Exemplo n.º 1
0
 public function requireLogin()
 {
     global $whmcs;
     if ($this->isLoggedIn()) {
         if (WHMCS_Session::get("2fabackupcodenew")) {
             $this->setTemplate("logintwofa");
             $twofa = new WHMCS_2FA();
             if ($twofa->setClientID($this->getUserID())) {
                 $backupcode = $twofa->generateNewBackupCode();
                 $this->assign("newbackupcode", $backupcode);
                 WHMCS_Session::delete("2fabackupcodenew");
             } else {
                 $this->assign("newbackupcodeerror", true);
             }
             $this->output();
             exit;
         }
         return true;
     }
     $_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']);
     if (WHMCS_Session::get("2faverifyc")) {
         $this->setTemplate("logintwofa");
         if (WHMCS_Session::get("2fabackupcodenew")) {
             $this->assign("newbackupcode", true);
         } else {
             if ($whmcs->get_req_var("incorrect")) {
                 $this->assign("incorrect", true);
             }
         }
         $twofa = new WHMCS_2FA();
         if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) {
             if (!$twofa->isActiveClients() || !$twofa->isEnabled()) {
                 WHMCS_Session::destroy();
                 redir();
             }
             if ($whmcs->get_req_var("backupcode")) {
                 $this->assign("backupcode", true);
             } else {
                 $challenge = $twofa->moduleCall("challenge");
                 if ($challenge) {
                     $this->assign("challenge", $challenge);
                 } else {
                     $this->assign("error", "Bad 2 Factor Auth Module. Please contact support.");
                 }
             }
         } else {
             $this->assign("error", "An error occurred. Please try again.");
         }
     } else {
         $this->setTemplate("login");
         $this->assign("loginpage", true);
         $this->assign("formaction", "dologin.php");
         if ($whmcs->get_req_var("incorrect")) {
             $this->assign("incorrect", true);
         }
     }
     $this->output();
     exit;
 }
Exemplo n.º 2
0
if (defined("CLIENTAREA") && $CONFIG['MaintenanceMode'] && !$_SESSION['adminid']) {
    if ($CONFIG['MaintenanceModeURL']) {
        header("Location: " . $CONFIG['MaintenanceModeURL']);
        exit;
    }
    echo "<div style=\"border: 1px dashed #cc0000;font-family:Tahoma;background-color:#FBEEEB;width:100%;padding:10px;color:#cc0000;\"><strong>Down for Maintenance (Err 3)</strong><br>" . $CONFIG['MaintenanceModeMessage'] . "</div>";
    exit;
}
$licensing = WHMCS_License::init();
if ($licensing->getVersionHash() != "9eb7da5f081b3fc7ae1e460afdcb89ea8239eca1") {
    exit("License Checking Error");
}
if (defined("CLIENTAREA") && isset($_SESSION['uid']) && !isset($_SESSION['adminid'])) {
    $twofa = new WHMCS_2FA();
    $twofa->setClientID($_SESSION['uid']);
    if ($twofa->isForced() && !$twofa->isEnabled() && $twofa->isActiveClients()) {
        if ($whmcs->get_filename() == "clientarea" && ($whmcs->get_req_var("action") == "security" || $whmcs->get_req_var("2fasetup"))) {
        } else {
            redir("action=security&2fasetup=1&enforce=1", "clientarea.php");
        }
    }
}
if (isset($_SESSION['currency']) && is_array($_SESSION['currency'])) {
    $_SESSION['currency'] = $_SESSION['currency']['id'];
}
if (!isset($_SESSION['uid']) && isset($_REQUEST['currency'])) {
    $result = select_query("tblcurrencies", "id", array("id" => (int) $_REQUEST['currency']));
    $data = mysql_fetch_array($result);
    if ($data['id']) {
        $_SESSION['currency'] = $data['id'];
    }
Exemplo n.º 3
0
require "../init.php";
$aInt = new WHMCS_Admin("My Account", false);
$aInt->title = $aInt->lang("global", "myaccount");
$aInt->sidebar = "config";
$aInt->icon = "home";
$aInt->requiredFiles(array("ticketfunctions"));
$action = $whmcs->get_req_var("action");
$errormessage = "";
$twofa = new WHMCS_2FA();
$twofa->setAdminID($_SESSION['adminid']);
if ($whmcs->get_req_var("2fasetup")) {
    if (!$twofa->isActiveAdmins()) {
        exit("Access denied");
    }
    ob_start();
    if ($twofa->isEnabled()) {
        echo "<div class=\"content\"><div style=\"padding:15px;\">";
        $disabled = $incorrect = false;
        if ($password = $whmcs->get_req_var("pwverify")) {
            $auth = new WHMCS_Auth();
