public function GenerateLogin($messages)
{
$info = $this->GetInfo();
if ($info["cookiekey"] != "" && $info["cookieiv"] != "" && $info["cookiekey2"] != "" && $info["cookieiv2"] != "") {
$phrase = "";
if (isset($_COOKIE["sso_l_ap"])) {
// Decrypt data.
$phrase = @base64_decode($_COOKIE["sso_l_ap"]);
if ($phrase !== false) {
$phrase = Blowfish::ExtractDataPacket($phrase, pack("H*", $info["cookiekey"]), array("mode" => "CBC", "iv" => pack("H*", $info["cookieiv"]), "key2" => pack("H*", $info["cookiekey2"]), "iv2" => pack("H*", $info["cookieiv2"]), "lightweight" => true));
}
if ($phrase === false) {
$phrase = "";
}
}
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Anti-Phishing Phrase"));
?>
</div>
<?php
if ($phrase != "") {
?>
<div class="sso_main_formdesc"><?php
echo htmlspecialchars($phrase);
?>
</div>
<?php
} else {
?>
<div class="sso_main_formresult"><div class="sso_main_formwarning"><?php
echo htmlspecialchars(BB_Translate("No anti-phishing phrase found."));
?>
</div></div>
<?php
}
?>
</div>
<?php
}
}
return array("success" => false, "error" => SSO_Translate("Invalid secret key."));
}
$sso_apikey_info["keyinfo"]["mode"] = $info[0];
$sso_apikey_info["keyinfo"]["key"] = pack("H*", $info[1]);
$sso_apikey_info["keyinfo"]["opts"]["iv"] = pack("H*", $info[2]);
if (count($info) >= 5) {
$sso_apikey_info["keyinfo"]["opts"]["key2"] = pack("H*", $info[3]);
$sso_apikey_info["keyinfo"]["opts"]["iv2"] = pack("H*", $info[4]);
}
unset($info);
}
$sso_apikey_info["keyinfo"]["opts"]["prefix"] = pack("H*", $sso_rng->GenerateToken());
if ($sso_apikey_info["keyinfo"]["mode"] === "aes256") {
$sso_data = ExtendedAES::ExtractDataPacket($sso_data, $sso_apikey_info["keyinfo"]["key"], $sso_apikey_info["keyinfo"]["opts"]);
} else {
$sso_data = Blowfish::ExtractDataPacket($sso_data, $sso_apikey_info["keyinfo"]["key"], $sso_apikey_info["keyinfo"]["opts"]);
}
if ($sso_data === false) {
SSO_EndpointError("Unable to decrypt data packet.");
}
$sso_data = @json_decode($sso_data, true);
if ($sso_data === false) {
SSO_EndpointError("Unable to extract data packet.");
}
$sso_encrypted = true;
// Check the data packet against submitted data.
if (!isset($sso_data["ts"]) || !isset($sso_data["apikey"]) || $_REQUEST["apikey"] !== $sso_data["apikey"] || !isset($sso_data["action"]) || $_REQUEST["action"] !== $sso_data["action"] || !isset($sso_data["ver"]) || $_REQUEST["ver"] !== $sso_data["ver"]) {
SSO_EndpointError("Bad data packet. Please use an official SSO client.");
}
// Determine system clock drift.
$sso_clockdrift = isset($sso_settings[""]["clock_drift"]) ? $sso_settings[""]["clock_drift"] : 300;
function SSO_LoadNamespaces($real, $data = false)
{
global $sso_settings;
if ($real) {
if (isset($sso_settings[""]["namespacekey2"]) && isset($_COOKIE["sso_server_ns"])) {
if ($data === false) {
$data = $_COOKIE["sso_server_ns"];
}
$result = @base64_decode($data);
if ($result !== false) {
$result = Blowfish::ExtractDataPacket($result, pack("H*", $sso_settings[""]["namespacekey"]), array("mode" => "CBC", "iv" => pack("H*", $sso_settings[""]["namespaceiv"]), "key2" => pack("H*", $sso_settings[""]["namespacekey2"]), "iv2" => pack("H*", $sso_settings[""]["namespaceiv2"]), "lightweight" => true));
}
if ($result !== false) {
$result = @unserialize($result);
}
if ($result !== false) {
return $result;
}
}
} else {
if (isset($sso_settings[""]["namespacekey4"]) && isset($_COOKIE["sso_server_ns2"])) {
if ($data === false) {
$data = $_COOKIE["sso_server_ns2"];
}
$result = @base64_decode($data);
if ($result !== false) {
$result = Blowfish::ExtractDataPacket($result, pack("H*", $sso_settings[""]["namespacekey3"]), array("mode" => "CBC", "iv" => pack("H*", $sso_settings[""]["namespaceiv3"]), "key2" => pack("H*", $sso_settings[""]["namespacekey4"]), "iv2" => pack("H*", $sso_settings[""]["namespaceiv4"]), "lightweight" => true));
}
if ($result !== false) {
$result = @unserialize($result);
}
if ($result !== false) {
return $result;
}
}
}
return array();
}
public function CustomFrontend()
{
global $g_sso_login_modules, $sso_settings, $sso_header, $sso_footer, $sso_target_url, $sso_db, $sso_session_info, $sso_rng;
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
$info = $this->GetInfo();
if ($info["cookiekey"] != "" && $info["cookieiv"] != "" && $info["cookiekey2"] != "" && $info["cookieiv2"] != "") {
// Initialize active modules.
