Exemplo n.º 1
0
 public function generateToken($type = "form")
 {
     $tkval = ($t = $this->getToken()) ? $t : genRandomVal();
     $token = sha1($tkval . session_id() . ":whmcscrsf");
     if ($type == "plain") {
         return $token;
     }
     if ($type == "link") {
         return "&token=" . $token;
     }
     if ($type == "form") {
         return "<input type=\"hidden\" name=\"token\" value=\"" . $token . "\" />";
     }
 }
Exemplo n.º 2
0
 public function setSessionVars($whmcsclass = false)
 {
     $_SESSION['adminid'] = $this->getAdminID();
     $_SESSION['adminpw'] = $this->generateAdminSessionHash($whmcsclass);
     conditionally_set_token(genRandomVal());
 }
Exemplo n.º 3
0
                            $login_pwd = $data['password'];
                            $result = select_query("tblclients", "id,language", array("id" => $login_uid, "status" => array("sqltype" => "NEQ", "value" => "Closed")));
                            $data = mysql_fetch_array($result);
                            $login_uid = $data['id'];
                            $language = $data['language'];
                        }
                        if ($login_uid) {
                            $fullhost = gethostbyaddr($remote_ip);
                            update_query("tblclients", array("lastlogin" => "now()", "ip" => $remote_ip, "host" => $fullhost), array("id" => $login_uid));
                            $_SESSION['uid'] = $login_uid;
                            if ($login_cid) {
                                $_SESSION['cid'] = $login_cid;
                            }
                            $haship = $CONFIG['DisableSessionIPCheck'] ? "" : $whmcs->get_user_ip();
                            $_SESSION['upw'] = sha1($login_uid . $login_cid . $login_pwd . $haship . substr(sha1($whmcs->get_hash()), 0, 20));
                            $_SESSION['tkval'] = genRandomVal();
                            if ($language) {
                                $_SESSION['Language'] = $language;
                            }
                            run_hook("ClientLogin", array("userid" => $login_uid));
                            $loginsuccess = true;
                        }
                    }
                }
            }
        }
    }
}
if (!$istwofa && !$loginsuccess) {
    if (strpos($gotourl, "?")) {
        $gotourl .= "&incorrect=true";
Exemplo n.º 4
0
 private function createWHMCSInstanceID()
 {
     $instanceid = genRandomVal(12);
     $this->set_config("InstanceID", $instanceid);
     return $instanceid;
 }
Exemplo n.º 5
0
function validateClientLogin($username, $password, $twofadone = false)
{
    global $CONFIG;
    global $whmcs;
    if ($username && ($password || $_SESSION['adminid'] || $twofadone)) {
    } else {
        return false;
    }
    if (isset($_SESSION['uid'])) {
        unset($_SESSION['uid']);
    }
    if (isset($_SESSION['cid'])) {
        unset($_SESSION['cid']);
    }
    if (isset($_SESSION['upw'])) {
        unset($_SESSION['upw']);
    }
    $login_uid = $login_cid = $login_pwd = $loginsharematch = "";
    $where = array();
    $where['email'] = $username;
    if (!$_SESSION['adminid']) {
        $where['status'] = array("sqltype" => "NEQ", "value" => "Closed");
    }
    $result = select_query("tblclients", "", $where);
    $data = mysql_fetch_array($result);
    $login_uid = $data['id'];
    $login_pwd = $data['password'];
    $language = $data['language'];
    $authmodule = $data['authmodule'];
    if (!$login_uid) {
        $result = select_query("tblcontacts", "", array("email" => $username, "subaccount" => "1", "password" => array("sqltype" => "NEQ", "value" => "")));
        $data = mysql_fetch_array($result);
        $login_cid = $data['id'];
        $login_uid = $data['userid'];
        $login_pwd = $data['password'];
        $result = select_query("tblclients", "id,language", array("id" => $login_uid, "status" => array("sqltype" => "NEQ", "value" => "Closed")));
        $data = mysql_fetch_array($result);
        $login_uid = $data['id'];
        $language = $data['language'];
    }
    if (!$login_uid) {
        $hookresults = run_hook("ClientLoginShare", array("username" => $username, "password" => $password));
        foreach ($hookresults as $hookres) {
            if ($hookres) {
                $hookid = $hookres['id'];
                $hookemail = $hookres['email'];
                if ($hookid) {
                    $result = select_query("tblclients", "", array("id" => $hookid));
                } else {
                    $result = select_query("tblclients", "", array("email" => $hookemail));
                }
                $data = mysql_fetch_array($result);
                $login_uid = $data['id'];
                if ($login_uid) {
                    $loginsharematch = true;
                    $login_pwd = $data['password'];
                    $language = $data['language'];
                    continue;
                }
                if ($hookres['create']) {
                    addClient($hookres['firstname'], $hookres['lastname'], $hookres['companyname'], $hookres['email'], $hookres['address1'], $hookres['address2'], $hookres['city'], $hookres['state'], $hookres['postcode'], $hookres['country'], $hookres['phonenumber'], $hookres['password'], "", "", false);
                    return true;
                }
                continue;
            }
        }
    }
    if ($login_uid) {
        if ($CONFIG['NOMD5']) {
            $check_pwd = decrypt($login_pwd);
        } else {
            $salt = explode(":", $login_pwd);
            $salt = $salt[1];
            $password = generateClientPW($password, $salt);
            $check_pwd = $login_pwd;
        }
        $adminallowedclientlogin = false;
        if (isset($_SESSION['adminid'])) {
            $adminroleid = get_query_val("tbladmins", "roleid", array("id" => $_SESSION['adminid']));
            $adminallowedclientlogin = get_query_val("tbladminperms", "permid", array("roleid" => $adminroleid, "permid" => "120"));
        }
        if ($password === $check_pwd || isset($_SESSION['adminid']) && $adminallowedclientlogin || $loginsharematch || $twofadone) {
            $twofa = new WHMCS_2FA();
            if ($twofa->isActiveClients() && $authmodule && !$twofadone && !isset($_SESSION['adminid'])) {
                $_SESSION['2faverifyc'] = true;
                $_SESSION['2faclientid'] = $login_uid;
                $_SESSION['2farememberme'] = $whmcs->get_req_var("rememberme");
                return false;
            }
            if (!isset($_SESSION['adminid'])) {
                $fullhost = gethostbyaddr($whmcs->get_user_ip());
                update_query("tblclients", array("lastlogin" => "now()", "ip" => $whmcs->get_user_ip(), "host" => $fullhost), array("id" => $login_uid));
            }
            $_SESSION['uid'] = $login_uid;
            if ($login_cid) {
                $_SESSION['cid'] = $login_cid;
            }
            $haship = $CONFIG['DisableSessionIPCheck'] ? "" : $whmcs->get_user_ip();
            $_SESSION['upw'] = sha1($login_uid . $login_cid . $login_pwd . $haship . substr(sha1($whmcs->get_hash()), 0, 20));
            if (!isset($_SESSION['adminid'])) {
                set_token(genRandomVal());
            }
            if ($language && !isset($_SESSION['adminid'])) {
                $_SESSION['Language'] = $language;
            }
            run_hook("ClientLogin", array("userid" => $login_uid));
            return true;
        }
    }
    if ($login_uid) {
        logActivity("Failed Login Attempt - User ID: " . $login_uid, $login_uid);
    }
    return false;
}