/** * Melde den spezifizierte User mit dem angegebenen Benutername / Passwort an * @param string $username * @param string $password * @param string $googleAuthCode */ public function loginPerson(string $username, string $password, string $googleAuthCode) { $user = $this->model->load($username); $passwordCorrect = password_verify($password, $user['password']); if ($passwordCorrect) { $secret = $user['secret']; //If Secret is set if ($secret) { $authenticator = new PHPGangsta_GoogleAuthenticator(); $result = $authenticator->verifyCode($user['secret'], $googleAuthCode, 2); // 2 = 2*30sec clock tolerance //Entered Code correct if ($result) { $this->saveUser($user); return; } //Code wrong $this->loginError(); return; } $this->saveUser($user); return; } //Password wrong $this->loginError(); }
public function display() { include_once $this->root_path . 'libraries/twofactor/googleAuthenticator.class.php'; $ga = new PHPGangsta_GoogleAuthenticator(); $secret = $ga->createSecret(); $this->tpl->assign_vars(array('TWOFACTOR_KEY' => $secret, 'TWOFACTOR_QR' => $ga->getQRCodeGoogleUrl(str_replace(' ', '_', 'EQdkpPlus ' . $this->config->get('guildtag')), $secret), 'TWOFACTOR_KEY_ENCR' => rawurlencode(register('encrypt')->encrypt($secret)))); $this->core->set_vars(array('page_title' => "", 'header_format' => "simple", 'template_file' => 'twofactor_init.html', 'display' => true)); }
public function updateSettings(string $newUsername, string $newName, string $newSurname, string $newMail, string $newPassword, string $newRepPassword, string $secret, string $authenticatorCode) { $valuesValid = Register::inputValid($newUsername, $newPassword, $newRepPassword, $newSurname, $newName, $newMail); //Password can be empty or must be valid $allValid = $valuesValid[0] && ($newPassword == "" || $valuesValid[1]) && $valuesValid[2] && $valuesValid[3] && $valuesValid[4]; //Authenticator $authenticator = new PHPGangsta_GoogleAuthenticator(); $codeCorrect = $authenticator->verifyCode($secret, $authenticatorCode); if ($allValid) { $this->model->update($newUsername, $newName, $newSurname, $newMail, $allValid[1] ? $newPassword : null, $codeCorrect ? $secret : null); //Reload User from Database $changedUser = $this->loginModel->load($newUsername); $this->session->setCurrentUser($changedUser); return; } http_response_code(500); }
public function get_ga_settings($username = '') { $data = array('ga_enabled' => 0, 'ga_secret' => ''); if ($username == "") { return $data; } $GA = new PHPGangsta_GoogleAuthenticator(); $query = $this->db->query("SELECT ga_enabled, ga_secret FROM " . TABLE_USER_SETTINGS . " WHERE username=?", array($username)); if (isset($query->row['ga_enabled'])) { $data['ga_enabled'] = $query->row['ga_enabled']; $data['ga_secret'] = $query->row['ga_secret']; if ($data['ga_secret'] == '') { $data['ga_secret'] = $GA->createSecret(); $this->update_ga_secret($username, $data['ga_secret']); } } else { $query = $this->db->query("INSERT INTO " . TABLE_USER_SETTINGS . " (username, ga_enabled, ga_secret) VALUES(?,0,?)", array($username, $GA->createSecret())); } return $data; }
<?php require_once './PHPGangsta/GoogleAuthenticator.php'; $ga = new PHPGangsta_GoogleAuthenticator(); echo $ga->createSecret(16); exit; $secret = 'QEOODZHBTPE6ZJI7'; echo "Secret is: " . $secret . "\n\n"; $qrCodeUrl = $ga->getQRCodeGoogleUrl('trungphc', $secret, urlencode('Mecorp - Inside')); echo "Google Charts URL for the QR-Code: " . $qrCodeUrl . "\n\n"; $oneCode = $ga->getCode($secret); echo "Checking Code '{$oneCode}' and Secret '{$secret}':\n"; $checkResult = $ga->verifyCode($secret, '178922', 0); // 2 = 2*30sec clock tolerance if ($checkResult) { echo 'OK'; } else { echo 'FAILED'; } $checkResult = $ga->verifyCode($secret, $oneCode, 0); // 2 = 2*30sec clock tolerance if ($checkResult) { echo 'OK'; } else { echo 'FAILED'; }