            $auth->getInfobyID($_SESSION['adminid']);
            if ($auth->comparePassword($password)) {
                $twofa->disableUser();
                $disabled = true;
            } else {
                $incorrect = true;
            }
        }
        echo "<h2>" . $aInt->lang("twofa", "disable") . "</h2>";
        if (!$disabled) {
            echo "<p>" . $aInt->lang("twofa", "disableintro") . "</p>";
Exemplo n.º 4
0
 public function __construct($reqpermission, $releaseSession = true)
 {
     global $CONFIG;
     global $licensing;
     global $_ADMINLANG;
     global $infobox;
     global $whmcs;
     $infobox = "";
     $licensing->remoteCheck();
     if ($licensing->getStatus() != "Active") {
         redir("licenseerror=" . $licensing->getStatus(), "licenseerror.php");
     }
     if ($CONFIG['AdminForceSSL'] && $CONFIG['SystemSSLURL']) {
         if (!$_SERVER['HTTPS'] || $_SERVER['HTTPS'] == "off") {
             $requesturl = $_SERVER['PHP_SELF'] . "?";
             foreach ($_REQUEST as $key => $value) {
                 if (!is_array($value)) {
                     $requesturl .= "" . $key . "=" . urlencode($value) . "&";
                     continue;
                 }
             }
             $requesturl = substr($requesturl, 0, 0 - 1);
             $requesturl = substr($requesturl, strrpos($requesturl, "/"));
             header("Location: " . $CONFIG['SystemSSLURL'] . "/" . $whmcs->get_admin_folder_name() . $requesturl);
             exit;
         }
     }
     if ($reqpermission == "loginonly") {
         $this->loginRequired = true;
     } else {
         if ($reqpermission) {
             $this->requiredPermission = $reqpermission;
         } else {
             $this->loginRequired = false;
         }
     }
     require ROOTDIR . "/includes/smarty/Smarty.class.php";
     if ($this->loginRequired) {
         $auth = new WHMCS_Auth();
         if (!$auth->isLoggedIn()) {
             $_SESSION['admloginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']);
             redir("", "login.php");
         }
         $auth->getInfobyID($_SESSION['adminid']);
         if ($auth->isSessionPWHashValid()) {
             $auth->updateAdminLog();
             $this->adminTemplate = $auth->getAdminTemplate();
             if ($auth->getAdminLanguage()) {
                 $this->language = $auth->getAdminLanguage();
             }
         } else {
             $auth->destroySession();
             redir("", "login.php");
         }
     }
     if ($releaseSession) {
         releaseSession();
     }
     if ($this->requiredPermission) {
         $permid = array_search($this->requiredPermission, getAdminPermsArray());
         $result = select_query("tbladmins", "roleid", array("id" => $_SESSION['adminid']));
         $data = mysql_fetch_array($result);
         $roleid = $data['roleid'];
         $result = select_query("tbladminperms", "COUNT(*)", array("roleid" => $roleid, "permid" => $permid));
         $data = mysql_fetch_array($result);
         $match = $data[0];
         if (!$match) {
             redir("permid=" . $permid, "accessdenied.php");
             exit;
         }
     }
     $filename = $_SERVER['PHP_SELF'];
     $filename = substr($filename, strrpos($filename, "/"));
     $filename = str_replace(array("/", ".php"), "", $filename);
     if (isset($_SESSION['adminid'])) {
         $twofa = new WHMCS_2FA();
         $twofa->setAdminID($_SESSION['adminid']);
         if ($filename != "myaccount" && $twofa->isForced() && !$twofa->isEnabled() && $twofa->isActiveAdmins()) {
             redir("2faenforce=1", "myaccount.php");
         }
     }
     $this->filename = $filename;
     $this->rowLimit = $CONFIG['NumRecordstoDisplay'];
     if (isset($_SESSION['adminlang']) && $_SESSION['adminlang']) {
         $this->language = $_SESSION['adminlang'];
     }
     $this->language = $whmcs->validateLanguage($this->language, true);
     $whmcs->loadLanguage($this->language, true);
 }
Exemplo n.º 5
0
     }
 }
 echo "<div id=\"login_msg\"><span style=\"font-size:14px;\"><strong>" . $msgtitle . "</strong></span><br>" . $msg . "</div>";
 if (isset($_SESSION['2fabackupcodenew'])) {
     $twofa = new WHMCS_2FA();
     if ($twofa->setAdminID($_SESSION['2faadminid'])) {
         $backupcode = $twofa->generateNewBackupCode();
