function checkAndActivate($fields)
{
try {
$deferredParams = Otp::getDeferredParams();
if (!$deferredParams['USER_ID']) {
throw new \Bitrix\Security\Mfa\OtpException(Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_UNKNOWN_ERROR'));
}
$otp = Otp::getByUser($deferredParams['USER_ID']);
$binarySecret = pack('H*', $fields['SECRET']);
$otp->regenerate($binarySecret)->syncParameters($fields['SYNC1'], $fields['SYNC2'])->save();
$deferredParams[Otp::REJECTED_KEY] = OTP::REJECT_BY_CODE;
Otp::setDeferredParams($deferredParams);
$result = array('status' => 'ok');
} catch (\Bitrix\Security\Mfa\OtpException $e) {
$result = array('status' => 'error', 'error' => $e->getMessage());
}
return $result;
}
public function AuthorizeWithOtp($user_id)
{
$doAuthorize = true;
if (CModule::IncludeModule("security")) {
/*
MFA can allow or disallow authorization.
Allowed only if:
- OTP is not active for the user;
When authorization is disallowed the OTP form will be shown on the next hit.
*/
$doAuthorize = \Bitrix\Security\Mfa\Otp::verifyUser(array("USER_ID" => $user_id));
}
if ($doAuthorize) {
return $this->Authorize($user_id);
}
return false;
}
/**
* @return array
*/
protected function toEdit()
{
/** @global CUser $USER */
global $USER;
if (!$USER->IsAuthorized()) {
return array('status' => 'error', 'error' => 'auth_error');
}
if (!check_bitrix_sessid()) {
return array('status' => 'error', 'error' => 'sessid_check_failed');
}
if ($this->request['action'] !== 'otp_check_activate') {
return array('status' => 'error', 'error' => 'unknown_action');
}
if (!CModule::includeModule('security')) {
return array('status' => 'error', 'error' => 'security_not_installed');
}
try {
$otp = Otp::getByUser($USER->getid());
$binarySecret = pack('H*', $this->request->getPost('secret'));
$otp->regenerate($binarySecret)->syncParameters($this->request->getPost('sync1'), $this->request->getPost('sync2'))->save();
return array('status' => 'ok');
} catch (\Bitrix\Security\Mfa\OtpException $e) {
return array('status' => 'error', 'error' => $e->getMessage());
}
}
/**
* @return array
*/
protected function toView()
{
/* @global CUser $USER */
global $USER;
if (!CModule::includeModule('security')) {
return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_MODULE_ERROR'));
}
if (!Otp::isOtpRequiredByMandatory()) {
return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_NOT_REQUIRED'));
}
if ($USER->IsAuthorized()) {
return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_AUTH_ERROR'));
}
$deferredParams = Otp::getDeferredParams();
if (!$deferredParams['USER_ID']) {
return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_UNKNOWN_ERROR'));
}
$result = array();
$otp = Otp::getByUser($deferredParams['USER_ID']);
$otp->regenerate();
$result['SECRET'] = $otp->getHexSecret();
$result['TYPE'] = $otp->getType();
$result['APP_SECRET'] = $otp->getAppSecret();
$result['APP_SECRET_SPACED'] = chunk_split($result['APP_SECRET'], 4, ' ');
$result['PROVISION_URI'] = $otp->getProvisioningUri();
$result['SUCCESSFUL_URL'] = $this->arParams['SUCCESSFUL_URL'];
$result['TWO_CODE_REQUIRED'] = $otp->getAlgorithm()->isTwoCodeRequired();
$result['OTP'] = $otp;
return $result;
}
