function submit_OTP($user_id, $user_name)
{
global $wgRequest, $wgOut, $wgUser;
$otp_DB = "";
$attempts = 0;
# When OTP button is pressed we we check if the OTP is set on DB.
if ($wgRequest->getCheck('clickBotOTP')) {
SpecialLatch::accDB_useraccid($user_id, $user_id, $acc_id, $otp_DB, $attempts);
# CSRF protection
if (!$wgUser->matchEditToken($wgRequest->getVal('token'))) {
return;
} else {
# If it's correct we set again the correct user name to session and redirect to the main page
if ($otp_DB == $wgRequest->getText('txt_OTP')) {
$wgRequest->setSessionData('wsUserName', $user_name);
$fullURL = $wgRequest->getRequestURL();
$urlMainPage = explode("?", $fullURL);
$wgOut->redirect($urlMainPage[0]);
} else {
if ($attempts < 2) {
SpecialLatch::updDB_useraccid($user_id, $acc_id, $otp_DB, $attempts + 1);
$wgOut->addWikiText(wfMsg('latch-OTP-error'));
} else {
$wgUser->logout();
$wgOut->clearHTML();
$specialUserlogin = new LoginForm();
$specialUserlogin->load();
$error = $specialUserlogin->mAbortLoginErrorMsg ?: 'wrongpassword';
$specialUserlogin->mainLoginForm($specialUserlogin->msg($error)->text());
}
}
}
}
}
public static function wfLoginHook(&$returnTo, &$returnToQuery, &$type)
{
global $wgUser, $wgOut, $wgRequest, $wgTitle;
$acc_id = "";
$msg = "";
$app_id = "";
$secret = "";
$type = 'error';
$two_factor_token = "";
$user_id = "";
# We remove the user's name to "freeze" the session
$wgRequest->setSessionData('wsUserName', "");
# If app_id, secret, user_id and the account_id are already in the DB, we take them
SpecialLatch::accDB_appsecret($app_id, $secret);
SpecialLatch::accDB_useraccid($wgUser->getId(), $user_id, $acc_id);
# If the user doesn't have Latch configured we redirect him to Main Page without checking anything
if (!empty($user_id) && !empty($acc_id)) {
# We call the Status function from the Latch SDK
$api = new Latch($app_id, $secret);
$statusResponse = $api->status($acc_id);
$responseData = $statusResponse->getData();
$responseError = $statusResponse->getError();
if (empty($statusResponse) || empty($responseData) && empty($responseError)) {
return false;
} else {
# If everything is OK and the status is on, we redirect the user to the main page and set the user's name again
if (!empty($responseData) && $responseData->{"operations"}->{$app_id}->{"status"} === "on") {
if (!empty($responseData->{"operations"}->{$app_id}->{"two_factor"})) {
$two_factor_token = $responseData->{"operations"}->{$app_id}->{"two_factor"}->{"token"};
# We have another special page for the OTP page. We insert the OTP token on DB and we redirect to that page
if (!empty($two_factor_token)) {
SpecialLatch::updDB_useraccid($user_id, $acc_id, $two_factor_token);
$wgOut->redirect(SpecialPage::getTitleFor('LatchOTP')->getFullURL('', false, PROTO_CURRENT));
}
} else {
SpecialLatch::putUserInSession();
}
} else {
if (!empty($responseData) && $responseData->{"operations"}->{$app_id}->{"status"} === "off") {
$wgUser->logout();
$specialUserlogin = new LoginForm();
$specialUserlogin->load();
$error = $specialUserlogin->mAbortLoginErrorMsg ?: 'wrongpassword';
$specialUserlogin->mainLoginForm($specialUserlogin->msg($error)->text());
} else {
SpecialLatch::putUserInSession();
}
}
}
} else {
SpecialLatch::putUserInSession();
}
return true;
}