/** * If there were no login attempt or it failed render login form page * otherwise redirect him to wherever he should return to. * * Also, this endpoint serves as the AJAX endpoint for client-side validation of login info. */ public function run() { $user = Yii::app()->user; $this->redirectAwayAlreadyAuthenticatedUsers($user); $model = new BackendLoginForm(); $request = Yii::app()->request; $gaform = new GoogleAuthForm(); $formData = $request->getPost(get_class($model), false); $gaFormData = $request->getPost(get_class($gaform), false); if ($formData) { $model->attributes = $formData; if ($model->validate(array('username', 'password', 'verifyCode')) && $model->login()) { $ga = new GoogleAuthenticator(); $userdata = $user->data(); $usersettings = $userdata->twofactor_settings; if (!$usersettings || $usersettings->deliveras != UserTwoFactorSettings::GOOGLE_AUTH) { Yii::app()->user->setFlash('error', Yii::t('translation', 'Invalid Auth Code! ')); $this->controller->redirect('/site/logout'); } $authok = false; if ($gaFormData) { $gaform->attributes = $gaFormData; $authcode = $gaform->twofactorauthcode; if ($ga->verifyCode($usersettings->googleauth_secret, $authcode)) { $authok = true; } } if (!$authok) { Yii::app()->user->setFlash('error', Yii::t('translation', 'Invalid Auth Code! ')); $this->controller->redirect('/site/logout'); } else { $this->controller->redirect($user->returnUrl); } } } $this->controller->render('login', compact('model')); }
public function two_way() { /* Kijken of er een sleutel ingevuld is. */ if (!empty($_POST['sleutel'])) { /* De secret van het ingelogde account ophalen */ $query = Database::query("SELECT secret FROM customer WHERE id = " . $_SESSION['login']['id']); /* Controleren of de query is gelukt. */ if ($query) { /* Controleren of er een row terug gegeven is. */ if ($query->num_rows != 0) { /* Secret code ophalen. */ $secret = $query->fetch_object()->secret; /* Nieuwe google object aanmaken. */ $google = new GoogleAuthenticator(); /* Controleren of de sleutel geldig is of niet. */ if ($google->verifyCode($secret, $_POST['sleutel'])) { /* De secret op true zetten, om aan te geven dat de two_way gelukt is. */ $_SESSION['login']['secret'] = true; /* De login log updaten, zodat de two_way als succes word weergeven. */ $this->update_login_log(true); /* True returnen. */ return true; } else { /* De login log update, om aan te geven dat de two_way mislukt is. */ $this->update_login_log(false); /* De ingevulde sleutel is onjuist. */ throw new Exception('De ingevulde sleutel is onjuist.'); } } else { /* Het account bestaat niet. */ throw new Exception('Dit account bestaat niet.'); } } else { /* MySQL foutmelding. */ throw new Exception('Er ging wat fout in de database.<br />' . Database::error()); } } else { /* Er is geen sleutel ingevuld. */ throw new Exception('Er dient een sleutel ingevuld te worden.'); } }
// Check if user is configured to use 2-Factor Auth $userKey = $userKeyCheck['userKey']; if ($userKey) { // If the user has a userKey setup continue - then check if the provided token has been used by this user previously $submitHistory = $modx->getObject('UserHistory', array('internalKey' => $id, 'previousKey' => $token)); if ($submitHistory) { $SHC = $submitHistory->get('id'); } else { $SHC = 0; } if ($SHC == 0) { // if user has not used the token before - continue - else return error require_once 'core/components/gauthx/elements/plugins/GoogleAuthenticator.php'; $ga = new GoogleAuthenticator(); // validate if code matches user token $checkResult = $ga->verifyCode($userKey, $token, $tolerance); // 2 = 2*30sec clock tolerance // if yes add provided token to user history, clean up user history & allow user to login. - Else return error if ($checkResult) { $log = $modx->newObject('UserHistory'); $log->set('internalKey', $id); $log->set('previousKey', $token); $log->save(); // get count of user hisotry for user who is logging in $max = $modx->getCount('UserHistory', array('internalKey' => $id)); if ($max > $historyLimit) { // if count is greater than history limit remove a row () $newlimit = $max - $historyLimit; $query = $modx->newQuery('UserHistory'); $query->sortby('id', 'ASC'); $query->limit($newlimit);