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_before.php";
/**
* @global CMain $APPLICATION
* @global CUser $USER
*/
IncludeModuleLangFile(__FILE__);
$request = Bitrix\Main\Context::getCurrent()->getRequest();
$userId = (int) ($request['user'] ?: $USER->getId());
$userOtp = Otp::getByUser($userId);
if (!CModule::includeModule('security')) {
ShowError('Security module not installed');
}
if (!$userOtp->isActivated()) {
ShowError('OTP inactive');
}
if (!Otp::isRecoveryCodesEnabled()) {
ShowError('OTP Recovery codes are disabled');
}
if (!$userId || $userId != $USER->getId() && !$USER->CanDoOperation('security_edit_user_otp')) {
ShowError('Not enough permissions');
}
if (isset($request['action']) && $request['action'] === 'download') {
$codes = getRecoveryCodes($userId);
$response = '';
$counter = 0;
foreach ($codes as $code) {
$counter++;
$response .= sprintf("%d. %s\r\n", $counter, $code);
}
header('Content-Type: text/plain', true);
header('Content-Disposition: attachment; filename="recovery_codes.txt"');
die;
}
if ($USER->Login($_POST['login'], $_POST['password']) !== true) {
if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) {
$CAPTCHA_CODE = $APPLICATION->CaptchaGetCode();
echo "{'captchaCode': '" . $CAPTCHA_CODE . "'};";
}
CHTTP::SetStatus("401 Unauthorized");
die;
}
if (!CModule::IncludeModule("security")) {
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
if (!\Bitrix\Security\Mfa\Otp::isOtpEnabled()) {
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
if ($_POST['action'] != 'register') {
$_POST['secret'] = "";
}
$isUpdated = CSecurityUser::update(array("USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y", "TYPE" => \Bitrix\Security\Mfa\Otp::TYPE_HOTP));
if (!$isUpdated) {
//print_r($APPLICATION->GetException());
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
$USER->Logout();
protected function checkRequirements()
{
/** @global CUser $USER */
global $USER;
if (!$USER->IsAuthorized()) {
return Loc::getMessage("SECURITY_USER_RECOVERY_CODES_AUTH_ERROR");
}
if (!CModule::includeModule('security')) {
return Loc::getMessage("SECURITY_USER_RECOVERY_CODES_MODULE_ERROR");
}
$otp = Otp::getByUser($USER->getID());
if (!$otp->isActivated()) {
return Loc::getMessage("SECURITY_USER_RECOVERY_CODES_OTP_NOT_ACTIVE");
}
if (!Otp::isRecoveryCodesEnabled()) {
return Loc::getMessage("SECURITY_USER_RECOVERY_CODES_DISABLED");
}
return null;
}
$arResult["SUBORDINATE"] = $subordinate_users;
}
// user activity status
if ($arResult["User"]["ACTIVE"] == "Y") {
$arResult["User"]["ACTIVITY_STATUS"] = "active";
}
$obUser = new CUser();
$arGroups = $obUser->GetUserGroup($arResult["User"]['ID']);
if (in_array(1, $arGroups)) {
$arResult["User"]["ACTIVITY_STATUS"] = "admin";
}
$arGroups = CUser::GetUserGroup($arResult["User"]['ID']);
if (CModule::IncludeModule('extranet') && in_array(CExtranet::GetExtranetUserGroupID(), $arGroups) && (!is_array($arResult["User"]['UF_DEPARTMENT']) || empty($arResult["User"]['UF_DEPARTMENT'][0]))) {
$arResult["User"]["ACTIVITY_STATUS"] = "extranet";
$arResult["User"]["IS_EXTRANET"] = true;
} else {
$arResult["User"]["IS_EXTRANET"] = false;
}
if ($arResult["User"]["ACTIVE"] == "N") {
$arResult["User"]["ACTIVITY_STATUS"] = "fired";
