function checkAndActivate($fields) { try { $deferredParams = Otp::getDeferredParams(); if (!$deferredParams['USER_ID']) { throw new \Bitrix\Security\Mfa\OtpException(Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_UNKNOWN_ERROR')); } $otp = Otp::getByUser($deferredParams['USER_ID']); $binarySecret = pack('H*', $fields['SECRET']); $otp->regenerate($binarySecret)->syncParameters($fields['SYNC1'], $fields['SYNC2'])->save(); $deferredParams[Otp::REJECTED_KEY] = OTP::REJECT_BY_CODE; Otp::setDeferredParams($deferredParams); $result = array('status' => 'ok'); } catch (\Bitrix\Security\Mfa\OtpException $e) { $result = array('status' => 'error', 'error' => $e->getMessage()); } return $result; }
public function AuthorizeWithOtp($user_id) { $doAuthorize = true; if (CModule::IncludeModule("security")) { /* MFA can allow or disallow authorization. Allowed only if: - OTP is not active for the user; When authorization is disallowed the OTP form will be shown on the next hit. */ $doAuthorize = \Bitrix\Security\Mfa\Otp::verifyUser(array("USER_ID" => $user_id)); } if ($doAuthorize) { return $this->Authorize($user_id); } return false; }
/** * @return array */ protected function toEdit() { /** @global CUser $USER */ global $USER; if (!$USER->IsAuthorized()) { return array('status' => 'error', 'error' => 'auth_error'); } if (!check_bitrix_sessid()) { return array('status' => 'error', 'error' => 'sessid_check_failed'); } if ($this->request['action'] !== 'otp_check_activate') { return array('status' => 'error', 'error' => 'unknown_action'); } if (!CModule::includeModule('security')) { return array('status' => 'error', 'error' => 'security_not_installed'); } try { $otp = Otp::getByUser($USER->getid()); $binarySecret = pack('H*', $this->request->getPost('secret')); $otp->regenerate($binarySecret)->syncParameters($this->request->getPost('sync1'), $this->request->getPost('sync2'))->save(); return array('status' => 'ok'); } catch (\Bitrix\Security\Mfa\OtpException $e) { return array('status' => 'error', 'error' => $e->getMessage()); } }
/** * @return array */ protected function toView() { /* @global CUser $USER */ global $USER; if (!CModule::includeModule('security')) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_MODULE_ERROR')); } if (!Otp::isOtpRequiredByMandatory()) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_NOT_REQUIRED')); } if ($USER->IsAuthorized()) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_AUTH_ERROR')); } $deferredParams = Otp::getDeferredParams(); if (!$deferredParams['USER_ID']) { return array('MESSAGE' => Loc::getMessage('SECURITY_AUTH_OTP_MANDATORY_UNKNOWN_ERROR')); } $result = array(); $otp = Otp::getByUser($deferredParams['USER_ID']); $otp->regenerate(); $result['SECRET'] = $otp->getHexSecret(); $result['TYPE'] = $otp->getType(); $result['APP_SECRET'] = $otp->getAppSecret(); $result['APP_SECRET_SPACED'] = chunk_split($result['APP_SECRET'], 4, ' '); $result['PROVISION_URI'] = $otp->getProvisioningUri(); $result['SUCCESSFUL_URL'] = $this->arParams['SUCCESSFUL_URL']; $result['TWO_CODE_REQUIRED'] = $otp->getAlgorithm()->isTwoCodeRequired(); $result['OTP'] = $otp; return $result; }
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_before.php"; /** * @global CMain $APPLICATION * @global CUser $USER */ IncludeModuleLangFile(__FILE__); $request = Bitrix\Main\Context::getCurrent()->getRequest(); $userId = (int) ($request['user'] ?: $USER->getId()); $userOtp = Otp::getByUser($userId); if (!CModule::includeModule('security')) { ShowError('Security module not installed'); } if (!$userOtp->isActivated()) { ShowError('OTP inactive'); } if (!Otp::isRecoveryCodesEnabled()) { ShowError('OTP Recovery codes are disabled'); } if (!$userId || $userId != $USER->getId() && !$USER->CanDoOperation('security_edit_user_otp')) { ShowError('Not enough permissions'); } if (isset($request['action']) && $request['action'] === 'download') { $codes = getRecoveryCodes($userId); $response = ''; $counter = 0; foreach ($codes as $code) { $counter++; $response .= sprintf("%d. %s\r\n", $counter, $code); } header('Content-Type: text/plain', true); header('Content-Disposition: attachment; filename="recovery_codes.txt"');
