public function requireLogin() { global $whmcs; if ($this->isLoggedIn()) { if (WHMCS_Session::get("2fabackupcodenew")) { $this->setTemplate("logintwofa"); $twofa = new WHMCS_2FA(); if ($twofa->setClientID($this->getUserID())) { $backupcode = $twofa->generateNewBackupCode(); $this->assign("newbackupcode", $backupcode); WHMCS_Session::delete("2fabackupcodenew"); } else { $this->assign("newbackupcodeerror", true); } $this->output(); exit; } return true; } $_SESSION['loginurlredirect'] = html_entity_decode($_SERVER['REQUEST_URI']); if (WHMCS_Session::get("2faverifyc")) { $this->setTemplate("logintwofa"); if (WHMCS_Session::get("2fabackupcodenew")) { $this->assign("newbackupcode", true); } else { if ($whmcs->get_req_var("incorrect")) { $this->assign("incorrect", true); } } $twofa = new WHMCS_2FA(); if ($twofa->setClientID(WHMCS_Session::get("2faclientid"))) { if (!$twofa->isActiveClients() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if ($whmcs->get_req_var("backupcode")) { $this->assign("backupcode", true); } else { $challenge = $twofa->moduleCall("challenge"); if ($challenge) { $this->assign("challenge", $challenge); } else { $this->assign("error", "Bad 2 Factor Auth Module. Please contact support."); } } } else { $this->assign("error", "An error occurred. Please try again."); } } else { $this->setTemplate("login"); $this->assign("loginpage", true); $this->assign("formaction", "dologin.php"); if ($whmcs->get_req_var("incorrect")) { $this->assign("incorrect", true); } } $this->output(); exit; }
echo "<div id=\"login\"><p align=\"center\">Your New Backup Code is:</p><div style=\"margin:20px auto;padding:10px;width:280px;background-color:#F2D4CE;border:1px dashed #AE432E;text-align:center;font-size:20px;\">" . $backupcode . "</div><p align=\"center\">Write this down on paper and keep it safe.<br />It will be needed if you ever lose your 2nd factor device or it is unavailable to you again in future.</p><form method=\"post\" action=\"dologin.php\"><p align=\"center\"><input type=\"submit\" value=\"Continue to Admin Area »\" /></p></form></div>"; } else { echo "<div id=\"login\">An error occurred. Please try again.</div>"; } } else { if (isset($_SESSION['2faverify'])) { $twofa = new WHMCS_2FA(); if ($twofa->setAdminID($_SESSION['2faadminid'])) { if (!$twofa->isActiveAdmins() || !$twofa->isEnabled()) { WHMCS_Session::destroy(); redir(); } if ($whmcs->get_req_var("backupcode")) { echo "<div id=\"login\"><form method=\"post\" action=\"dologin.php\"><input type=\"hidden\" name=\"backupcode\" value=\"1\" /><p align=\"center\"><input type=\"text\" name=\"code\" size=\"25\" /> <input type=\"submit\" value=\"Login »\" /></p><p align=\"center\">Enter Your Backup Code Above to Login</p></form></div>"; } else { $challenge = $twofa->moduleCall("challenge"); if ($challenge) { echo "<div id=\"login\">" . $challenge . "<p align=\"center\">Can't Access Your 2nd Factor Device? <a href=\"login.php?backupcode=1\">Login using Backup Code</a></p></div>"; } else { echo "<div id=\"login\">Bad 2 Factor Auth Module. Please contact support.</div>"; } } } else { echo "<div id=\"login\">An error occurred. Please try again.</div>"; } } else { echo " <div id=\"login\">\n <form action=\"dologin.php\" method=\"post\" name=\"frmlogin\" id=\"frmlogin\">\n <table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"5\">\n <tr>\n <td width=\"30%\" align=\"right\" valign=\"middle\">"; echo "<s"; echo "trong>Username</strong></td>\n <td align=\"left\" valign=\"middle\"><input type=\"text\" name=\"username\" size=\"30\" class=\"login_inputs\" /></td>\n </tr>\n <tr>\n <td width=\"30%\" align=\"right\" valign=\"middle\">"; echo "<s"; echo "trong>Password</strong></td>\n <td align=\"left\" valign=\"middle\"><input type=\"password\" name=\"password\" size=\"30\" class=\"login_inputs\" /></td>\n </tr>\n <tr>\n <td width=\"30%\" align=\"right\" valign=\"middle\"><input type=\"checkbox\" name=\"rememberme\" id=\"rememberme\" /></td>\n <td align=\"left\" valign=\"middle\"><label for=\"rememberme\" style=\"cursor:hand\">Remember me until I logout.";