<?php include_once 'config.php'; include_once 'funciones.php'; include_once 'View.php'; require_once 'GoogleAuthenticator.php'; $usuario = $_POST['user']; $clave = sha1($_POST['pass']); $ga = new PHPGangsta_GoogleAuthenticator(); $token = $ga->createSecret(); $coneccion = conectarDB($parametrosGlobales['db']); $resultado = $coneccion->query("INSERT INTO usuario (`user`, `pass`, `token`) VALUES ('{$usuario}', '{$clave}', '{$token}')"); if (!$resultado) { echo "Falló la creación del usuario: (" . $coneccion->errno . ") " . $coneccion->error; } else { $ultimoID = $coneccion->insert_id; header("Location: verUsuario.php?id={$ultimoID}"); } ?> <br><br><br><a href="index.php">Ir al Login</a>
</head> <body> <form action="" method="post" id="form_install"> <div id="installer"> <div id="header"> <div id="logo"></div> <div id="logotext">Google Authenticator</div> </div><br/> <div id="main"> <div id="content"> <h1 class="hicon home">Google Authenticator Token</h1> <h2> <?php $ga = new PHPGangsta_GoogleAuthenticator(); echo $ga->getCode($strSecret); ?> </h2> <div class="buttonbar"> <input id="submit_button" type="submit" class="ui-button-text-icon-primary" name="next" value="Generate new Token" /> </div> </div> </div> </div> <div id="footer"> EQDKP Plus © 2006 - <?php echo date('Y', time()); ?> by EQDKP Plus Development-Team
<?php /** * Created by PhpStorm. * User: Alain * Date: 22.03.2016 * Time: 13:31 */ require_once "../controller/CustomSession.php"; require_once "../external/GoogleAuthenticator.php"; $user = CustomSession::getInstance()->getCurrentUser(); $ga = new PHPGangsta_GoogleAuthenticator(); //Secret already exists => Use it. Else => Create one $secret = $user['secret'] ? $user['secret'] : $ga->createSecret(); ?> <div id="content"> <h1>Einstellungen</h1> <form onsubmit="applySettings(); return false;" id="settingsForm"> <div id="settingsLeft"> <label for="Username" class="SettingsLabel">Benutzername</label> <br/> <input type="text" id="Username" name="Username" class="ContentInput" required="required" value="<?php echo $user['username']; ?> "> <br/> <label for="Name" class="SettingsLabel">Name</label> <br/> <input type="text" id="Name" name="Name" class="ContentInput" required="required"
require_once "plib/head.php"; if ($ck_u_type !== "0") { exit("无权限进行此操作"); } $nav_str .= " > <a href=userlist.php>用户列表</a> > 添加用户"; $cgi = getCGI(); gsql_esc($cgi); $username = $cgi[username]; $login = $cgi[login]; $passwd = $cgi[passwd]; $note = $cgi[note]; $type = $cgi[type]; if ($username && $login && $type && $passwd) { $salt = getSalt(); $passwd = md5($passwd . $salt); $ga = new PHPGangsta_GoogleAuthenticator(); $secret = $ga->createSecret(); $sqlstr = sprintf("insert into user set name='%s', login='******', passwd='%s', type='%s', note='%s',c_id=%s,secret='%s',salt='%s',createdt=now()", $username, $login, $passwd, $type, $note, $ck_u_id, $secret, $salt); $res = mysql_query($sqlstr, $pub_mysql) or exit(mysql_error() . "\n" . $sqlstr); header("Location: userlist.php"); exit; } ?> <html> <head> <title>adduser</title> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo HTML_CHARSET; ?>