die; } if ($USER->Login($_POST['login'], $_POST['password']) !== true) { if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) { $CAPTCHA_CODE = $APPLICATION->CaptchaGetCode(); echo "{'captchaCode': '" . $CAPTCHA_CODE . "'};"; } CHTTP::SetStatus("401 Unauthorized"); die; } if (!CModule::IncludeModule("security")) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } if (!\Bitrix\Security\Mfa\Otp::isOtpEnabled()) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } if ($_POST['action'] != 'register') { $_POST['secret'] = ""; } $isUpdated = CSecurityUser::update(array("USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y", "TYPE" => \Bitrix\Security\Mfa\Otp::TYPE_HOTP)); if (!$isUpdated) { //print_r($APPLICATION->GetException()); CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } $USER->Logout();
protected function checkRequirements() { /** @global CUser $USER */ global $USER; if (!$USER->IsAuthorized()) { return Loc::getMessage("SECURITY_USER_RECOVERY_CODES_AUTH_ERROR"); } if (!CModule::includeModule('security')) { return Loc::getMessage("SECURITY_USER_RECOVERY_CODES_MODULE_ERROR"); } $otp = Otp::getByUser($USER->getID()); if (!$otp->isActivated()) { return Loc::getMessage("SECURITY_USER_RECOVERY_CODES_OTP_NOT_ACTIVE"); } if (!Otp::isRecoveryCodesEnabled()) { return Loc::getMessage("SECURITY_USER_RECOVERY_CODES_DISABLED"); } return null; }
$arResult["SUBORDINATE"] = $subordinate_users; } // user activity status if ($arResult["User"]["ACTIVE"] == "Y") { $arResult["User"]["ACTIVITY_STATUS"] = "active"; } $obUser = new CUser(); $arGroups = $obUser->GetUserGroup($arResult["User"]['ID']); if (in_array(1, $arGroups)) { $arResult["User"]["ACTIVITY_STATUS"] = "admin"; } $arGroups = CUser::GetUserGroup($arResult["User"]['ID']); if (CModule::IncludeModule('extranet') && in_array(CExtranet::GetExtranetUserGroupID(), $arGroups) && (!is_array($arResult["User"]['UF_DEPARTMENT']) || empty($arResult["User"]['UF_DEPARTMENT'][0]))) { $arResult["User"]["ACTIVITY_STATUS"] = "extranet"; $arResult["User"]["IS_EXTRANET"] = true; } else { $arResult["User"]["IS_EXTRANET"] = false; } if ($arResult["User"]["ACTIVE"] == "N") { $arResult["User"]["ACTIVITY_STATUS"] = "fired"; } if ($arResult["User"]["ACTIVE"] == "Y" && !empty($arResult["User"]["CONFIRM_CODE"])) { $arResult["User"]["ACTIVITY_STATUS"] = "invited"; } if ($arResult["User"]["ID"] == $GLOBALS["USER"]->GetID() && CSocNetUser::IsCurrentUserModuleAdmin(SITE_ID, false) && !isset($_SESSION["SONET_ADMIN"])) { $arResult["SHOW_SONET_ADMIN"] = true; } } if (\Bitrix\Main\Loader::includeModule("security")) { $arResult["IS_OTP_RECOVERY_CODES_ENABLE"] = \Bitrix\Security\Mfa\Otp::isRecoveryCodesEnabled(); }
} if ($_POST['action'] != 'login') { CHTTP::SetStatus("403 Forbidden"); die; } IncludeModuleLangFile($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/im/install/public/desktop_app/login/index.php"); $result = $USER->Login($_POST['login'], $_POST['password'] . $_POST['otp']); if ($result !== true || !