/** * @param int $user_id * @param bool $admin * @param bool $auto_login * @param bool $viewonline * @param string $class * @return \Symfony\Component\HttpFoundation\Response * @throws http_exception */ public function submit($user_id, $admin, $auto_login, $viewonline, $class) { $this->user->add_lang_ext('paul999/tfa', 'common'); if (!check_form_key('tfa_login_page')) { throw new http_exception(403, 'FORM_INVALID'); } if (empty($this->user->data['tfa_random']) || $user_id != $this->user->data['tfa_uid']) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $random = $this->request->variable('random', ''); if ($this->user->data['tfa_random'] !== $random || strlen($random) !== 40) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $sql_ary = array('tfa_random' => '', 'tfa_uid' => 0); $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\tWHERE\n\t\t\t\tsession_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND\n\t\t\t\tsession_user_id = '" . (int) $this->user->data['user_id']; $this->db->sql_query($sql); if (empty($class)) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $module = $this->session_helper->findModule($class); if ($module == null) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $redirect = $this->request->variable('redirect', "{$this->root_path}/index.{$this->php_ext}"); try { if (!$module->login($user_id)) { $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); } } catch (http_exception $ex) { if ($ex->getStatusCode() == 400) { $this->template->assign_var('S_ERROR', $ex->getMessage()); $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); } } $old_session_id = $this->user->session_id; if ($admin) { $cookie_expire = time() - 31536000; $this->user->set_cookie('u', '', $cookie_expire); $this->user->set_cookie('sid', '', $cookie_expire); } $result = $this->user->session_create($user_id, $admin, $auto_login, $viewonline); // Successful session creation if ($result === true) { // If admin re-authentication we remove the old session entry because a new one has been created... if ($admin) { // the login array is used because the user ids do not differ for re-authentication $sql = 'DELETE FROM ' . SESSIONS_TABLE . "\n\t\t\t\t\tWHERE session_id = '" . $this->db->sql_escape($old_session_id) . "'\n\t\t\t\t\tAND session_user_id = " . (int) $user_id; $this->db->sql_query($sql); redirect(append_sid("{$this->root_path}adm/index.{$this->php_ext}", false, true, $this->user->data['session_id'])); } redirect(append_sid($redirect, false, true, $this->user->data['session_id'])); } throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); }