exit("<div style=\"border: 1px dashed #cc0000;font-family:Tahoma;background-color:#FBEEEB;width:100%;padding:10px;color:#cc0000;\"><strong>Permissions Error</strong><br>The templates compiling directory '" . $whmcs->get_template_compiledir_name() . "' must be writeable (CHMOD 777) before you can continue.<br>If the path shown is incorrect, you can update it in the configuration.php file.</div>");
}
if (defined("CLIENTAREA") && $CONFIG['MaintenanceMode'] && !$_SESSION['adminid']) {
if ($CONFIG['MaintenanceModeURL']) {
header("Location: " . $CONFIG['MaintenanceModeURL']);
exit;
}
echo "<div style=\"border: 1px dashed #cc0000;font-family:Tahoma;background-color:#FBEEEB;width:100%;padding:10px;color:#cc0000;\"><strong>Down for Maintenance (Err 3)</strong><br>" . $CONFIG['MaintenanceModeMessage'] . "</div>";
exit;
}
$licensing = WHMCS_License::init();
if ($licensing->getVersionHash() != "9eb7da5f081b3fc7ae1e460afdcb89ea8239eca1") {
exit("License Checking Error");
}
if (defined("CLIENTAREA") && isset($_SESSION['uid']) && !isset($_SESSION['adminid'])) {
$twofa = new WHMCS_2FA();
$twofa->setClientID($_SESSION['uid']);
if ($twofa->isForced() && !$twofa->isEnabled() && $twofa->isActiveClients()) {
if ($whmcs->get_filename() == "clientarea" && ($whmcs->get_req_var("action") == "security" || $whmcs->get_req_var("2fasetup"))) {
} else {
redir("action=security&2fasetup=1&enforce=1", "clientarea.php");
}
}
}
if (isset($_SESSION['currency']) && is_array($_SESSION['currency'])) {
$_SESSION['currency'] = $_SESSION['currency']['id'];
}
if (!isset($_SESSION['uid']) && isset($_REQUEST['currency'])) {
$result = select_query("tblcurrencies", "id", array("id" => (int) $_REQUEST['currency']));
$data = mysql_fetch_array($result);
if ($data['id']) {
* @ Version : 5.2.15
* @ Author : MTIMER
* @ Release on : 2013-12-24
* @ Website : http://www.mtimer.cn
*
**/
define("ADMINAREA", true);
require "../init.php";
$aInt = new WHMCS_Admin("My Account", false);
$aInt->title = $aInt->lang("global", "myaccount");
$aInt->sidebar = "config";
$aInt->icon = "home";
$aInt->requiredFiles(array("ticketfunctions"));
$action = $whmcs->get_req_var("action");
$errormessage = "";
$twofa = new WHMCS_2FA();
$twofa->setAdminID($_SESSION['adminid']);
if ($whmcs->get_req_var("2fasetup")) {
if (!$twofa->isActiveAdmins()) {
exit("Access denied");
}
ob_start();
if ($twofa->isEnabled()) {
echo "<div class=\"content\"><div style=\"padding:15px;\">";
$disabled = $incorrect = false;
if ($password = $whmcs->get_req_var("pwverify")) {
$auth = new WHMCS_Auth();
$auth->getInfobyID($_SESSION['adminid']);
if ($auth->comparePassword($password)) {
$twofa->disableUser();
$disabled = true;
public static function getConditionalLinks()
{
global $whmcs;
$calinkupdatecc = isset($_SESSION['calinkupdatecc']) ? $_SESSION['calinkupdatecc'] : CALinkUpdateCC();
$security = isset($_SESSION['calinkupdatesq']) ? $_SESSION['calinkupdatesq'] : CALinkUpdateSQ();
if (!$security) {
$twofa = new WHMCS_2FA();
if ($twofa->isActiveClients()) {
$security = true;
}
}