}
if ($arResult["User"]["ACTIVE"] == "Y" && !empty($arResult["User"]["CONFIRM_CODE"])) {
$arResult["User"]["ACTIVITY_STATUS"] = "invited";
}
if ($arResult["User"]["ID"] == $GLOBALS["USER"]->GetID() && CSocNetUser::IsCurrentUserModuleAdmin(SITE_ID, false) && !isset($_SESSION["SONET_ADMIN"])) {
$arResult["SHOW_SONET_ADMIN"] = true;
}
}
if (\Bitrix\Main\Loader::includeModule("security")) {
$arResult["IS_OTP_RECOVERY_CODES_ENABLE"] = \Bitrix\Security\Mfa\Otp::isRecoveryCodesEnabled();
}
}
if ($_POST['action'] != 'login') {
CHTTP::SetStatus("403 Forbidden");
die;
}
IncludeModuleLangFile($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/im/install/public/desktop_app/login/index.php");
$result = $USER->Login($_POST['login'], $_POST['password'] . $_POST['otp']);
if ($result !== true || !$USER->IsAuthorized()) {
if (IsModuleInstalled('bitrix24')) {
header('Access-Control-Allow-Origin: *');
}
$answer = array("success" => false);
if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) {
$answer["captchaCode"] = $APPLICATION->CaptchaGetCode();
}
if (CModule::IncludeModule("security") && \Bitrix\Security\Mfa\Otp::isOtpRequired()) {
//user must enter OTP
$answer["needOtp"] = true;
}
CHTTP::SetStatus("401 Unauthorized");
} else {
$answer = array("success" => true, "sessionId" => session_id(), "bitrixSessionId" => bitrix_sessid());
if (($_POST['renew_password'] == 'y' || $_POST['otp'] != '') && $USER->GetParam("APPLICATION_ID") === null) {
$code = '';
if (strlen($_POST['user_os_mark']) > 0) {
$code = md5($_POST['user_os_mark'] . $_POST['user_account']);
}
if ($code != '') {
$orm = ApplicationPasswordTable::getList(array('select' => array('ID'), 'filter' => array('USER_ID' => $USER->GetID(), 'CODE' => $code)));
if ($row = $orm->fetch()) {
ApplicationPasswordTable::delete($row['ID']);
if ($arParams['OTP']) {
$altPassword = substr($oRequest->arParameters['password'], 0, -6);
}
if ($err) {
$oResponse->status = "445 Event Error.";
$oResponse->text = $err;
$arControllerLog['STATUS'] = 'N';
$arControllerLog['DESCRIPTION'] = $oResponse->text;
$a = CControllerLog::Add($arControllerLog);
} elseif ($arUser['ACTIVE'] == 'Y' && ($user_id > 0 || md5($db_password . 'MySalt') == md5(md5($salt . $oRequest->arParameters['password']) . 'MySalt') || $altPassword && md5($db_password . 'MySalt') == md5(md5($salt . $altPassword) . 'MySalt'))) {
$arSaveUser = CControllerClient::PrepareUserInfo($arUser);
$arSaveUser["GROUP_ID"] = array();
$arUserGroups = CUser::GetUserGroup($arUser['ID']);
$MOD_RIGHT = $APPLICATION->GetGroupRight("controller", $arUserGroups);
$arParams['USER_ID'] = $arUser['ID'];
if (CModule::IncludeModule('security') && !\Bitrix\Security\Mfa\Otp::verifyUser($arParams)) {
$oResponse->status = "443 Bad password.";
$oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_PASSW");
break;
} elseif ($MOD_RIGHT >= "V") {
$arSaveUser['CONTROLLER_ADMIN'] = 'Y';
$arSaveUser["GROUP_ID"][] = "administrators";
} elseif (COption::GetOptionString("controller", "auth_loc_enabled", "N") != "Y") {
$oResponse->status = "423 Remoute Authorization Disabled.";
$oResponse->text = "Remote authorization disabled on controller.";
break;
}
