if (defined("CLIENTAREA") && $CONFIG['MaintenanceMode'] && !$_SESSION['adminid']) { if ($CONFIG['MaintenanceModeURL']) { header("Location: " . $CONFIG['MaintenanceModeURL']); exit; } echo "<div style=\"border: 1px dashed #cc0000;font-family:Tahoma;background-color:#FBEEEB;width:100%;padding:10px;color:#cc0000;\"><strong>Down for Maintenance (Err 3)</strong><br>" . $CONFIG['MaintenanceModeMessage'] . "</div>"; exit; } $licensing = WHMCS_License::init(); if ($licensing->getVersionHash() != "9eb7da5f081b3fc7ae1e460afdcb89ea8239eca1") { exit("License Checking Error"); } if (defined("CLIENTAREA") && isset($_SESSION['uid']) && !isset($_SESSION['adminid'])) { $twofa = new WHMCS_2FA(); $twofa->setClientID($_SESSION['uid']); if ($twofa->isForced() && !$twofa->isEnabled() && $twofa->isActiveClients()) { if ($whmcs->get_filename() == "clientarea" && ($whmcs->get_req_var("action") == "security" || $whmcs->get_req_var("2fasetup"))) { } else { redir("action=security&2fasetup=1&enforce=1", "clientarea.php"); } } } if (isset($_SESSION['currency']) && is_array($_SESSION['currency'])) { $_SESSION['currency'] = $_SESSION['currency']['id']; } if (!isset($_SESSION['uid']) && isset($_REQUEST['currency'])) { $result = select_query("tblcurrencies", "id", array("id" => (int) $_REQUEST['currency'])); $data = mysql_fetch_array($result); if ($data['id']) { $_SESSION['currency'] = $data['id']; }
public static function getConditionalLinks() { global $whmcs; $calinkupdatecc = isset($_SESSION['calinkupdatecc']) ? $_SESSION['calinkupdatecc'] : CALinkUpdateCC(); $security = isset($_SESSION['calinkupdatesq']) ? $_SESSION['calinkupdatesq'] : CALinkUpdateSQ(); if (!$security) { $twofa = new WHMCS_2FA(); if ($twofa->isActiveClients()) { $security = true; } } return array("updatecc" => $calinkupdatecc, "updatesq" => $security, "security" => $security, "addfunds" => $whmcs->get_config("AddFundsEnabled"), "masspay" => $whmcs->get_config("EnableMassPay"), "affiliates" => $whmcs->get_config("AffiliateEnabled"), "domainreg" => $whmcs->get_config("AllowRegister"), "domaintrans" => $whmcs->get_config("AllowTransfer"), "domainown" => $whmcs->get_config("AllowOwnDomain"), "pmaddon" => get_query_val("tbladdonmodules", "value", array("module" => "project_management", "setting" => "clientenable"))); }
if (substr($gotourl, 0 - 28) == "&incorrect=true&backupcode=1" || substr($gotourl, 0 - 28) == "?incorrect=true&backupcode=1" || substr($gotourl, 0 - 28) == "&backupcode=1&incorrect=true" || substr($gotourl, 0 - 28) == "?backupcode=1&incorrect=true") { $gotourl = substr($gotourl, 0, strlen($gotourl) - 28); } unset($_SESSION['loginurlredirect']); } } if (!$gotourl) { $gotourl = "clientarea.php"; } if ($whmcs->get_req_var("newbackupcode")) { header("Location: " . $gotourl); exit; } $loginsuccess = $istwofa = false; $twofa = new WHMCS_2FA(); if ($twofa->isActiveClients() && isset($_SESSION['2faverifyc'])) { $twofa->setClientID($_SESSION['2faclientid']); if ($whmcs->get_req_var("backupcode")) { $success = $twofa->verifyBackupCode($whmcs->get_req_var("code")); } else { $success = $twofa->moduleCall("verify"); } if ($success) { validateClientLogin(get_query_val("tblclients", "email", array("id" => $_SESSION['2faclientid'])), "", true); if ($_SESSION['2farememberme']) { wSetCookie("User", $_SESSION['uid'] . ":" . sha1($_SESSION['upw'] . $whmcs->get_hash()), time() + 60 * 60 * 24 * 365); } else { wDelCookie("User"); } WHMCS_Session::delete("2faclientid"); WHMCS_Session::delete("2farememberme");
function validateClientLogin($username, $password, $twofadone = false) { global $CONFIG; global $whmcs; if ($username && ($password || $_SESSION['adminid'] || $twofadone)) { } else { return false; } if (isset($_SESSION['uid'])) { unset($_SESSION['uid']); } if (isset($_SESSION['cid'])) { unset($_SESSION['cid']); } if (isset($_SESSION['upw'])) { unset($_SESSION['upw']); } $login_uid = $login_cid = $login_pwd = $loginsharematch = ""; $where = array(); $where['email'] = $username; if (!$_SESSION['adminid']) { $where['status'] = array("sqltype" => "NEQ", "value" => "Closed"); } $result = select_query("tblclients", "", $where); $data = mysql_fetch_array($result); $login_uid = $data['id']; $login_pwd = $data['password']; $language = $data['language']; $authmodule = $data['authmodule']; if (!$login_uid) { $result = select_query("tblcontacts", "", array("email" => $username, "subaccount" => "1", "password" => array("sqltype" => "NEQ", "value" => ""))); $data = mysql_fetch_array($result); $login_cid = $data['id']; $login_uid = $data['userid']; $login_pwd = $data['password']; $result = select_query("tblclients", "id,language", array("id" => $login_uid, "status" => array("sqltype" => "NEQ", "value" => "Closed"))); $data = mysql_fetch_array($result); $login_uid = $data['id']; $language = $data['language']; } if (!