return array("updatecc" => $calinkupdatecc, "updatesq" => $security, "security" => $security, "addfunds" => $whmcs->get_config("AddFundsEnabled"), "masspay" => $whmcs->get_config("EnableMassPay"), "affiliates" => $whmcs->get_config("AffiliateEnabled"), "domainreg" => $whmcs->get_config("AllowRegister"), "domaintrans" => $whmcs->get_config("AllowTransfer"), "domainown" => $whmcs->get_config("AllowOwnDomain"), "pmaddon" => get_query_val("tbladdonmodules", "value", array("module" => "project_management", "setting" => "clientenable")));
}
}
}
}
}
echo "<div id=\"login_msg\"><span style=\"font-size:14px;\"><strong>" . $msgtitle . "</strong></span><br>" . $msg . "</div>";
if (isset($_SESSION['2fabackupcodenew'])) {
$twofa = new WHMCS_2FA();
if ($twofa->setAdminID($_SESSION['2faadminid'])) {
$backupcode = $twofa->generateNewBackupCode();
echo "<div id=\"login\"><p align=\"center\">Your New Backup Code is:</p><div style=\"margin:20px auto;padding:10px;width:280px;background-color:#F2D4CE;border:1px dashed #AE432E;text-align:center;font-size:20px;\">" . $backupcode . "</div><p align=\"center\">Write this down on paper and keep it safe.<br />It will be needed if you ever lose your 2nd factor device or it is unavailable to you again in future.</p><form method=\"post\" action=\"dologin.php\"><p align=\"center\"><input type=\"submit\" value=\"Continue to Admin Area »\" /></p></form></div>";
} else {
echo "<div id=\"login\">An error occurred. Please try again.</div>";
}
} else {
if (isset($_SESSION['2faverify'])) {
$twofa = new WHMCS_2FA();
if ($twofa->setAdminID($_SESSION['2faadminid'])) {
if (!$twofa->isActiveAdmins() || !$twofa->isEnabled()) {
WHMCS_Session::destroy();
redir();
}
if ($whmcs->get_req_var("backupcode")) {
echo "<div id=\"login\"><form method=\"post\" action=\"dologin.php\"><input type=\"hidden\" name=\"backupcode\" value=\"1\" /><p align=\"center\"><input type=\"text\" name=\"code\" size=\"25\" /> <input type=\"submit\" value=\"Login »\" /></p><p align=\"center\">Enter Your Backup Code Above to Login</p></form></div>";
} else {
$challenge = $twofa->moduleCall("challenge");
if ($challenge) {
echo "<div id=\"login\">" . $challenge . "<p align=\"center\">Can't Access Your 2nd Factor Device? <a href=\"login.php?backupcode=1\">Login using Backup Code</a></p></div>";
} else {
echo "<div id=\"login\">Bad 2 Factor Auth Module. Please contact support.</div>";
}
}
public function __construct($reqpermission, $releaseSession = true)
{
global $CONFIG;
global $licensing;
global $_ADMINLANG;
global $infobox;
global $whmcs;
$infobox = "";
$licensing->remoteCheck();
if ($licensing->getStatus() != "Active") {
redir("licenseerror=" . $licensing->getStatus(), "licenseerror.php");
}
if ($CONFIG['AdminForceSSL'] && $CONFIG['SystemSSLURL']) {
if (!$_SERVER['HTTPS'] || $_SERVER['HTTPS'] == "off") {
$requesturl = $_SERVER['PHP_SELF'] . "?";
foreach ($_REQUEST as $key => $value) {
if (!is_array($value)) {
$requesturl .= "" . $key . "=" . urlencode($value) . "&";
continue;
}
}
$requesturl = substr($requesturl, 0, 0 - 1);
$requesturl = substr($requesturl, strrpos($requesturl, "/"));
header("Location: " . $CONFIG['SystemSSLURL'] . "/" . $whmcs->get_admin_folder_name() . $requesturl);
exit;
}
}
if ($reqpermission == "loginonly") {
$this->loginRequired = true;
} else {
if ($reqpermission) {
$this->requiredPermission = $reqpermission;
} else {
$this->loginRequired = false;
}
}
require ROOTDIR . "/includes/smarty/Smarty.class.php";
if ($this->loginRequired) {
$auth = new WHMCS_Auth();