$arLocGroups = unserialize(COption::GetOptionString("controller", "auth_loc", serialize(array())));
foreach ($arLocGroups as $arTGroup) {
foreach ($arUserGroups as $group_id) {
if ($arTGroup["LOC"] == $group_id) {
<td style="text-align: left;">
<span><?php
echo GetMessage('SEC_OTP_CONNECTED');
?>
</span>
<?if(
!Otp::isMandatoryUsing()
|| $otp->canSkipMandatory()
|| $USER->CanDoOperation('security_edit_user_otp')
):?>
<span class="otp-link-button" id="otp-deactivate"><?php
echo GetMessage('SEC_OTP_DISABLE');
?>
</span>
<?endif;?>
<?if (Otp::isRecoveryCodesEnabled()):?>
<span class="otp-link-button" id="otp-show-recovery-codes"><?php
echo GetMessage('SEC_OTP_RECOVERY_CODES_BUTTON');
?>
</span>
<?endif;?>
<?if ($USER->CanDoOperation('security_edit_user_otp')):?>
<span class="otp-link-button" id="otp-reinitialize"><?php
echo GetMessage('SEC_OTP_SYNC_NOW');
?>
</span>
<?endif;?>
</td>
<td style="text-align: right;">
<a class="adm-btn-save adm-btn adm-btn-menu" id="otp-connect-device"><?php
echo GetMessage('SEC_OTP_CONNECT_NEW_DEVICE');
/**
* <p>Метод подключает ряд компонентов в зависимости от параметров пришедших на страницу: </p> <table class="tnormal" width="100%"><tbody> <tr> <th width="25%">Параметр</th> <th width="25%">Значение</th> <th width="50%">Название компонента</th> </tr> <tr> <td>forgot_password</td> <td>yes</td> <td>Форма отправки контрольного слова для смены пароля (<b>system.auth.forgotpasswd</b>)</td> </tr> <tr> <td>change_password</td> <td>yes</td> <td>(Форма смены забытого пароля (<b>system.auth.changepasswd</b>)</td> </tr> <tr> <td>register</td> <td>yes</td> <td>Форма регистрации (<b>system.auth.registration</b>)</td> </tr> <tr> <td>authorize_registration</td> <td>yes</td> <td>Форма авторизации (<b>system.auth.authorize</b>)</td> </tr> </tbody></table> <p>Если не указан ни один из параметров, то по умолчанию метод подключит компонент "Форма авторизации".</p> <p class="note"><b>Примечание</b>. После вывода соответствующего компонента метод завершает выполнение страницы.</p> <p>Динамичный метод.</p>
*
*
* @param mixed $mess yes
*
* @param bool $show_prolog = true yes
*
* @param bool $show_epilog = true yes
*
* @param string $not_show_links = "N" yes
*
* @param bool $do_die = true
*
* @return mixed
*
* <h4>Example</h4>
* <pre>
* <?
* // определим право чтения на файл "/download/document.doc" у текущего пользователя
* $FILE_PERM = $APPLICATION->GetFileAccessPermission("/download/document.doc");
* $FILE_PERM = (strlen($FILE_PERM)>0 ? $FILE_PERM : "D");
* // если право чтения нет, то выводем форму авторизации
* if($FILE_PERM < "R") <b>$APPLICATION->AuthForm</b>("У вас нет права доступа к данному файлу.");
* ?>
* </pre>
*
*
* <h4>See Also</h4>
* <ul> <li><a href="https://dev.1c-bitrix.ru/learning/course/index.php?COURSE_ID=43&CHAPTER_ID=04565"
* >Компоненты</a></li> <li> <a
* href="https://dev.1c-bitrix.ru/learning/course/index.php?COURSE_ID=43&LESSON_ID=2819" >Права доступа</a>
* </li> <li> <a href="http://dev.1c-bitrix.ru/api_help/main/functions/other/showmessage.php">ShowMessage</a> </li> </ul>
* <a name="examples"></a>
*
*
* @static
* @link http://dev.1c-bitrix.ru/api_help/main/reference/cmain/authform.php
* @author Bitrix
*/
