/**
* Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
* to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
* there is no post data, either username or password is missing, of if the scope conditions have not been met.
*
* @param CakeRequest $request The request that contains login information.
* @param CakeResponse $response Unused response object.
* @return mixed. False on login failure. An array of User data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response)
{
list(, $model) = pluginSplit($this->settings['userModel']);
if (!$this->_checkFields($request->data)) {
return false;
}
$fields = $this->settings['fields'];
$user = $this->_findUser($request->data[$model][$fields['username']], $request->data[$model][$fields['password']]);
if (!$user) {
return false;
}
if (empty($user[$fields['secret']])) {
return $user;
}
if (!$this->_checkFields($request->data, array('code'))) {
return false;
}
$Google = new GoogleAuthenticator();
return $Google->checkCode($user[$fields['secret']], $request->data[$model][$fields['code']]) ? $user : false;
}
function twofactors_set()
{
global $tpl, $srcdir;
$usr = new Modele('users');
$usr->fetch($_SESSION['user']['user_id']);
if ($_POST['activation'] == "true") {
require_once $srcdir . '/libs/GoogleAuthenticator/GoogleAuthenticator.php';
$otp = new GoogleAuthenticator();
if (!$otp->checkCode($_SESSION['user']['GoogleAuthenticator'], $_POST['code'])) {
$tpl->assign('hsuccess', "GoogleAuthentificator code invalide");
modexec("index", "profile");
quit();
}
$usr->user_otp = $_SESSION['user']['GoogleAuthenticator'];
} else {
$usr->user_otp = "";
}
$_SESSION['user']['user_otp'] = $usr->user_otp;
redirect("index", "profile", array('hsuccess' => 1));
}
<?php
include_once "lib/GoogleAuthenticator.php";
$secret = 'XVQ2UIGO75XRUKJO';
$time = floor(time() / 30);
$code = "846474";
$g = new GoogleAuthenticator();
print "Current Code is: ";
print $g->getCode($secret);
print "\n";
print "Check if {$code} is valid: ";
if ($g->checkCode($secret, $code)) {
print "YES \n";
} else {
print "NO \n";
}
$secret = $g->generateSecret();
print "Get a new Secret: {$secret} \n";
print "The QR Code for this secret (to scan with the Google Authenticator App: \n";
print $g->getURL('chregu', 'example.org', $secret);
print "\n";
session_destroy();
header("Location: ./");
}
// check if the user is logged in.
if ($user->isLoggedIn()) {
include "../tmpl/loggedin.php";
//show the QR code if whished so
if (isset($_GET['showqr'])) {
$secret = $user->getSecret();
include "../tmpl/show-qr.php";
}
} else {
if ($user->isOTP() && isset($_POST['otp'])) {
$g = new GoogleAuthenticator();
// check if the submitted token is the right one and log in
if ($g->checkCode($user->getSecret(), $_POST['otp'])) {
// do log-in the user
$user->doLogin();
//if the user clicked the "remember the token" checkbox, set the cookie
if (isset($_POST['remember']) && $_POST['remember']) {
$user->setOTPCookie();
}
include "../tmpl/loggedin.php";
} else {
session_destroy();
include "../tmpl/login-error.php";
}
} else {
session_destroy();
include "../tmpl/login.php";
}
/**
* Permet d'authentifier un utilisateur
*
* @global type $pdo
* @param type $user Utilisateur
* @param type $pass Mot de passe chiffré
* @return boolean True si authentification réussie
*/
function login_user($user, $pass, $otp_code = null)
{
global $pdo, $srcdir;
$sql = $pdo->prepare('SELECT * FROM users WHERE user_name = ?');
$sql->bindValue(1, $user);
$sql->execute();
if ($user = $sql->fetch()) {
//Ici l'utilisateur existe
if (strlen($user['user_pass']) != 32) {
// Mot de passe non chiffré ...
$user['user_pass'] = md5($user['user_name'] . ':' . $user['user_pass']);
}
if (strlen($user['user_otp'])) {
require_once $srcdir . '/libs/GoogleAuthenticator/GoogleAuthenticator.php';
$otp = new GoogleAuthenticator();
if (!$otp->checkCode($user['user_otp'], $otp_code)) {
return -1;
}
}
//Mot de passe correct ?
if (md5($user['user_pass'] . $_SESSION['random']) == $pass) {
$_SESSION['user'] = $user;
$_SESSION['user']['role'] = aclFromText($user['user_role']);
unset($_SESSION['random']);
return true;
}
}
return false;
}
/**
* Check the verification code entered by the user.
*/
private function verify()
{
$app = JFactory::getApplication();
// get Submit tfa_key
$key = $app->input->get('tfa_key');
// Get user tfa secret key
$tfa = JFactory::getUser()->get('_params')->get('tfa');
// Check Verification from GoogleAuthenticator
$secretkey = $tfa->authentication->secret;
$g = new GoogleAuthenticator();
$this->_is_varified = (bool) $g->checkCode($secretkey, $key);
// is backup utlity used
$backupCode = $tfa->backup->code;
if (!$this->_is_varified && $backupCode && $key == $backupCode) {
$this->_is_varified = true;
$this->_changeCodeFrequency();
}
// Set into session user verified or not
$session = JFactory::getSession();
$user = $session->get('user');
$user->tfa = $this->_is_varified;
$session->set('user', $user);
$msg = '';
if (!$this->_is_varified) {
$msg = JText::_("PLG_TFA_AUTHENTICATION_FAILED");
}
$redirect_url = $app->input->get('redirect', 'index.php');
$app->redirect($redirect_url, $msg);
}
