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if ($whmcs->get_req_var("backupcode")) { $this->assign("backupcode", true); } else { $challenge = $twofa->moduleCall("challenge"); if ($challenge) { $this->assign("challenge", $challenge); } else { $this->assign("error", "Bad 2 Factor Auth Module. Please contact support."); } } } else { $this->assign("error", "An error occurred. Please try again."); } } else { $this->setTemplate("login"); $this->assign("loginpage", true); $this->assign("formaction", "dologin.php"); if ($whmcs->get_req_var("incorrect")) { $this->assign("incorrect", true); } } $this->output(); exit; }
$twofa->setClientID($_SESSION['2faclientid']); if ($whmcs->get_req_var("backupcode")) { $success = $twofa->verifyBackupCode($whmcs->get_req_var("code")); } else { $success = $twofa->moduleCall("verify"); } if ($success) { validateClientLogin(get_query_val("tblclients", "email", array("id" => $_SESSION['2faclientid'])), "", true); if ($_SESSION['2farememberme']) { wSetCookie("User", $_SESSION['uid'] . ":" . sha1($_SESSION['upw'] . $whmcs->get_hash()), time() + 60 * 60 * 24 * 365); } else { wDelCookie("User"); } WHMCS_Session::delete("2faclientid"); WHMCS_Session::delete("2farememberme"); WHMCS_Session::delete("2faverifyc"); if ($whmcs->get_req_var("backupcode")) { WHMCS_Session::set("2fabackupcodenew", true); $gotourl = "clientarea.php?newbackupcode=true"; header("Location: " . $gotourl); exit; } $loginsuccess = true; } else { if (strpos($gotourl, "?")) { $gotourl .= "&"; } else { $gotourl .= "?"; } $gotourl .= "incorrect=true"; header("Location: " . $gotourl);
if ($success) { $adminfound = $auth->getInfobyID($_SESSION['2faadminid']); $auth->setSessionVars(); $auth->processLogin(); if ($_SESSION['2farememberme']) { $auth->setRememberMeCookie(); } else { $auth->unsetRememberMeCookie(); } if ($whmcs->get_req_var("backupcode")) { WHMCS_Session::set("2fabackupcodenew", true); redir("newbackupcode=1", "login.php"); } WHMCS_Session::delete("2faverify"); WHMCS_Session::delete("2faadminid"); WHMCS_Session::delete("2farememberme"); if (isset($_SESSION['admloginurlredirect'])) { $loginurlredirect = $_SESSION['admloginurlredirect']; unset($_SESSION['admloginurlredirect']); $urlparts = explode("?", $loginurlredirect, 2); $filename = !empty($urlparts[0]) ? $urlparts[0] : ""; $qry_string = !empty($urlparts[1]) ? $urlparts[1] : ""; redir($qry_string, $filename); } else { redir("", "index.php"); } exit; } redir(($whmcs->get_req_var("backupcode") ? "backupcode=1&" : "") . "incorrect=1", "login.php"); } if (!trim($username) || !trim($password)) {