public function AuthForm($mess, $show_prolog = true, $show_epilog = true, $not_show_links = "N", $do_die = true)
{
$excl = array("excl" => 1, "key" => 1, "GLOBALS" => 1, "mess" => 1, "show_prolog" => 1, "show_epilog" => 1, "not_show_links" => 1, "do_die" => 1);
foreach ($GLOBALS as $key => $value) {
if (!array_key_exists($key, $excl)) {
global ${$key};
}
}
if (substr($this->GetCurDir(), 0, strlen(BX_ROOT . "/admin/")) == BX_ROOT . "/admin/" || defined("ADMIN_SECTION") && ADMIN_SECTION === true) {
$isAdmin = "_admin";
} else {
$isAdmin = "";
}
if (isset($this->arAuthResult) && $this->arAuthResult !== true && (is_array($this->arAuthResult) || strlen($this->arAuthResult) > 0)) {
$arAuthResult = $this->arAuthResult;
} else {
$arAuthResult = $mess;
}
/** @global CMain $APPLICATION */
global $APPLICATION, $forgot_password, $change_password, $register, $confirm_registration;
//page title
$APPLICATION->SetTitle(GetMessage("AUTH_TITLE"));
$inc_file = "";
if ($forgot_password == "yes") {
//pass request form
$APPLICATION->SetTitle(GetMessage("AUTH_TITLE_SEND_PASSWORD"));
$comp_name = "system.auth.forgotpasswd";
$inc_file = "forgot_password";
} elseif ($change_password == "yes") {
//pass change form
$APPLICATION->SetTitle(GetMessage("AUTH_TITLE_CHANGE_PASSWORD"));
$comp_name = "system.auth.changepasswd";
$inc_file = "change_password";
} elseif ($register == "yes" && $isAdmin == "" && COption::GetOptionString("main", "new_user_registration", "N") == "Y") {
//registration form
$APPLICATION->SetTitle(GetMessage("AUTH_TITLE_REGISTER"));
$comp_name = "system.auth.registration";
} elseif ($confirm_registration === "yes" && $isAdmin === "" && COption::GetOptionString("main", "new_user_registration_email_confirmation", "N") === "Y") {
//confirm registartion
$APPLICATION->SetTitle(GetMessage("AUTH_TITLE_CONFIRM"));
$comp_name = "system.auth.confirmation";
} elseif (CModule::IncludeModule("security") && \Bitrix\Security\Mfa\Otp::isOtpRequired() && $_REQUEST["login_form"] != "yes") {
//otp form
$APPLICATION->SetTitle(GetMessage("AUTH_TITLE_OTP"));
$comp_name = "system.auth.otp";
$inc_file = "otp";
} else {
header('X-Bitrix-Ajax-Status: Authorize');
//auth form
$comp_name = "system.auth.authorize";
$inc_file = "authorize";
}
if ($show_prolog) {
CMain::PrologActions();
// define("BX_AUTH_FORM", true);
include $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/include/prolog" . $isAdmin . "_after.php";
}
if ($isAdmin == "") {
// form by Components 2.0
$this->IncludeComponent("bitrix:" . $comp_name, COption::GetOptionString("main", "auth_components_template", ""), array("AUTH_RESULT" => $arAuthResult, "NOT_SHOW_LINKS" => $not_show_links));
} else {
include $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/interface/auth/wrapper.php";
}
if ($show_epilog) {
include $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/include/epilog" . $isAdmin . ".php";
}
if ($do_die) {
die;
}
}
function regenerateRecoveryCodes($userId)
{
if (!Otp::getByUser($userId)->isActivated()) {
ShowError('OTP inactive');
}
CUserOptions::SetOption('security', 'recovery_codes_generated', time());
RecoveryCodesTable::regenerateCodes($userId);
return getRecoveryCodes($userId, false);
}
<?php
if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) {