$codes = generate_recovery_codes(); $db->update_query("adminoptions", array("recovery_codes" => $db->escape_string(my_serialize($codes))), "uid='{$mybb->user['uid']}'"); // And now display them $page->output_header($lang->recovery_codes); $table = new Table(); $table->construct_header($lang->recovery_codes); $table->construct_cell($lang->recovery_codes_warning); $table->construct_row(); $table->construct_cell(implode("<br />", $codes)); $table->construct_row(); $table->output($lang->recovery_codes); $page->output_footer(); } if (!$mybb->input['action']) { require_once MYBB_ROOT . "inc/3rdparty/2fa/GoogleAuthenticator.php"; $auth = new PHPGangsta_GoogleAuthenticator(); $plugins->run_hooks("admin_home_preferences_start"); if ($mybb->request_method == "post") { $query = $db->simple_select("adminoptions", "permissions, defaultviews, authsecret, recovery_codes", "uid='{$mybb->user['uid']}'"); $adminopts = $db->fetch_array($query); $secret = $adminopts['authsecret']; // Was the option changed? empty = disabled so == if ($mybb->input['2fa'] == empty($secret)) { // 2FA was enabled -> create secret and log if ($mybb->input['2fa']) { $secret = $auth->createSecret(); // We don't want to close this session now $db->update_query("adminsessions", array("authenticated" => 1), "sid='" . $db->escape_string($mybb->cookies['adminsid']) . "'"); log_admin_action("enabled"); } else { $secret = "";
<?php require_once '../include/GoogleAuthenticator/PHPGangsta/GoogleAuthenticator.php'; require_once '../include/db_connection.inc'; require 'variables.php'; $ga = new PHPGangsta_GoogleAuthenticator(); $error = 0; // Passwords match if ($repeatPassword != $selectedPassword) { $error = 1; } // Google Authenticator is correct if (!$ga->verifyCode($googleAuthenticatorSecret, $googleAuthenticatorCode, 2)) { $error = 2; } // Password is correct if (!preg_match($passwordRegularExpression, $selectedPassword)) { $error = 3; } // Username is correct if (strlen($selectedUsername) >= 40 || strlen($selectedUsername) <= 1) { $error = 4; } // No Errors if ($error == 0) { $db = $_SESSION['DBConnection']; $options = ['cost' => 11, 'salt' => $googleAuthenticatorSecret . 'i<34u2']; $hashedPassword = password_hash($selectedPassword, PASSWORD_BCRYPT, $options); $query = "INSERT INTO user(username, firstname, lastname, password, secret) VALUES(?, ?, ?, ?, ?)"; $stmt = mysqli_prepare($db, $query); $stmt->bind_param('sssss', $selectedUsername, $selectedFirstName, $selectedLastName, $hashedPassword, $googleAuthenticatorSecret);
/* 导入头文件 */ require_once 'header.php'; require_once 'Library/GoogleAuthenticator/GoogleAuthenticator.php'; /** * 登陆处理 */ $username = htmlspecialchars($_POST['username']); $password = $_POST['password']; // 动态令牌码 // 参数不完整 if (!$username || !$password) { $result = array('ret_code' => -1, 'err_msg' => '参数错误'); ajaxReturn($result); } # 验证动态令牌 $ga = new PHPGangsta_GoogleAuthenticator(); $secret = $UserInfo[$username]; // 最后一个参数 为容差时间,这里是2 那么就是 2* 30 sec 一分钟.默认为1 $checkResult = $secret ? $ga->verifyCode($secret, $password, 1) : false; if ($checkResult) { $_SESSION["username"] = $username; $result = array('ret_code' => 1, 'suc_msg' => '登陆成功'); ajaxReturn($result); /** * @todo 因为没有限制尝试次数,所以后期会发送进行登陆发送通知邮件给管理员和用户. */ } else { $result = array('ret_code' => -1, 'err_msg' => '用户名或密码错误,请检查后重试'); ajaxReturn($result); }
/** * User-Login * * @param $strUsername * @param $strPassword * @param $boolUseHash Use Hash for comparing * @return bool/array */ public function login($strUsername, $strPassword, $boolUseHash = false) { $user = unserialize(register('encrypt')->decrypt($this->in->get('twofactor_data'))); $code = $this->in->get('twofactor_code'); $blnLoginResult = false; if ($user == "" || $code == "") { return false; } if ($user && $user != ANONYMOUS) { $arrAuthAccounts = $this->pdh->get('user', 'auth_account', array($user)); if ($arrAuthAccounts['twofactor'] != "") { $data = unserialize(register('encrypt')->decrypt($arrAuthAccounts['twofactor'])); if ($data) { if ($code === $data['emergency_token']) { $this->pdh->put('user', 'delete_authaccount', array($user, "twofactor")); $userdata = $this->pdh->get('user', 'data', array($user)); if ($userdata) { list($strPwdHash, $strSalt) = explode(':', $userdata['user_password']); if ($this->in->get('twofactor_cookie', 0)) { set_cookie("twofactor", register('encrypt')->encrypt(serialize(array('secret' => $data['secret'], 'user_id' => $userdata['user_id']))), time() + 60 * 60 * 24 * 30); } return array('status' => 1, 'user_id' => $userdata['user_id'], 'password_hash' => $strPwdHash, 'autologin' => true, 'user_login_key' => $userdata['user_login_key']); } } //Check Code if (!$blnLoginResult) { include_once $this->root_path . 'libraries/twofactor/googleAuthenticator.class.php'; $ga = new PHPGangsta_GoogleAuthenticator(); $checkResult = $ga->verifyCode($data['secret'], $code, 5); // 2 = 2*30sec clock tolerance if ($checkResult) { $blnLoginResult = true; $userdata = $this->pdh->get('user', 'data', array($user)); if ($userdata) { list($strPwdHash, $strSalt) = explode(':', $userdata['user_password']); if ($this->in->get('twofactor_cookie', 0)) { set_cookie("twofactor", register('encrypt')->encrypt(serialize(array('secret' => $data['secret'], 'user_id' => $userdata['user_id']))), time() + 60 * 60 * 24 * 30); } return array('status' => 1, 'user_id' => $userdata['user_id'], 'password_hash' => $strPwdHash, 'autologin' => true, 'user_login_key' => $userdata['user_login_key']); } } } } } } return false; }
<?php require_once "config.php"; require DIR_SYSTEM . "/startup.php"; $loader = new Loader(); $language = new Language(); $db = new DB(DB_DRIVER, DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE, DB_PREFIX); Registry::set('db', $db); $loader->model('user/prefs'); $loader->helper('phpqrcode/qrlib'); $loader->helper('PHPGangsta_GoogleAuthenticator'); $p = new ModelUserPrefs(); if (isset($_GET['refresh'])) { $GA = new PHPGangsta_GoogleAuthenticator(); $new_secret = $GA->createSecret(); $p->update_ga_secret($session->get('username'), $new_secret); print "{$new_secret} <a href=\"#\" onclick=\"Piler.new_qr(); return false;\">" . $language->data['text_refresh_qr_code'] . "</a><br /><img src=\"qr.php?ts=" . microtime(true) . "\" />\n"; exit; } else { if (isset($_GET['toggle'])) { $p->toggle_ga($session->get('username'), $_GET['toggle']); } } $ga = $p->get_ga_settings($session->get('username')); QRcode::png("otpauth://totp/" . SITE_NAME . "?secret=" . $ga['ga_secret'], false, "L", 4, 2);
} $cgi_u_id = $row_user[id]; $cgi_u_login = $row_user[login]; $cgi_u_name = $row_user[name]; $cgi_u_type = $row_user[type]; $cgi_u_priv = $row_user[priv]; $cgi_u_allproj = $row_user[allproj]; $db_pwd = $row_user[passwd]; $salt = $row_user[salt]; if (md5($pwd . $salt) != $db_pwd) { $sqlstr = "update user set f_times=f_times+1 where login='******'"; $res = mysql_query($sqlstr, $pub_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error()); sys_exit("用户 {$admin} 密码错误"); } // google-authenticator 验证 $ga = new PHPGangsta_GoogleAuthenticator(); $db_secret = $row_user['secret']; //$one_code = $ga->getCode($db_secret); //服务端计算"一次性验证码" $checkResult = $ga->verifyCode($db_secret, $g_code, 2); if (!$checkResult) { $sqlstr = "update user set f_times=f_times+1 where login='******'"; $res = mysql_query($sqlstr, $pub_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error()); sys_exit("用户验证码错误"); } $ck_u_priv = ""; $sqlstr = "select p_id from user_priv where u_id='{$cgi_u_id}'"; $res = mysql_query($sqlstr, $pub_mysql) or sys_exit("系统忙, 请稍候再试。", $sqlstr . ":\n" . mysql_error()); while ($row = mysql_fetch_array($res)) { $ck_u_priv .= ",{$row['p_id']}"; } $sqlstr = "select p_id from proj where u_id='{$cgi_u_id}'";