$USER->IsAuthorized()) { if (IsModuleInstalled('bitrix24')) { header('Access-Control-Allow-Origin: *'); } $answer = array("success" => false); if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) { $answer["captchaCode"] = $APPLICATION->CaptchaGetCode(); } if (CModule::IncludeModule("security") && \Bitrix\Security\Mfa\Otp::isOtpRequired()) { //user must enter OTP $answer["needOtp"] = true; } CHTTP::SetStatus("401 Unauthorized"); } else { $answer = array("success" => true, "sessionId" => session_id(), "bitrixSessionId" => bitrix_sessid()); if (($_POST['renew_password'] == 'y' || $_POST['otp'] != '') && $USER->GetParam("APPLICATION_ID") === null) { $code = ''; if (strlen($_POST['user_os_mark']) > 0) { $code = md5($_POST['user_os_mark'] . $_POST['user_account']); } if ($code != '') { $orm = ApplicationPasswordTable::getList(array('select' => array('ID'), 'filter' => array('USER_ID' => $USER->GetID(), 'CODE' => $code))); if ($row = $orm->fetch()) { ApplicationPasswordTable::delete($row['ID']);
if ($arParams['OTP']) { $altPassword = substr($oRequest->arParameters['password'], 0, -6); } if ($err) { $oResponse->status = "445 Event Error."; $oResponse->text = $err; $arControllerLog['STATUS'] = 'N'; $arControllerLog['DESCRIPTION'] = $oResponse->text; $a = CControllerLog::Add($arControllerLog); } elseif ($arUser['ACTIVE'] == 'Y' && ($user_id > 0 || md5($db_password . 'MySalt') == md5(md5($salt . $oRequest->arParameters['password']) . 'MySalt') || $altPassword && md5($db_password . 'MySalt') == md5(md5($salt . $altPassword) . 'MySalt'))) { $arSaveUser = CControllerClient::PrepareUserInfo($arUser); $arSaveUser["GROUP_ID"] = array(); $arUserGroups = CUser::GetUserGroup($arUser['ID']); $MOD_RIGHT = $APPLICATION->GetGroupRight("controller", $arUserGroups); $arParams['USER_ID'] = $arUser['ID']; if (CModule::IncludeModule('security') && !\Bitrix\Security\Mfa\Otp::verifyUser($arParams)) { $oResponse->status = "443 Bad password."; $oResponse->text = GetMessage("CTRLR_WS_ERR_BAD_PASSW"); break; } elseif ($MOD_RIGHT >= "V") { $arSaveUser['CONTROLLER_ADMIN'] = 'Y'; $arSaveUser["GROUP_ID"][] = "administrators"; } elseif (COption::GetOptionString("controller", "auth_loc_enabled", "N") != "Y") { $oResponse->status = "423 Remoute Authorization Disabled."; $oResponse->text = "Remote authorization disabled on controller."; break; } $arLocGroups = unserialize(COption::GetOptionString("controller", "auth_loc", serialize(array()))); foreach ($arLocGroups as $arTGroup) { foreach ($arUserGroups as $group_id) { if ($arTGroup["LOC"] == $group_id) {
<td style="text-align: left;"> <span><?php echo GetMessage('SEC_OTP_CONNECTED'); ?> </span> <?if( !Otp::isMandatoryUsing() || $otp->canSkipMandatory() || $USER->CanDoOperation('security_edit_user_otp') ):?> <span class="otp-link-button" id="otp-deactivate"><?php echo GetMessage('SEC_OTP_DISABLE'); ?> </span> <?endif;?> <?if (Otp::isRecoveryCodesEnabled()):?> <span class="otp-link-button" id="otp-show-recovery-codes"><?php echo GetMessage('SEC_OTP_RECOVERY_CODES_BUTTON'); ?> </span> <?endif;?> <?if ($USER->CanDoOperation('security_edit_user_otp')):?> <span class="otp-link-button" id="otp-reinitialize"><?php echo GetMessage('SEC_OTP_SYNC_NOW'); ?> </span> <?endif;?> </td> <td style="text-align: right;"> <a class="adm-btn-save adm-btn adm-btn-menu" id="otp-connect-device"><?php echo GetMessage('SEC_OTP_CONNECT_NEW_DEVICE');
/** * <p>Метод подключает ряд компонентов в зависимости от параметров пришедших на страницу: </p> <table class="tnormal" width="100%"><tbody> <tr> <th width="25%">Параметр</th> <th width="25%">Значение</th> <th width="50%">Название компонента</th> </tr> <tr> <td>forgot_password</td> <td>yes</td> <td>Форма отправки контрольного слова для смены пароля (<b>system.auth.forgotpasswd</b>)</td> </tr> <tr> <td>change_password</td> <td>yes</td> <td>(Форма смены забытого пароля (<b>system.auth.changepasswd</b>)</td> </tr> <tr> <td>register</td> <td>yes</td> <td>Форма регистрации (<b>system.auth.registration</b>)</td> </tr> <tr> <td>authorize_registration</td> <td>yes</td> <td>Форма авторизации (<b>system.auth.authorize</b>)</td> </tr> </tbody></table> <p>Если не указан ни один из параметров, то по умолчанию метод подключит компонент "Форма авторизации".