/
LatchOTP.php
67 lines (63 loc) · 2.58 KB
/
LatchOTP.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
class SpecialLatchOTP extends SpecialPage {
function __construct() { parent::__construct( 'LatchOTP', 'editinterface'); } # Adding editinterface allows only admins to see Latch in Special pages.
# Main function
function execute( $par ) {
global $wgRequest, $wgUser;
$two_factor_token = "";
# We take user name and user id from the current session
$user_id = $wgRequest->getSessionData( 'wsUserID' );
$user_name = $wgUser->whoIs($user_id);
# We draw the form and get ready for
$this->draw_OTP();
$this->submit_OTP($user_id, $user_name);
}
# Showing a form to input the OTP
function draw_OTP () {
global $wgOut, $wgUser;
$formu = Xml::openElement('form', array( 'method' => 'post', 'action' => $this->getTitle()->getLocalUrl( 'action=submit' )));
$formu .= Xml::inputLabel( wfMsg( 'latch-OTP' ). ' ', 'txt_OTP', 'txt_OTP', 20) . '<BR> ';
$formu .= Xml::submitButton( wfMsg( 'latch-enter' ), array( 'name' => 'clickBotOTP' ) ) . '<BR>';
# Adding protection against CSRF
$formu .= Html::hidden('token', $wgUser->getEditToken(), array( 'id' => 'token' ));
$formu .= Xml::closeElement( 'form' );
$wgOut->addHTML($formu);
}
# Function to manage the OTP login
function submit_OTP($user_id, $user_name) {
global $wgRequest, $wgOut, $wgUser;
$otp_DB = "";
$attempts = 0;
# When OTP button is pressed we we check if the OTP is set on DB.
if ( $wgRequest->getCheck( 'clickBotOTP') ) {
SpecialLatch::accDB_useraccid ($user_id, $user_id, $acc_id, $otp_DB, $attempts);
# CSRF protection
if (!$wgUser->matchEditToken($wgRequest->getVal('token'))) {
return;
}
else {
# If it's correct we set again the correct user name to session and redirect to the main page
if ($otp_DB == $wgRequest->getText('txt_OTP')) {
$wgRequest->setSessionData( 'wsUserName', $user_name );
$fullURL = $wgRequest->getRequestURL();
$urlMainPage = explode("?", $fullURL);
$wgOut->redirect($urlMainPage[0]);
}
# updates the DB if the attempts are lower than 0 and show a warning message
else if ( $attempts < 2) {
SpecialLatch::updDB_useraccid ($user_id, $acc_id, $otp_DB, $attempts+1);
$wgOut->addWikiText(wfMsg( 'latch-OTP-error'));
}
# if the user puts 3 times the incorrect otp, we logout and show an invalid password error
else{
$wgUser->logout();
$wgOut->clearHTML();
$specialUserlogin = new LoginForm();
$specialUserlogin->load();
$error = $specialUserlogin->mAbortLoginErrorMsg ?: 'wrongpassword';
$specialUserlogin->mainLoginForm( $specialUserlogin->msg( $error )->text() );
}
}
}
}
}