#!/usr/local/bin/php <?php require_once 'googleauth.php'; $shortopts = ""; $shortopts .= "c:"; $shortopts .= "p:"; // Required value $shortopts .= "v::"; $shortopts .= "t::"; // Optional value $longopts = array("command:", "privatekey:", "title::"); $options = getopt($shortopts, $longopts); $ga = new PHPGangsta_GoogleAuthenticator(); $options['p'] = $ga->setSecret($options['p']); switch ($options['c']) { case "qr": echo $ga->getQRCodeGoogleUrl($options['t'], $options['p']); break; case "verify": if ($ga->verifyCode($options['p'], $options['v'], 1)) { echo "true"; exit(0); } else { echo "false"; exit(255); } break; case "qr_text": echo $ga->getURI($options['t'], $options['p']); break; }
<?php require_once("plib/db.php"); require_once("plib/GoogleAuthenticator.php"); $id=isset($_GET[id])?intval($_GET['id']):1; $sqlstr ="select id, login, name, type, priv, allproj, passwd, salt,secret from user where id=$id limit 1"; $res = mysql_query($sqlstr,$pub_mysql) or exit("系统忙, 请稍候再试。".$sqlstr . ":\n" . mysql_error()); $data=array(); $row_user = mysql_fetch_array($res, MYSQL_ASSOC); $ga = new PHPGangsta_GoogleAuthenticator(); $secret=$row_user['secret']; $qrCodeUrl = $ga->getQRCodeGoogleUrl('www.17co8.com', $secret); //第一个参数是"标识",第二个参数为"安全密匙SecretKey" 生成二维码信息 echo "Google Charts URL for the QR-Code: ".$qrCodeUrl."<br/>"; echo "<html><body><img src='".$qrCodeUrl."'><body></html>"; $oneCode = $ga->getCode($secret); //服务端计算"一次性验证码" echo "服务端计算的验证码是:".$oneCode."\n\n"; exit;
<?php require_once 'twofactorauth.php'; $ga = new PHPGangsta_GoogleAuthenticator(); $secret = "S7PVGLOXTXFDNT5S"; /* Wichtige kommandos: $secret = $ga->createSecret(); */ $qrCodeUrl = $ga->getQRCodeGoogleUrl('username', $secret, 'Synchro'); echo "<img src='" . $qrCodeUrl . "'></img>"; /* $checkResult = $ga->verifyCode($secret, $oneCode, 2); */ if (!isset($_GET["auth"])) { ?> <form action="test.php?auth" method="post"> <input type="text" name="code"> <input type="submit"> </form> <?php } else { $checkResult = $ga->verifyCode($secret, $_POST["code"], 2); // 2 = 2*30sec clock tolerance if ($checkResult) { echo 'OK'; } else { echo 'FAILED'; } }
/** * get a google_authenticator QR code to be scanned- * @return string */ public function google_authenticator_qr() { if ($this->google_authenticator != '') { require Kohana::find_file('vendor', 'GoogleAuthenticator'); $ga = new PHPGangsta_GoogleAuthenticator(); return $ga->getQRCodeGoogleUrl(core::config('general.site_name'), $this->google_authenticator); } return FALSE; }
if ($mybb->input['do'] == "do_2fa" && $mybb->request_method == "post") { // Test whether it's a recovery code $recovery = false; $codes = my_unserialize($admin_options['recovery_codes']); if (!empty($codes) && in_array($mybb->get_input('code'), $codes)) { $recovery = true; $ncodes = array_diff($codes, array($mybb->input['code'])); // Removes our current code from the codes array $db->update_query("adminoptions", array("recovery_codes" => $db->escape_string(my_serialize($ncodes))), "uid='{$mybb->user['uid']}'"); if (count($ncodes) == 0) { flash_message($lang->my2fa_no_codes, "error"); } } // Validate the code require_once MYBB_ROOT . "inc/3rdparty/2fa/GoogleAuthenticator.php"; $auth = new PHPGangsta_GoogleAuthenticator(); $test = $auth->verifyCode($admin_options['authsecret'], $mybb->get_input('code')); // Either the code was okay or it was a recovery code if ($test === true || $recovery === true) { // Correct code -> session authenticated $db->update_query("adminsessions", array("authenticated" => 1), "sid='" . $db->escape_string($mybb->cookies['adminsid']) . "'"); $admin_session['authenticated'] = 1; $db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'"); my_setcookie('acploginattempts', 0); // post would result in an authorization code mismatch error $mybb->request_method = "get"; } else { // Wrong code -> close session (aka logout) $db->delete_query("adminsessions", "sid='" . $db->escape_string($mybb->cookies['adminsid']) . "'"); my_unsetcookie('adminsid'); // Now test whether we need to lock this guy completly