$login_uid) { $hookresults = run_hook("ClientLoginShare", array("username" => $username, "password" => $password)); foreach ($hookresults as $hookres) { if ($hookres) { $hookid = $hookres['id']; $hookemail = $hookres['email']; if ($hookid) { $result = select_query("tblclients", "", array("id" => $hookid)); } else { $result = select_query("tblclients", "", array("email" => $hookemail)); } $data = mysql_fetch_array($result); $login_uid = $data['id']; if ($login_uid) { $loginsharematch = true; $login_pwd = $data['password']; $language = $data['language']; continue; } if ($hookres['create']) { addClient($hookres['firstname'], $hookres['lastname'], $hookres['companyname'], $hookres['email'], $hookres['address1'], $hookres['address2'], $hookres['city'], $hookres['state'], $hookres['postcode'], $hookres['country'], $hookres['phonenumber'], $hookres['password'], "", "", false); return true; } continue; } } } if ($login_uid) { if ($CONFIG['NOMD5']) { $check_pwd = decrypt($login_pwd); } else { $salt = explode(":", $login_pwd); $salt = $salt[1]; $password = generateClientPW($password, $salt); $check_pwd = $login_pwd; } $adminallowedclientlogin = false; if (isset($_SESSION['adminid'])) { $adminroleid = get_query_val("tbladmins", "roleid", array("id" => $_SESSION['adminid'])); $adminallowedclientlogin = get_query_val("tbladminperms", "permid", array("roleid" => $adminroleid, "permid" => "120")); } if ($password === $check_pwd || isset($_SESSION['adminid']) && $adminallowedclientlogin || $loginsharematch || $twofadone) { $twofa = new WHMCS_2FA(); if ($twofa->isActiveClients() && $authmodule && !$twofadone && !isset($_SESSION['adminid'])) { $_SESSION['2faverifyc'] = true; $_SESSION['2faclientid'] = $login_uid; $_SESSION['2farememberme'] = $whmcs->get_req_var("rememberme"); return false; } if (!isset($_SESSION['adminid'])) { $fullhost = gethostbyaddr($whmcs->get_user_ip()); update_query("tblclients", array("lastlogin" => "now()", "ip" => $whmcs->get_user_ip(), "host" => $fullhost), array("id" => $login_uid)); } $_SESSION['uid'] = $login_uid; if ($login_cid) { $_SESSION['cid'] = $login_cid; } $haship = $CONFIG['DisableSessionIPCheck'] ? "" : $whmcs->get_user_ip(); $_SESSION['upw'] = sha1($login_uid . $login_cid . $login_pwd . $haship . substr(sha1($whmcs->get_hash()), 0, 20)); if (!isset($_SESSION['adminid'])) { set_token(genRandomVal()); } if ($language && !isset($_SESSION['adminid'])) { $_SESSION['Language'] = $language; } run_hook("ClientLogin", array("userid" => $login_uid)); return true; } } if ($login_uid) { logActivity("Failed Login Attempt - User ID: " . $login_uid, $login_uid); } return false; }
$smartyvalues['successful'] = true; } } $smartyvalues['errormessage'] = $validate->getHTMLErrorOutput(); } else { if ($action == "security") { checkContactPermission("changesq"); $ca->setTemplate("clientareasecurity"); $ca->addToBreadCrumb("clientarea.php?action=details", $whmcs->get_lang("clientareanavdetails")); $ca->addToBreadCrumb("clientarea.php?action=security", $whmcs->get_lang("clientareanavsecurity")); if ($whmcs->get_req_var("successful")) { $smartyvalues['successful'] = true; } $twofa = new WHMCS_2FA(); $twofa->setClientID($ca->getUserID()); if ($twofa->isActiveClients()) { $ca->assign("twofaavailable", true); if ($whmcs->get_req_var("2fasetup")) { if (!$twofa->isActiveClients()) { exit("Access denied"); } ob_start(); if ($twofa->isEnabled()) { echo "<div class=\"content\"><div style=\"padding:15px;\">"; $disabled = $incorrect = false; if ($password = $whmcs->get_req_var("pwverify")) { $dbpwd = get_query_val("tblclients", "password", array("id" => $ca->getUserID())); if ($whmcs->get_config("NOMD5")) { $check_pwd = decrypt($dbpwd); } else { $salt = explode(":", $dbpwd);
header("Location: clientarea.php"); exit; } $_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']); if (WHMCS_Session::get("2faverifyc")) { $templatefile = "logintwofa"; if (WHMCS_Session::get("2fabackupcodenew")) { $smartyvalues['newbackupcode'] = true; } else { if ($whmcs->get_req_var("incorrect")) { $smartyvalues['incorrect'] = true; } } $twofa = new WHMCS_2FA(); if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) { if (!$twofa->isActiveClients() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if ($whmcs->get_req_var("backupcode")) { $smartyvalues['backupcode'] = true; } else { $challenge = $twofa->moduleCall("challenge"); if ($challenge) { $smartyvalues['challenge'] = $challenge; } else { $smartyvalues['error'] = "Bad 2 Factor Auth Module. Please contact support."; } } } else { $smartyvalues['error'] = "An error occurred. Please try again.";