if (!$auth->isLoggedIn()) {
$_SESSION['admloginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']);
redir("", "login.php");
}
$auth->getInfobyID($_SESSION['adminid']);
if ($auth->isSessionPWHashValid()) {
$auth->updateAdminLog();
$this->adminTemplate = $auth->getAdminTemplate();
if ($auth->getAdminLanguage()) {
$this->language = $auth->getAdminLanguage();
}
} else {
$auth->destroySession();
redir("", "login.php");
}
}
if ($releaseSession) {
releaseSession();
}
if ($this->requiredPermission) {
$permid = array_search($this->requiredPermission, getAdminPermsArray());
$result = select_query("tbladmins", "roleid", array("id" => $_SESSION['adminid']));
$data = mysql_fetch_array($result);
$roleid = $data['roleid'];
$result = select_query("tbladminperms", "COUNT(*)", array("roleid" => $roleid, "permid" => $permid));
$data = mysql_fetch_array($result);
$match = $data[0];
if (!$match) {
redir("permid=" . $permid, "accessdenied.php");
exit;
}
}
$filename = $_SERVER['PHP_SELF'];
$filename = substr($filename, strrpos($filename, "/"));
$filename = str_replace(array("/", ".php"), "", $filename);
if (isset($_SESSION['adminid'])) {
$twofa = new WHMCS_2FA();
$twofa->setAdminID($_SESSION['adminid']);
if ($filename != "myaccount" && $twofa->isForced() && !$twofa->isEnabled() && $twofa->isActiveAdmins()) {
redir("2faenforce=1", "myaccount.php");
}
}
$this->filename = $filename;
$this->rowLimit = $CONFIG['NumRecordstoDisplay'];
if (isset($_SESSION['adminlang']) && $_SESSION['adminlang']) {
$this->language = $_SESSION['adminlang'];
}
$this->language = $whmcs->validateLanguage($this->language, true);
$whmcs->loadLanguage($this->language, true);
}
}
if (substr($gotourl, 0 - 28) == "&incorrect=true&backupcode=1" || substr($gotourl, 0 - 28) == "?incorrect=true&backupcode=1" || substr($gotourl, 0 - 28) == "&backupcode=1&incorrect=true" || substr($gotourl, 0 - 28) == "?backupcode=1&incorrect=true") {
$gotourl = substr($gotourl, 0, strlen($gotourl) - 28);
}
unset($_SESSION['loginurlredirect']);
}
}
if (!$gotourl) {
$gotourl = "clientarea.php";
}
if ($whmcs->get_req_var("newbackupcode")) {
header("Location: " . $gotourl);
exit;
}
$loginsuccess = $istwofa = false;
$twofa = new WHMCS_2FA();
if ($twofa->isActiveClients() && isset($_SESSION['2faverifyc'])) {
$twofa->setClientID($_SESSION['2faclientid']);
if ($whmcs->get_req_var("backupcode")) {
$success = $twofa->verifyBackupCode($whmcs->get_req_var("code"));
} else {
$success = $twofa->moduleCall("verify");
}
if ($success) {
validateClientLogin(get_query_val("tblclients", "email", array("id" => $_SESSION['2faclientid'])), "", true);
if ($_SESSION['2farememberme']) {
wSetCookie("User", $_SESSION['uid'] . ":" . sha1($_SESSION['upw'] . $whmcs->get_hash()), time() + 60 * 60 * 24 * 365);
} else {
wDelCookie("User");
}
WHMCS_Session::delete("2faclientid");
function validateClientLogin($username, $password, $twofadone = false)
{
global $CONFIG;
global $whmcs;
if ($username && ($password || $_SESSION['adminid'] || $twofadone)) {
} else {
return false;
}
if (isset($_SESSION['uid'])) {
unset($_SESSION['uid']);
}
if (isset($_SESSION['cid'])) {
unset($_SESSION['cid']);
}
if (isset($_SESSION['upw'])) {
unset($_SESSION['upw']);
}
$login_uid = $login_cid = $login_pwd = $loginsharematch = "";
$where = array();