die;
}
$store_password = COption::GetOptionString('security', 'otp_allow_remember') === 'Y';
$bNeedCaptcha = CModule::IncludeModule("security") && \Bitrix\Security\Mfa\Otp::isCaptchaRequired();
?>
<div class="login-main-popup-wrap login-popup-wrap<?php
echo $bNeedCaptcha ? " login-captcha-popup-wrap" : "";
?>
" id="otp">
<input type="hidden" name="TYPE" value="OTP">
<div class="login-popup">
<div class="login-popup-title"><?php
echo GetMessage('AUTH_TITLE');
?>
</div>
<div class="login-popup-title-description"><?php
echo GetMessage("AUTH_PLEASE_AUTH");
?>
</div>
<div class="login-popup-field">
<div class="login-popup-field-title"><?php
echo GetMessage("AUTH_OTP_PASS");
?>
</div>
<div class="login-input-wrap">
<input type="text" class="login-input" onfocus="BX.addClass(this.parentNode, 'login-input-active')" onblur="BX.removeClass(this.parentNode, 'login-input-active')" name="USER_OTP" value="" tabindex="1" autocomplete="off">
<div class="login-inp-border"></div>
<?php
/**
* @global int $ID - Edited user id
* @global \CUser $USER
* @global CMain $APPLICATION
* @global string $security_SYNC1 - First code
* @global string $security_SYNC2 - Second code
*/
$securityWarningTmp = "";
$security_res = true;
if ($ID > 0 && CModule::IncludeModule("security") && check_bitrix_sessid() && $USER->CanDoOperation('security_edit_user_otp') && $security_SYNC1) {
try {
$otp = \Bitrix\Security\Mfa\Otp::getByUser($ID);
$otp->syncParameters($security_SYNC1, $security_SYNC2);
$otp->save();
} catch (\Bitrix\Security\Mfa\OtpException $e) {
$APPLICATION->ThrowException($e->getMessage());
$security_res = false;
}
}
<?php
if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) {
die;
}
if (!CModule::IncludeModule("security") || !\Bitrix\Security\Mfa\Otp::isOtpEnabled() || !$USER->IsAuthorized() || !CSecurityUser::IsOtpMandatory()) {
return;
}
foreach (GetModuleEvents("intranet", "OnIntranetPopupShow", true) as $arEvent) {
if (ExecuteModuleEventEx($arEvent) === false) {
return;
}
}
if (defined("BX_COMP_MANAGED_CACHE")) {
$ttl = 2592000;
} else {
$ttl = 600;
}
$cache_id = 'user_otp_' . intval($USER->GetID() / 100);
$cache_dir = '/otp/user_id';
$obCache = new CPHPCache();
if ($obCache->InitCache($ttl, $cache_id, $cache_dir)) {
$arUserOtp = $obCache->GetVars();
} else {
$arUserOtp = array("ACTIVE" => CSecurityUser::IsUserOtpActive($USER->GetID()));
if (defined("BX_COMP_MANAGED_CACHE")) {
global $CACHE_MANAGER;
$CACHE_MANAGER->StartTagCache($cache_dir);
$CACHE_MANAGER->RegisterTag("USER_OTP_" . intval($USER->GetID() / 100));
$CACHE_MANAGER->EndTagCache();
}
Bitrix\Security\Mfa\Otp::setSkipMandatoryDays($_POST['otp_mandatory_skip_days']);
}
Bitrix\Security\Mfa\Otp::setMandatoryUsing($_POST['otp_mandatory_using'] === 'Y');
if (is_array($_POST['otp_mandatory_rights'])) {
Bitrix\Security\Mfa\Otp::setMandatoryRights($_POST['otp_mandatory_rights']);
}
if ($_REQUEST["save"] != "" && $_GET["return_url"] != "") {
LocalRedirect($_GET["return_url"]);
} else {
LocalRedirect("/bitrix/admin/security_otp.php?lang=" . LANGUAGE_ID . $returnUrl . "&" . $tabControl->ActiveTabParam());
}
}
$availableTypes = \Bitrix\Security\Mfa\Otp::getAvailableTypes();