private function __checkCode($code, $secret = null) { $ga = new PHPGangsta_GoogleAuthenticator(); return $ga->verifyCode($secret ? $secret : self::__getSecret(), $code, 2); // 2 = 2*30sec clock tolerance }
<?php require_once '../include/GoogleAuthenticator/PHPGangsta/GoogleAuthenticator.php'; require_once '../include/db_connection.inc'; require 'variables.php'; $query = 'SELECT * FROM user WHERE username = ? LIMIT 1'; $stmt = mysqli_prepare($db, $query); $stmt->bind_param('s', $username); $stmt->execute(); $result = $stmt->get_result(); $user = mysqli_fetch_array($result); $ga = new PHPGangsta_GoogleAuthenticator(); $checkResult = $ga->verifyCode($user['secret'], $googleAuthenticatorCode, 2); // 2 = 2*30sec clock tolerance $passwordCorrect = password_verify($password, $user['password']); if ($checkResult && $passwordCorrect) { $_SESSION['CurrentUser'] = $user; header('Location: ../index.php?action=welcome'); } else { $error = 132; header('Location: ../index.php?action=welcome&error=' . $error); }
public function generate_totp_qrcode($secret) { $ga = new PHPGangsta_GoogleAuthenticator(); return $ga->getQRCodeGoogleUrl($this->config_vars['name'], $secret); }
/** * @return string */ public function CreateSecret() { include_once APP_VERSION_ROOT_PATH . 'app/libraries/PHPGangsta/GoogleAuthenticator.php'; $oGoogleAuthenticator = new \PHPGangsta_GoogleAuthenticator(); return $oGoogleAuthenticator->createSecret(); }
session_start(); require_once "classes/csrf.php"; ob_start(); if (version_compare(PHP_VERSION, '5.3.7', '<')) { errorMessage(1, $lang); } else { if (version_compare(PHP_VERSION, '5.5.0', '<')) { require_once "classes/password.php"; } } if (file_exists('config/settings.php')) { $settings = (require_once 'config/settings.php'); require_once "classes/login.php"; $login = new Login(); require_once "classes/googleAuth.php"; $gauth = new PHPGangsta_GoogleAuthenticator(); include_once 'config/english.php'; foreach ($settings['plugins'] as &$plugin) { if (file_exists("plugins/" . $plugin . "/lang/lang.php")) { include "plugins/" . $plugin . "/lang/lang.php"; } } if (file_exists('views/debug')) { include "views/debug/init.php"; } else { $debug = false; } if (isset($_GET['searchText'])) { $search = $_GET['searchText']; } require_once "gfunctions.php";
/** * @param $oServer * @return mixed */ public function AjaxVerifyUserToken($oServer) { $sEmail = trim(stripcslashes($oServer->getParamValue('Email', null))); $sCode = intval(trim(stripcslashes($oServer->getParamValue('Code', null)))); $bSignMe = $oServer->getParamValue('SignMe') === 'true' ? true : false; try { $oApiUsers = \CApi::Manager('users'); $oAccount = $oApiUsers->getAccountByEmail($sEmail); $sDataValue = $this->getCode($oAccount); $oGoogle = new PHPGangsta_GoogleAuthenticator(); $oStatus = $oGoogle->verifyCode($sDataValue, $sCode, $this->discrepancy); if ($oStatus) { $this->_writeLogs($sDataValue . ' is valid'); $oApiIntegratorManager = \CApi::Manager('integrator'); $oApiIntegratorManager->SetAccountAsLoggedIn($oAccount, $bSignMe); $aResult['Result'] = true; } else { $this->_writeLogs($sDataValue . ' is not valid'); $aResult['Result'] = false; $aResult['ErrorMessage'] = $this->I18N('AUTHENTICATION_PLUGIN/WRONG_CODE'); } } catch (Exception $oEx) { $aResult['Result'] = false; $aResult['ErrorMessage'] = $oEx->getMessage(); } return $aResult; }