$where['email'] = $username;
if (!$_SESSION['adminid']) {
$where['status'] = array("sqltype" => "NEQ", "value" => "Closed");
}
$result = select_query("tblclients", "", $where);
$data = mysql_fetch_array($result);
$login_uid = $data['id'];
$login_pwd = $data['password'];
$language = $data['language'];
$authmodule = $data['authmodule'];
if (!$login_uid) {
$result = select_query("tblcontacts", "", array("email" => $username, "subaccount" => "1", "password" => array("sqltype" => "NEQ", "value" => "")));
$data = mysql_fetch_array($result);
$login_cid = $data['id'];
$login_uid = $data['userid'];
$login_pwd = $data['password'];
$result = select_query("tblclients", "id,language", array("id" => $login_uid, "status" => array("sqltype" => "NEQ", "value" => "Closed")));
$data = mysql_fetch_array($result);
$login_uid = $data['id'];
$language = $data['language'];
}
if (!$login_uid) {
$hookresults = run_hook("ClientLoginShare", array("username" => $username, "password" => $password));
foreach ($hookresults as $hookres) {
if ($hookres) {
$hookid = $hookres['id'];
$hookemail = $hookres['email'];
if ($hookid) {
$result = select_query("tblclients", "", array("id" => $hookid));
} else {
$result = select_query("tblclients", "", array("email" => $hookemail));
}
$data = mysql_fetch_array($result);
$login_uid = $data['id'];
if ($login_uid) {
$loginsharematch = true;
$login_pwd = $data['password'];
$language = $data['language'];
continue;
}
if ($hookres['create']) {
addClient($hookres['firstname'], $hookres['lastname'], $hookres['companyname'], $hookres['email'], $hookres['address1'], $hookres['address2'], $hookres['city'], $hookres['state'], $hookres['postcode'], $hookres['country'], $hookres['phonenumber'], $hookres['password'], "", "", false);
return true;
}
continue;
}
}
}
if ($login_uid) {
if ($CONFIG['NOMD5']) {
$check_pwd = decrypt($login_pwd);
} else {
$salt = explode(":", $login_pwd);
$salt = $salt[1];
$password = generateClientPW($password, $salt);
$check_pwd = $login_pwd;
}
$adminallowedclientlogin = false;
if (isset($_SESSION['adminid'])) {
$adminroleid = get_query_val("tbladmins", "roleid", array("id" => $_SESSION['adminid']));
$adminallowedclientlogin = get_query_val("tbladminperms", "permid", array("roleid" => $adminroleid, "permid" => "120"));
}
if ($password === $check_pwd || isset($_SESSION['adminid']) && $adminallowedclientlogin || $loginsharematch || $twofadone) {
$twofa = new WHMCS_2FA();
if ($twofa->isActiveClients() && $authmodule && !$twofadone && !isset($_SESSION['adminid'])) {
$_SESSION['2faverifyc'] = true;
$_SESSION['2faclientid'] = $login_uid;
$_SESSION['2farememberme'] = $whmcs->get_req_var("rememberme");
return false;
}
if (!isset($_SESSION['adminid'])) {
$fullhost = gethostbyaddr($whmcs->get_user_ip());
update_query("tblclients", array("lastlogin" => "now()", "ip" => $whmcs->get_user_ip(), "host" => $fullhost), array("id" => $login_uid));
}
$_SESSION['uid'] = $login_uid;
if ($login_cid) {
$_SESSION['cid'] = $login_cid;
}
$haship = $CONFIG['DisableSessionIPCheck'] ? "" : $whmcs->get_user_ip();
$_SESSION['upw'] = sha1($login_uid . $login_cid . $login_pwd . $haship . substr(sha1($whmcs->get_hash()), 0, 20));
if (!isset($_SESSION['adminid'])) {
set_token(genRandomVal());
}
if ($language && !isset($_SESSION['adminid'])) {