</p> <p class="note"><b>Примечание</b>. После вывода соответствующего компонента метод завершает выполнение страницы.</p> <p>Динамичный метод.</p> * * * @param mixed $mess yes * * @param bool $show_prolog = true yes * * @param bool $show_epilog = true yes * * @param string $not_show_links = "N" yes * * @param bool $do_die = true * * @return mixed * * <h4>Example</h4> * <pre> * <? * // определим право чтения на файл "/download/document.doc" у текущего пользователя * $FILE_PERM = $APPLICATION->GetFileAccessPermission("/download/document.doc"); * $FILE_PERM = (strlen($FILE_PERM)>0 ? $FILE_PERM : "D"); * // если право чтения нет, то выводем форму авторизации * if($FILE_PERM < "R") <b>$APPLICATION->AuthForm</b>("У вас нет права доступа к данному файлу."); * ?> * </pre> * * * <h4>See Also</h4> * <ul> <li><a href="https://dev.1c-bitrix.ru/learning/course/index.php?COURSE_ID=43&CHAPTER_ID=04565" * >Компоненты</a></li> <li> <a * href="https://dev.1c-bitrix.ru/learning/course/index.php?COURSE_ID=43&LESSON_ID=2819" >Права доступа</a> * </li> <li> <a href="http://dev.1c-bitrix.ru/api_help/main/functions/other/showmessage.php">ShowMessage</a> </li> </ul> * <a name="examples"></a> * * * @static * @link http://dev.1c-bitrix.ru/api_help/main/reference/cmain/authform.php * @author Bitrix */ public function AuthForm($mess, $show_prolog = true, $show_epilog = true, $not_show_links = "N", $do_die = true) { $excl = array("excl" => 1, "key" => 1, "GLOBALS" => 1, "mess" => 1, "show_prolog" => 1, "show_epilog" => 1, "not_show_links" => 1, "do_die" => 1); foreach ($GLOBALS as $key => $value) { if (!array_key_exists($key, $excl)) { global ${$key}; } } if (substr($this->GetCurDir(), 0, strlen(BX_ROOT . "/admin/")) == BX_ROOT . "/admin/" || defined("ADMIN_SECTION") && ADMIN_SECTION === true) { $isAdmin = "_admin"; } else { $isAdmin = ""; } if (isset($this->arAuthResult) && $this->arAuthResult !== true && (is_array($this->arAuthResult) || strlen($this->arAuthResult) > 0)) { $arAuthResult = $this->arAuthResult; } else { $arAuthResult = $mess; } /** @global CMain $APPLICATION */ global $APPLICATION, $forgot_password, $change_password, $register, $confirm_registration; //page title $APPLICATION->SetTitle(GetMessage("AUTH_TITLE")); $inc_file = ""; if ($forgot_password == "yes") { //pass request form $APPLICATION->SetTitle(GetMessage("AUTH_TITLE_SEND_PASSWORD")); $comp_name = "system.auth.forgotpasswd"; $inc_file = "forgot_password"; } elseif ($change_password == "yes") { //pass change form $APPLICATION->SetTitle(GetMessage("AUTH_TITLE_CHANGE_PASSWORD")); $comp_name = "system.auth.changepasswd"; $inc_file = "change_password"; } elseif ($register == "yes" && $isAdmin == "" && COption::GetOptionString("main", "new_user_registration", "N") == "Y") { //registration form $APPLICATION->SetTitle(GetMessage("AUTH_TITLE_REGISTER")); $comp_name = "system.auth.registration"; } elseif ($confirm_registration === "yes" && $isAdmin === "" && COption::GetOptionString("main", "new_user_registration_email_confirmation", "N") === "Y") { //confirm registartion $APPLICATION->SetTitle(GetMessage("AUTH_TITLE_CONFIRM")); $comp_name = "system.auth.confirmation"; } elseif (CModule::IncludeModule("security") && \Bitrix\Security\Mfa\Otp::isOtpRequired() && $_REQUEST["login_form"] != "yes") { //otp form $APPLICATION->SetTitle(GetMessage("AUTH_TITLE_OTP")); $comp_name = "system.auth.otp"; $inc_file = "otp"; } else { header('X-Bitrix-Ajax-Status: Authorize'); //auth form $comp_name = "system.auth.authorize"; $inc_file = "authorize"; } if ($show_prolog) { CMain::PrologActions(); // define("BX_AUTH_FORM", true); include $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/include/prolog" . $isAdmin . "_after.php"; } if ($isAdmin == "") { // form by Components 2.0 $this->IncludeComponent("bitrix:" . $comp_name, COption::GetOptionString("main", "auth_components_template", ""), array("AUTH_RESULT" => $arAuthResult, "NOT_SHOW_LINKS" => $not_show_links)); } else { include $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/interface/auth/wrapper.php"; } if ($show_epilog) { include $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/include/epilog" . $isAdmin . ".php"; } if ($do_die) { die; } }
function regenerateRecoveryCodes($userId) { if (!Otp::getByUser($userId)->isActivated()) { ShowError('OTP inactive'); } CUserOptions::SetOption('security', 'recovery_codes_generated', time()); RecoveryCodesTable::regenerateCodes($userId); return getRecoveryCodes($userId, false); }
<?php if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) { die; } $store_password = COption::GetOptionString('security', 'otp_allow_remember') === 'Y'; $bNeedCaptcha = CModule::IncludeModule("security") && \Bitrix\Security\Mfa\Otp::isCaptchaRequired(); ?> <div class="login-main-popup-wrap login-popup-wrap<?php echo $bNeedCaptcha ? " login-captcha-popup-wrap" : ""; ?> " id="otp"> <input type="hidden" name="TYPE" value="OTP"> <div class="login-popup"> <div class="login-popup-title"><?php echo GetMessage('AUTH_TITLE'); ?> </div> <div class="login-popup-title-description"><?php echo GetMessage("AUTH_PLEASE_AUTH"); ?> </div> <div class="login-popup-field"> <div class="login-popup-field-title"><?php echo GetMessage("AUTH_OTP_PASS"); ?> </div> <div class="login-input-wrap"> <input type="text" class="login-input" onfocus="BX.addClass(this.parentNode, 'login-input-active')" onblur="BX.removeClass(this.parentNode, 'login-input-active')" name="USER_OTP" value="" tabindex="1" autocomplete="off"> <div class="login-inp-border"></div>
<?php /** * @global int $ID - Edited user id * @global \CUser $USER * @global CMain $APPLICATION * @global string $security_SYNC1 - First code * @global string $security_SYNC2 - Second code */ $securityWarningTmp = ""; $security_res = true; if ($ID > 0 && CModule::IncludeModule("security") && check_bitrix_sessid() && $USER->CanDoOperation('security_edit_user_otp') && $security_SYNC1) { try { $otp = \Bitrix\Security\Mfa\Otp::getByUser($ID); $otp->syncParameters($security_SYNC1, $security_SYNC2); $otp->save(); } catch (\Bitrix\Security\Mfa\OtpException $e) { $APPLICATION->ThrowException($e->getMessage()); $security_res = false; } }
<?php if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) { die; } if (!CModule::IncludeModule("security") || !\Bitrix\Security\Mfa\Otp::isOtpEnabled() || !$USER->IsAuthorized() || !CSecurityUser::IsOtpMandatory()) { return; } foreach (GetModuleEvents("intranet", "OnIntranetPopupShow", true) as $arEvent) { if (ExecuteModuleEventEx($arEvent) === false) { return; } } if (defined("BX_COMP_MANAGED_CACHE")) { $ttl = 2592000; } else { $ttl = 600; } $cache_id = 'user_otp_' . intval($USER->GetID() / 100); $cache_dir = '/otp/user_id'; $obCache = new CPHPCache(); if ($obCache->InitCache($ttl, $cache_id, $cache_dir)) { $arUserOtp = $obCache->GetVars(); } else { $arUserOtp = array("ACTIVE" => CSecurityUser::IsUserOtpActive($USER->GetID())); if (defined("BX_COMP_MANAGED_CACHE")) { global $CACHE_MANAGER; $CACHE_MANAGER->StartTagCache($cache_dir); $CACHE_MANAGER->RegisterTag("USER_OTP_" . intval($USER->GetID() / 100)); $CACHE_MANAGER->EndTagCache(); }