$this->activemodules = array();
foreach ($g_sso_login_modules as $key => $info2) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$this->activemodules[$key] = new $module();
}
}
$sso_db_sso_login_users = SSO_DB_PREFIX . "p_sso_login_users";
if (isset($_REQUEST["id"]) && isset($_COOKIE["sso_l_rme"])) {
// Decrypt data.
$info2 = @base64_decode($_COOKIE["sso_l_rme"]);
if ($info2 !== false) {
$info2 = Blowfish::ExtractDataPacket($info2, pack("H*", $info["cookiekey"]), array("mode" => "CBC", "iv" => pack("H*", $info["cookieiv"]), "key2" => pack("H*", $info["cookiekey2"]), "iv2" => pack("H*", $info["cookieiv2"]), "lightweight" => true));
}
if ($info2 !== false) {
$info2 = @unserialize($info2);
}
if ($info2 !== false) {
$id = (int) $_REQUEST["id"];
if (isset($info2[$id]) && is_array($info2[$id]) && count($info2[$id]) == 2) {
// Load database information and verify the sign in.
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $id);
if ($userrow && (!isset($userrow->verified) || $userrow->verified)) {
$userinfo = SSO_DecryptDBData($userrow->info);
if ($userinfo !== false && isset($userinfo["sso_remember_me"]) && isset($userinfo["sso_remember_me"][$info2[$userrow->id][0]])) {
$info3 = $userinfo["sso_remember_me"][$info2[$userrow->id][0]];
$ts = CSDB::ConvertFromDBTime($info3["expires"]);
if ($ts > time()) {
$data = $info3["salt"] . ":" . $info2[$userrow->id][1];
if (sso_login::VerifyPasswordInfo($data, $info3["hash"], $info3["rounds"])) {
// Sign in is now verified to be valid.
if (!$info3["bypass"] && ($sso_settings["sso_login"]["require_two_factor"] || isset($userinfo["two_factor_method"]) && $userinfo["two_factor_method"] != "")) {
// Go to two-factor authentication page.
$methods = array();
foreach ($this->activemodules as $key => &$instance) {
$name = $instance->GetTwoFactorName(false);
if ($name !== false) {
$methods[$key] = true;
}
}
if ($sso_settings["sso_login"]["require_two_factor"] && (!isset($userinfo["two_factor_method"]) || !isset($methods[$userinfo["two_factor_method"]]))) {
$messages["errors"][] = BB_Translate("A valid two-factor authentication method for this account is not available. Use account recovery to restore access to the account.");
} else {
$sso_session_info["sso_login_two_factor"] = array("id" => $userrow->id, "v" => $sso_rng->GenerateString(), "expires" => CSDB::ConvertToDBTime(time() + 5 * 60));
if (!SSO_SaveSessionInfo()) {
$messages["errors"][] = BB_Translate("Login exists but a fatal error occurred. Fatal error: Unable to save session information.");
} else {
$this->activemodules[$userinfo["two_factor_method"]]->SendTwoFactorCode($messages, $userrow, $userinfo);
if (!count($messages["errors"])) {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_login_action=two_factor&sso_v=" . urlencode($sso_session_info["sso_login_two_factor"]["v"]));
exit;
}
}
}
} else {
// Login succeeded. Activate the user.
$mapinfo = array();
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
}
$origuserinfo = $userinfo;
foreach ($this->activemodules as &$instance) {
$instance->LoginAddMap($mapinfo, $userrow, $userinfo, false);
}
// If a module updated $userinfo, then update the database.
if (serialize($userinfo) !== serialize($origuserinfo)) {
$userinfo2 = SSO_EncryptDBData($userinfo);
try {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("info" => $userinfo2), "WHERE" => "id = ?"), $userrow->id);
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Database query error.");
}
}
if (!count($messages["errors"])) {
SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created));
// Only falls through on account lockout or a fatal error.
$messages["errors"][] = BB_Translate("User activation failed.");
}
}
}
}
}
}
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<div class="sso_main_messages_wrap">
<div class="sso_main_messages">
<?php
if (count($messages["errors"])) {
?>
<div class="sso_main_messageerror"><?php
echo htmlspecialchars($messages["errors"][0]);
?>
</div>
<?php
}
?>
<div class="sso_main_messageerror"><?php
echo htmlspecialchars(BB_Translate("An error occurred while processing the remembered sign in. You will have to sign in normally."));
?>
</div>
</div>
</div>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
</div>
</div>
<?php
echo $sso_footer;
}
}