$_SESSION['Language'] = $language;
}
run_hook("ClientLogin", array("userid" => $login_uid));
return true;
}
}
if ($login_uid) {
logActivity("Failed Login Attempt - User ID: " . $login_uid, $login_uid);
}
return false;
}
*
* @ WHMCS FULL DECODED & NULLED
*
* @ Version : 5.2.15
* @ Author : MTIMER
* @ Release on : 2013-12-24
* @ Website : http://www.mtimer.cn
*
**/
define("ADMINAREA", true);
require "../init.php";
session_regenerate_id();
$username = $whmcs->get_req_var("username");
$password = $whmcs->get_req_var("password");
$auth = new WHMCS_Auth();
$twofa = new WHMCS_2FA();
if ($twofa->isActiveAdmins() && isset($_SESSION['2faverify'])) {
$twofa->setAdminID($_SESSION['2faadminid']);
if (WHMCS_Session::get("2fabackupcodenew")) {
WHMCS_Session::delete("2fabackupcodenew");
WHMCS_Session::delete("2faverify");
WHMCS_Session::delete("2faadminid");
WHMCS_Session::delete("2farememberme");
if (isset($_SESSION['admloginurlredirect'])) {
$loginurlredirect = $_SESSION['admloginurlredirect'];
unset($_SESSION['admloginurlredirect']);
$urlparts = explode("?", $loginurlredirect, 2);
$filename = !empty($urlparts[0]) ? $urlparts[0] : "";
$qry_string = !empty($urlparts[1]) ? $urlparts[1] : "";
redir($qry_string, $filename);
} else {
}
logActivity("Modified Password - User ID: " . $client->getID() . ($_SESSION['cid'] ? " - Contact ID: " . $_SESSION['cid'] : ""));
$smartyvalues['successful'] = true;
}
}
$smartyvalues['errormessage'] = $validate->getHTMLErrorOutput();
} else {
if ($action == "security") {
checkContactPermission("changesq");
$ca->setTemplate("clientareasecurity");
$ca->addToBreadCrumb("clientarea.php?action=details", $whmcs->get_lang("clientareanavdetails"));
$ca->addToBreadCrumb("clientarea.php?action=security", $whmcs->get_lang("clientareanavsecurity"));
if ($whmcs->get_req_var("successful")) {
$smartyvalues['successful'] = true;
}
$twofa = new WHMCS_2FA();
$twofa->setClientID($ca->getUserID());
if ($twofa->isActiveClients()) {
$ca->assign("twofaavailable", true);
if ($whmcs->get_req_var("2fasetup")) {
if (!$twofa->isActiveClients()) {
exit("Access denied");
}
ob_start();
if ($twofa->isEnabled()) {
echo "<div class=\"content\"><div style=\"padding:15px;\">";
$disabled = $incorrect = false;
if ($password = $whmcs->get_req_var("pwverify")) {
$dbpwd = get_query_val("tblclients", "password", array("id" => $ca->getUserID()));
if ($whmcs->get_config("NOMD5")) {
$check_pwd = decrypt($dbpwd);
**/
if (!defined("WHMCS")) {
header("Location: clientarea.php");
exit;
}
$_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']);
if (WHMCS_Session::get("2faverifyc")) {
$templatefile = "logintwofa";
if (WHMCS_Session::get("2fabackupcodenew")) {
$smartyvalues['newbackupcode'] = true;
} else {
if ($whmcs->get_req_var("incorrect")) {
$smartyvalues['incorrect'] = true;
}
}
$twofa = new WHMCS_2FA();
if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) {
if (!$twofa->isActiveClients() || !$twofa->isEnabled()) {
WHMCS_Session::destroy();
redir();
}
if ($whmcs->get_req_var("backupcode")) {
$smartyvalues['backupcode'] = true;
} else {
$challenge = $twofa->moduleCall("challenge");
if ($challenge) {
$smartyvalues['challenge'] = $challenge;
} else {
$smartyvalues['error'] = "Bad 2 Factor Auth Module. Please contact support.";
}
}