} echo "<h2>" . $aInt->lang("twofa", "disable") . "</h2>"; if (!$disabled) { echo "<p>" . $aInt->lang("twofa", "disableintro") . "</p>"; if ($incorrect) { echo "<div class=\"errorbox\"><strong>Password Incorrect</strong><br />Please try again...</div>"; } echo "<form onsubmit=\"dialogSubmit();return false\"><input type=\"hidden\" name=\"2fasetup\" value=\"1\" /><p align=\"center\">" . $aInt->lang("fields", "password") . ": <input type=\"password\" name=\"pwverify\" value=\"\" size=\"20\" /><p><p align=\"center\"><input type=\"button\" value=\"" . $aInt->lang("global", "disable") . "\" class=\"btn\" onclick=\"dialogSubmit()\" /></p></form>"; } else { echo "<p>" . $aInt->lang("twofa", "disabledconfirmation") . "</p><p align=\"center\"><input type=\"button\" value=\"" . $aInt->lang("global", "close") . "\" onclick=\"window.location='myaccount.php'\" /></p>"; } echo "<script type=\"text/javascript\">\n\$(\"#admindialogcont input:password:visible:first\").focus();\n</script>\n</div></div>"; } else { $modules = $twofa->getAvailableModules(); if (isset($module) && in_array($module, $modules)) { $output = $twofa->moduleCall("activate", $module); if (is_array($output) && isset($output['completed'])) { $msg = isset($output['msg']) ? $output['msg'] : ""; $settings = isset($output['settings']) ? $output['settings'] : array(); $backupcode = $twofa->activateUser($module, $settings); $output = ""; if ($backupcode) { $output = "<div align=\"center\"><h2>" . $aInt->lang("twofa", "activationcomplete") . "</h2>"; if ($msg) { $output .= "<div style=\"margin:20px;padding:10px;background-color:#f7f7f7;border:1px dashed #cccccc;text-align:center;\">" . $msg . "</div>"; } $output .= "<h2>" . $aInt->lang("twofa", "backupcodeis") . ":</h2><div style=\"margin:20px auto;padding:10px;width:280px;background-color:#F2D4CE;border:1px dashed #AE432E;text-align:center;font-size:20px;\">" . $backupcode . "</div><p>" . $aInt->lang("twofa", "backupcodeexpl") . "</p>"; $output .= "<p><input type=\"button\" value=\"" . $aInt->lang("global", "close") . "\" onclick=\"window.location='myaccount.php'\" /></p></div>"; } else { $output = $aInt->lang("twofa", "activationerror"); }
} if (!$gotourl) { $gotourl = "clientarea.php"; } if ($whmcs->get_req_var("newbackupcode")) { header("Location: " . $gotourl); exit; } $loginsuccess = $istwofa = false; $twofa = new WHMCS_2FA(); if ($twofa->isActiveClients() && isset($_SESSION['2faverifyc'])) { $twofa->setClientID($_SESSION['2faclientid']); if ($whmcs->get_req_var("backupcode")) { $success = $twofa->verifyBackupCode($whmcs->get_req_var("code")); } else { $success = $twofa->moduleCall("verify"); } if ($success) { validateClientLogin(get_query_val("tblclients", "email", array("id" => $_SESSION['2faclientid'])), "", true); if ($_SESSION['2farememberme']) { wSetCookie("User", $_SESSION['uid'] . ":" . sha1($_SESSION['upw'] . $whmcs->get_hash()), time() + 60 * 60 * 24 * 365); } else { wDelCookie("User"); } WHMCS_Session::delete("2faclientid"); WHMCS_Session::delete("2farememberme"); WHMCS_Session::delete("2faverifyc"); if ($whmcs->get_req_var("backupcode")) { WHMCS_Session::set("2fabackupcodenew", true); $gotourl = "clientarea.php?newbackupcode=true"; header("Location: " . $gotourl);