         echo "<div id=\"login\"><p align=\"center\">Your New Backup Code is:</p><div style=\"margin:20px auto;padding:10px;width:280px;background-color:#F2D4CE;border:1px dashed #AE432E;text-align:center;font-size:20px;\">" . $backupcode . "</div><p align=\"center\">Write this down on paper and keep it safe.<br />It will be needed if you ever lose your 2nd factor device or it is unavailable to you again in future.</p><form method=\"post\" action=\"dologin.php\"><p align=\"center\"><input type=\"submit\" value=\"Continue to Admin Area &raquo;\" /></p></form></div>";
     } else {
         echo "<div id=\"login\">An error occurred. Please try again.</div>";
     }
 } else {
     if (isset($_SESSION['2faverify'])) {
         $twofa = new WHMCS_2FA();
         if ($twofa->setAdminID($_SESSION['2faadminid'])) {
             if (!$twofa->isActiveAdmins() || !$twofa->isEnabled()) {
                 WHMCS_Session::destroy();
                 redir();
             }
             if ($whmcs->get_req_var("backupcode")) {
                 echo "<div id=\"login\"><form method=\"post\" action=\"dologin.php\"><input type=\"hidden\" name=\"backupcode\" value=\"1\" /><p align=\"center\"><input type=\"text\" name=\"code\" size=\"25\" /> <input type=\"submit\" value=\"Login &raquo;\" /></p><p align=\"center\">Enter Your Backup Code Above to Login</p></form></div>";
             } else {
                 $challenge = $twofa->moduleCall("challenge");
                 if ($challenge) {
                     echo "<div id=\"login\">" . $challenge . "<p align=\"center\">Can't Access Your 2nd Factor Device? <a href=\"login.php?backupcode=1\">Login using Backup Code</a></p></div>";
                 } else {
                     echo "<div id=\"login\">Bad 2 Factor Auth Module. Please contact support.</div>";
                 }
             }
         } else {
             echo "<div id=\"login\">An error occurred. Please try again.</div>";
Exemplo n.º 6
0
 $ca->setTemplate("clientareasecurity");
 $ca->addToBreadCrumb("clientarea.php?action=details", $whmcs->get_lang("clientareanavdetails"));
 $ca->addToBreadCrumb("clientarea.php?action=security", $whmcs->get_lang("clientareanavsecurity"));
 if ($whmcs->get_req_var("successful")) {
     $smartyvalues['successful'] = true;
 }
 $twofa = new WHMCS_2FA();
 $twofa->setClientID($ca->getUserID());
 if ($twofa->isActiveClients()) {
     $ca->assign("twofaavailable", true);
     if ($whmcs->get_req_var("2fasetup")) {
         if (!$twofa->isActiveClients()) {
             exit("Access denied");
         }
         ob_start();
         if ($twofa->isEnabled()) {
             echo "<div class=\"content\"><div style=\"padding:15px;\">";
             $disabled = $incorrect = false;
             if ($password = $whmcs->get_req_var("pwverify")) {
                 $dbpwd = get_query_val("tblclients", "password", array("id" => $ca->getUserID()));
                 if ($whmcs->get_config("NOMD5")) {
                     $check_pwd = decrypt($dbpwd);
                 } else {
                     $salt = explode(":", $dbpwd);
                     $salt = $salt[1];
                     $password = generateClientPW($password, $salt);
                     $check_pwd = $dbpwd;
                 }
                 if ($password == $check_pwd) {
                     $twofa->disableUser();
                     $disabled = true;
Exemplo n.º 7
0
    header("Location: clientarea.php");
    exit;
}
$_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']);
if (WHMCS_Session::get("2faverifyc")) {
    $templatefile = "logintwofa";
    if (WHMCS_Session::get("2fabackupcodenew")) {
        $smartyvalues['newbackupcode'] = true;
    } else {
        if ($whmcs->get_req_var("incorrect")) {
            $smartyvalues['incorrect'] = true;
        }
    }
    $twofa = new WHMCS_2FA();
    if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) {
        if (!$twofa->isActiveClients() || !$twofa->isEnabled()) {
            WHMCS_Session::destroy();
            redir();
        }
        if ($whmcs->get_req_var("backupcode")) {
            $smartyvalues['backupcode'] = true;
        } else {
            $challenge = $twofa->moduleCall("challenge");
            if ($challenge) {
                $smartyvalues['challenge'] = $challenge;
            } else {
                $smartyvalues['error'] = "Bad 2 Factor Auth Module. Please contact support.";
            }
        }
    } else {
        $smartyvalues['error'] = "An error occurred. Please try again.";