$responseTpl = $modx->getOption('responseTpl', $scriptProperties, 'GAuthxResponse', true); $tpl = $modx->getOption('tpl', $scriptProperties, 'GAuthxTpl', true); if ($modx->user->get('id') != 0) { if (!$pc) { require_once 'core/components/gauthx/elements/plugins/GoogleAuthenticator.php'; $ga = new GoogleAuthenticator(); $account = urlencode($modx->getOption('site_name', null, 'Modx')); if (!$_GET['token']) { $secret = $ga->createSecret(); $qrCodeUrl = $ga->getQRCodeGoogleUrl($account, $secret); $placeholders = array('secret' => $secret, 'qrCodeUrl' => $qrCodeUrl); $output .= $modx->getChunk($tpl, $placeholders); } else { $token = $_GET['token']; $secret = $_GET['secret']; $checkResult = $ga->verifyCode($secret, $token, 2); // 2 = 2*30sec clock tolerance if ($checkResult) { $response = $modx->setPlaceholder('response', 'Success, You will now be required use 2FAx upon login.'); $userKey = $profile->get('extended'); $userKey['userKey'] = $secret; $profile->set('extended', $userKey); $profile->save(); $output .= $modx->getChunk($responseTpl, $placeholders); } else { $qrCodeUrl = $ga->getQRCodeGoogleUrl($account, $secret); $placeholders = array('secret' => $secret, 'qrCodeUrl' => $qrCodeUrl, 'response' => 'That token is incorrect, please try again'); $output .= $modx->getChunk($tpl, $placeholders); } } } else {
public function verifyGACode($code) { $sk = $this->getGASk(); $sk = $sk['sk']; $ga = new \GoogleAuthenticator(); return $ga->verifyCode($sk, $code); }
public function actionIndex() { // $this->leftmenu = 'account'; $user = Yii::app()->user->data(); $ga = new GoogleAuthenticator(); $usersettings = $user->twofactor_settings; if (!$usersettings) { $usersettings = new UserTwoFactorSettings(); $usersettings->id_user = $user->id; $usersettings->googleauth_secret = $ga->createSecret(); $usersettings->googleauth_url = $ga->getQRCodeGoogleUrl('MercadoBTX', $usersettings->googleauth_secret); $usersettings->save(); } $model = new SecurityForm(); $gaform = new GoogleAuthForm(); $smsform = new SmsAuthForm(); $request = Yii::app()->request; $formData = $request->getPost(get_class($model), false); $gaFormData = $request->getPost(get_class($gaform), false); $smsFormData = $request->getPost(get_class($smsform), false); if ($formData) { $authok = false; if ($usersettings->deliveras == UserTwoFactorSettings::GOOGLE_AUTH) { if ($gaFormData) { $gaform->attributes = $gaFormData; $authcode = $gaform->twofactorauthcode; if ($ga->verifyCode($usersettings->googleauth_secret, $authcode)) { $authok = true; } } } elseif ($usersettings->deliveras == UserTwoFactorSettings::SMS) { if ($smsFormData) { $smsform->attributes = $smsFormData; $authcode = $smsform->twofactorauthcode; if (strcasecmp($smsform->twofactorauthcode, $usersettings->smscode) == 0) { $usersettings->regenerateSmsCode(); // prevent it from being used again $authok = true; } } } elseif ($usersettings->deliveras == UserTwoFactorSettings::NONE) { $authok = true; } else { Yii::app()->user->setFlash('error', Yii::t('translation', 'Invalid setting')); } if (!$authok) { Yii::app()->user->setFlash('error', Yii::t('translation', 'Invalid Auth Code! ')); } else { $model->attributes = $formData; if ($model->hasErrors()) { Yii::app()->user->setFlash('error', Yii::t('translation', 'Save failed')); } else { $usersettings->smsphone = $model->smsphone; $usersettings->deliveras = $model->deliveras; if (!$usersettings->save()) { Yii::log(var_dump($usersettings->getErrors()), 'error'); Yii::app()->user->setFlash('error', Yii::t('translation', 'Save failed! ')); } else { Yii::app()->user->setFlash('success', Yii::t('translation', 'Information updated')); } } } } $model->deliveras = $usersettings->deliveras; $model->smsphone = $usersettings->smsphone; $this->render('index', array('model' => $model, 'deliveras' => $model->deliveras, 'qrCodeUrl' => $usersettings->googleauth_url)); }
//check for first login if ($secret == NULL) { $user = get_user_by_username($username); try { login($user, $persistent); // re-register at least the core language file for users with language other than site default register_translations(dirname(dirname(__FILE__)) . "/languages/"); } catch (LoginException $e) { register_error($e->getMessage()); forward(REFERER); } } else { //verify code and secret require_once 'GoogleAuthenticator.php'; $ga = new GoogleAuthenticator(); $output = $ga->verifyCode($secret, $code, 10); // 10*30 = 300 sec time telorance if ($output == true) { $user = get_user_by_username($username); try { login($user, $persistent); // re-register at least the core language file for users with language other than site default register_translations(dirname(dirname(__FILE__)) . "/languages/"); } catch (LoginException $e) { register_error($e->getMessage()); forward(REFERER); } } else { //login with backup code $backup = elgg_get_plugin_user_setting('backup', $userGuid, 'twostep'); if ($code == $backup) {