$availableTypesDescription = \Bitrix\Security\Mfa\Otp::getTypesDescription();
$defaultType = \Bitrix\Security\Mfa\Otp::getDefaultType();
$targetRights = \Bitrix\Security\Mfa\Otp::getMandatoryRights();
$access = new CAccess();
$targetRightsNames = $access->GetNames($targetRights);
CJSCore::Init(array('access'));
$APPLICATION->AddHeadScript('/bitrix/js/security/admin/page/otp.js');
$APPLICATION->SetTitle(GetMessage("SEC_OTP_NEW_TITLE"));
require $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_after.php";
if (CSecurityUser::isActive()) {
$messageType = "OK";
$messageText = GetMessage("SEC_OTP_NEW_ON");
} else {
$messageType = "ERROR";
$messageText = GetMessage("SEC_OTP_NEW_OFF");
}
CAdminMessage::ShowMessage(array("MESSAGE" => $messageText, "TYPE" => $messageType, "HTML" => true));
?>
$arResult["AUTH_FORGOT_PASSWORD_URL"] = $arParams["FORGOT_PASSWORD_URL"] . (strpos($arParams["FORGOT_PASSWORD_URL"], "?") !== false ? "&" : "?") . "forgot_password=yes&backurl=" . $url;
$arResult["AUTH_LOGIN_URL"] = $APPLICATION->GetCurPageParam("login_form=yes", $arParamsToDelete);
$arRes = array();
foreach ($arResult as $key => $value) {
$arRes[$key] = htmlspecialcharsbx($value);
$arRes['~' . $key] = $value;
}
$arResult = $arRes;
if (CModule::IncludeModule("security") && Mfa\Otp::isOtpRequired() && $_REQUEST["login_form"] != "yes") {
$arResult["FORM_TYPE"] = "otp";
$arResult["REMEMBER_OTP"] = COption::GetOptionString('security', 'otp_allow_remember') === 'Y';
$arResult["CAPTCHA_CODE"] = false;
if (Mfa\Otp::isCaptchaRequired()) {
$arResult["CAPTCHA_CODE"] = $APPLICATION->CaptchaGetCode();
}
if (Mfa\Otp::isOtpRequiredByMandatory()) {
$arResult['ERROR_MESSAGE'] = array("MESSAGE" => GetMessage("system_auth_form_otp_required"), "TYPE" => "ERROR");
}
} else {
$arResult["FORM_TYPE"] = "login";
$arVarExcl = array("USER_LOGIN" => 1, "USER_PASSWORD" => 1, "backurl" => 1, "auth_service_id" => 1);
$arResult["GET"] = array();
$arResult["POST"] = array();
foreach ($_POST as $vname => $vvalue) {
if (!array_key_exists($vname, $arVarExcl)) {
if (!is_array($vvalue)) {
$arResult["POST"][htmlspecialcharsbx($vname)] = htmlspecialcharsbx($vvalue);
} else {
foreach ($vvalue as $k1 => $v1) {
if (is_array($v1)) {
foreach ($v1 as $k2 => $v2) {
<?php
if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) {
die;
}
if (!is_array($arAuthResult)) {
$arAuthResult = array("TYPE" => "ERROR", "MESSAGE" => $arAuthResult);
}
if ($inc_file === "otp") {
$arAuthResult['CAPTCHA'] = CModule::IncludeModule("security") && \Bitrix\Security\Mfa\Otp::isCaptchaRequired();
} else {
$arAuthResult['CAPTCHA'] = $APPLICATION->NeedCAPTHAForLogin($last_login);
}
if ($arAuthResult['CAPTCHA']) {
$arAuthResult['CAPTCHA_CODE'] = $APPLICATION->CaptchaGetCode();
}
if ($bOnHit) {
?>
<script type="text/javascript">
BX.ready(function(){BX.defer(BX.adminLogin.setAuthResult, BX.adminLogin)(<?php
echo CUtil::PhpToJsObject($arAuthResult);
?>
);});
</script>
<?php
} else {
?>
<script type="text/javascript" bxrunfirst="true">
top.BX.adminLogin.setAuthResult(<?php
echo CUtil::PhpToJsObject($arAuthResult);
?>
public static function IsOtpMandatory()
{
$isOtpMandatory = Otp::isMandatoryUsing();
return $isOtpMandatory ? true : false;
}