public function action_2step() { $action = $this->request->param('id'); if ($action == 'enable') { //load library require Kohana::find_file('vendor', 'GoogleAuthenticator'); $ga = new PHPGangsta_GoogleAuthenticator(); $this->user->google_authenticator = $ga->createSecret(); //set cookie Cookie::set('google_authenticator', $this->user->id_user, Core::config('auth.lifetime')); Alert::set(Alert::SUCCESS, __('2 Step Authentication Enabled')); } elseif ($action == 'disable') { $this->user->google_authenticator = ''; Cookie::delete('google_authenticator'); Alert::set(Alert::INFO, __('2 Step Authentication Disabled')); } try { $this->user->save(); } catch (Exception $e) { //throw 500 throw HTTP_Exception::factory(500, $e->getMessage()); } $this->redirect(Route::url('oc-panel', array('controller' => 'profile', 'action' => 'edit'))); }
function oath_output($vars) { if ($_GET['qr']) { require_once './../modules/addons/oath/phpqrcode/qrlib.php'; $company = get_query_val('tblconfiguration', 'value', "setting = 'CompanyName'"); QRcode::png('otpauth://totp/' . urlencode(str_replace(' ', '', $company)) . 'Admin?secret=' . $_GET['secret']); exit(0); } echo '<div style="text-align: center;">'; $secret = get_query_val('mod_oath_admin', 'secret', "adminid = '{$_SESSION['adminid']}'"); require_once './../modules/addons/oath/GoogleAuthenticator.php'; $gauth = new PHPGangsta_GoogleAuthenticator(); if ($vars['enable_admins'] == 'No') { echo 'Two-factor authentication is currently disabled for administrators.'; } elseif (!$secret && $_POST['enable']) { if ($_POST['secret']) { if ($gauth->verifyCode($_POST['secret'], $_POST['code'], $vars['discrepancy'])) { insert_query('mod_oath_admin', array('adminid' => $_SESSION['adminid'], 'secret' => $_POST['secret'])); $_SESSION['twofactoradmin'] = $_SESSION['adminid']; header('Location: ' . $vars['modulelink']); exit(0); } else { echo '<p><b>Your code was incorrect.</b></p>'; $secret = $_POST['secret']; } } else { $secret = $gauth->createSecret(); } echo '<p>Please scan this QR code with your mobile authenticator app.</p>'; echo '<img src="' . $vars['modulelink'] . '&qr=1&secret=' . $secret . '" />'; echo '<p>If you are unable to scan, use this secret:<br />' . $secret . '</p>'; echo '<form method="post" action="' . $vars['modulelink'] . '">'; echo '<input type="hidden" name="secret" value="' . $secret . '" />'; echo '<input type="text" name="code" placeholder="Enter your code" autocomplete="off" /><br /><br />'; echo '<input type="submit" name="enable" value="Verify Code" class="btn btn-primary" />'; echo '</form>'; } elseif (!$secret && $vars['enable_admins'] == 'Required') { echo '<b>You must enable two-factor authentication to proceed.</b><br /><br />'; echo '<form method="post" action="' . $vars['modulelink'] . '"><input type="submit" name="enable" value="Enable Two-Factor Authentication" class="btn btn-primary" /></form>'; } elseif ($secret && $_SESSION['twofactoradmin'] != $_SESSION['adminid']) { if ($_POST['code']) { if ($gauth->verifyCode($secret, $_POST['code'], $vars['discrepancy'])) { $_SESSION['twofactoradmin'] = $_SESSION['adminid']; $redirectURI = !empty($_SESSION['original_request_uri']) ? htmlspecialchars_decode($_SESSION['original_request_uri']) : 'index.php'; header('Location: ' . $redirectURI); unset($_SESSION['original_request_uri']); exit(0); } else { echo '<p style="color: red;"><b>Your code was incorrect.</b></p>'; } } echo '<p>Please enter the code generated by your mobile authenticator app.