Bitrix\Security\Mfa\Otp::setSkipMandatoryDays($_POST['otp_mandatory_skip_days']); } Bitrix\Security\Mfa\Otp::setMandatoryUsing($_POST['otp_mandatory_using'] === 'Y'); if (is_array($_POST['otp_mandatory_rights'])) { Bitrix\Security\Mfa\Otp::setMandatoryRights($_POST['otp_mandatory_rights']); } if ($_REQUEST["save"] != "" && $_GET["return_url"] != "") { LocalRedirect($_GET["return_url"]); } else { LocalRedirect("/bitrix/admin/security_otp.php?lang=" . LANGUAGE_ID . $returnUrl . "&" . $tabControl->ActiveTabParam()); } } $availableTypes = \Bitrix\Security\Mfa\Otp::getAvailableTypes(); $availableTypesDescription = \Bitrix\Security\Mfa\Otp::getTypesDescription(); $defaultType = \Bitrix\Security\Mfa\Otp::getDefaultType(); $targetRights = \Bitrix\Security\Mfa\Otp::getMandatoryRights(); $access = new CAccess(); $targetRightsNames = $access->GetNames($targetRights); CJSCore::Init(array('access')); $APPLICATION->AddHeadScript('/bitrix/js/security/admin/page/otp.js'); $APPLICATION->SetTitle(GetMessage("SEC_OTP_NEW_TITLE")); require $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_after.php"; if (CSecurityUser::isActive()) { $messageType = "OK"; $messageText = GetMessage("SEC_OTP_NEW_ON"); } else { $messageType = "ERROR"; $messageText = GetMessage("SEC_OTP_NEW_OFF"); } CAdminMessage::ShowMessage(array("MESSAGE" => $messageText, "TYPE" => $messageType, "HTML" => true)); ?>
$arResult["AUTH_FORGOT_PASSWORD_URL"] = $arParams["FORGOT_PASSWORD_URL"] . (strpos($arParams["FORGOT_PASSWORD_URL"], "?") !== false ? "&" : "?") . "forgot_password=yes&backurl=" . $url; $arResult["AUTH_LOGIN_URL"] = $APPLICATION->GetCurPageParam("login_form=yes", $arParamsToDelete); $arRes = array(); foreach ($arResult as $key => $value) { $arRes[$key] = htmlspecialcharsbx($value); $arRes['~' . $key] = $value; } $arResult = $arRes; if (CModule::IncludeModule("security") && Mfa\Otp::isOtpRequired() && $_REQUEST["login_form"] != "yes") { $arResult["FORM_TYPE"] = "otp"; $arResult["REMEMBER_OTP"] = COption::GetOptionString('security', 'otp_allow_remember') === 'Y'; $arResult["CAPTCHA_CODE"] = false; if (Mfa\Otp::isCaptchaRequired()) { $arResult["CAPTCHA_CODE"] = $APPLICATION->CaptchaGetCode(); } if (Mfa\Otp::isOtpRequiredByMandatory()) { $arResult['ERROR_MESSAGE'] = array("MESSAGE" => GetMessage("system_auth_form_otp_required"), "TYPE" => "ERROR"); } } else { $arResult["FORM_TYPE"] = "login"; $arVarExcl = array("USER_LOGIN" => 1, "USER_PASSWORD" => 1, "backurl" => 1, "auth_service_id" => 1); $arResult["GET"] = array(); $arResult["POST"] = array(); foreach ($_POST as $vname => $vvalue) { if (!array_key_exists($vname, $arVarExcl)) { if (!is_array($vvalue)) { $arResult["POST"][htmlspecialcharsbx($vname)] = htmlspecialcharsbx($vvalue); } else { foreach ($vvalue as $k1 => $v1) { if (is_array($v1)) { foreach ($v1 as $k2 => $v2) {
<?php if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) { die; } if (!is_array($arAuthResult)) { $arAuthResult = array("TYPE" => "ERROR", "MESSAGE" => $arAuthResult); } if ($inc_file === "otp") { $arAuthResult['CAPTCHA'] = CModule::IncludeModule("security") && \Bitrix\Security\Mfa\Otp::isCaptchaRequired(); } else { $arAuthResult['CAPTCHA'] = $APPLICATION->NeedCAPTHAForLogin($last_login); } if ($arAuthResult['CAPTCHA']) { $arAuthResult['CAPTCHA_CODE'] = $APPLICATION->CaptchaGetCode(); } if ($bOnHit) { ?> <script type="text/javascript"> BX.ready(function(){BX.defer(BX.adminLogin.setAuthResult, BX.adminLogin)(<?php echo CUtil::PhpToJsObject($arAuthResult); ?> );}); </script> <?php } else { ?> <script type="text/javascript" bxrunfirst="true"> top.BX.adminLogin.setAuthResult(<?php echo CUtil::PhpToJsObject($arAuthResult); ?>
public static function IsOtpMandatory() { $isOtpMandatory = Otp::isMandatoryUsing(); return $isOtpMandatory ? true : false; }