</p>'; echo '<form method="post" action="' . $vars['modulelink'] . '">'; echo '<input type="text" name="code" placeholder="Enter your code" autocomplete="off" /><br /><br />'; echo '<input type="submit" name="enable" value="Validate Login" class="btn btn-primary" />'; echo '</form>'; } elseif ($secret && $_POST['disable']) { full_query("DELETE FROM `mod_oath_admin` WHERE adminid = '{$_SESSION['adminid']}'"); unset($_SESSION['twofactoradmin']); header('Location: ' . $vars['modulelink']); exit(0); } elseif ($secret) { echo '<p>You have two-factor authentication enabled.</p>'; echo '<form method="post" action="' . $vars['modulelink'] . '"><input type="submit" name="disable" value="Disable Two-Factor Authentication" class="btn btn-danger" /></form>'; } else { echo '<p>You do not have two-factor authentication enabled.</p>'; echo '<form method="post" action="' . $vars['modulelink'] . '"><input type="submit" name="enable" value="Enable Two-Factor Authentication" class="btn btn-primary" /></form>'; } echo '</div>'; }
/** * 2step verification form * */ public function action_2step() { // 2step disabled or trying to access directly if (!Auth::instance()->logged_in() or Core::config('general.google_authenticator') == FALSE) { $this->redirect(Route::get('oc-panel')->uri()); } //template header $this->template->title = __('2 Step Authentication'); $this->template->content = View::factory('pages/auth/2step'); //if user loged in redirect home if (Auth::instance()->logged_in() and (Cookie::get('google_authenticator') == $this->user->id_user or $this->user->google_authenticator == '')) { $this->redirect(Route::get('oc-panel')->uri()); } elseif (core::post('code') and CSRF::valid('2step')) { //load library require Kohana::find_file('vendor', 'GoogleAuthenticator'); $ga = new PHPGangsta_GoogleAuthenticator(); if ($ga->verifyCode($this->user->google_authenticator, core::post('code'), 2)) { //set cookie Cookie::set('google_authenticator', $this->user->id_user, Core::config('auth.lifetime')); // redirect to the url we wanted to see Auth::instance()->login_redirect(); } else { Form::set_errors(array(__('Invalid Code'))); } } }
public function index() { $this->id = "content"; $this->template = "login/ga.tpl"; $this->layout = "common/layout-empty"; $request = Registry::get('request'); $session = Registry::get('session'); $db = Registry::get('db'); $this->load->model('user/auth'); $this->load->model('user/user'); $this->load->model('user/prefs'); if (ENABLE_SAAS == 1) { $this->load->model('saas/ldap'); $this->load->model('saas/customer'); } require DIR_BASE . 'system/helper/PHPGangsta_GoogleAuthenticator.php'; $this->data['title'] = $this->data['text_login']; $this->data['title_prefix'] = TITLE_PREFIX; $this->data['failed_login_count'] = $this->model_user_auth->get_failed_login_count(); if ($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate() == true) { $GA = new PHPGangsta_GoogleAuthenticator(); $settings = $this->model_user_prefs->get_ga_settings($session->get('username')); if (strlen($this->request->post['ga_code']) > 5 && $GA->verifyCode($settings['ga_secret'], $this->request->post['ga_code'], 2)) { $session->set("ga_block", ""); $this->model_user_prefs->get_user_preferences($session->get('username')); if (ENABLE_SAAS == 1) { $this->model_saas_customer->online($session->get('email')); } LOGGER('logged in'); if (isAdminUser() == 1) { header("Location: " . SITE_URL . "index.php?route=health/health"); exit; } header("Location: " . SITE_URL . "search.php"); exit; } else { $this->model_user_auth->increment_failed_login_count($this->data['failed_login_count']); $this->data['failed_login_count']++; } $this->data['x'] = $this->data['text_invalid_pin_code']; } $this->render(); }