/** * @param int $user_id * @param bool $admin * @param bool $auto_login * @param bool $viewonline * @param string $class * @return \Symfony\Component\HttpFoundation\Response * @throws http_exception */ public function submit($user_id, $admin, $auto_login, $viewonline, $class) { $this->user->add_lang_ext('paul999/tfa', 'common'); if (!check_form_key('tfa_login_page')) { throw new http_exception(403, 'FORM_INVALID'); } if (empty($this->user->data['tfa_random']) || $user_id != $this->user->data['tfa_uid']) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $random = $this->request->variable('random', ''); if ($this->user->data['tfa_random'] !== $random || strlen($random) !== 40) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $sql_ary = array('tfa_random' => '', 'tfa_uid' => 0); $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\tWHERE\n\t\t\t\tsession_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND\n\t\t\t\tsession_user_id = '" . (int) $this->user->data['user_id']; $this->db->sql_query($sql); if (empty($class)) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $module = $this->session_helper->findModule($class); if ($module == null) { throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); } $redirect = $this->request->variable('redirect', "{$this->root_path}/index.{$this->php_ext}"); try { if (!$module->login($user_id)) { $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); } } catch (http_exception $ex) { if ($ex->getStatusCode() == 400) { $this->template->assign_var('S_ERROR', $ex->getMessage()); $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); } } $old_session_id = $this->user->session_id; if ($admin) { $cookie_expire = time() - 31536000; $this->user->set_cookie('u', '', $cookie_expire); $this->user->set_cookie('sid', '', $cookie_expire); } $result = $this->user->session_create($user_id, $admin, $auto_login, $viewonline); // Successful session creation if ($result === true) { // If admin re-authentication we remove the old session entry because a new one has been created... if ($admin) { // the login array is used because the user ids do not differ for re-authentication $sql = 'DELETE FROM ' . SESSIONS_TABLE . "\n\t\t\t\t\tWHERE session_id = '" . $this->db->sql_escape($old_session_id) . "'\n\t\t\t\t\tAND session_user_id = " . (int) $user_id; $this->db->sql_query($sql); redirect(append_sid("{$this->root_path}adm/index.{$this->php_ext}", false, true, $this->user->data['session_id'])); } redirect(append_sid($redirect, false, true, $this->user->data['session_id'])); } throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); }
/** * @param \phpbb\event\data $event * * @return \phpbb\event\data $event|null * @throw http_exception */ public function auth_login_session_create_before($event) { if ($this->config['tfa_mode'] == session_helper_interface::MODE_DISABLED) { return $event; } if (isset($event['login'], $event['login']['status']) && $event['login']['status'] == LOGIN_SUCCESS) { // We have a LOGIN_SUCCESS result. if ($this->session_helper->isTfaRequired($event['login']['user_row']['user_id'], $event['admin'], $event['user_row'])) { if (!$this->session_helper->isTfaRegistered($event['login']['user_row']['user_id'])) { // While 2FA is enabled, the user has no methods added. // We simply return and continue the login procedure (The normal way :)), // and will disable all pages until he has added a 2FA key. return $event; } else { $this->session_helper->generate_page($event['login']['user_row']['user_id'], $event['admin'], $event['view_online'], !$this->request->is_set_post('viewonline'), $this->request->variable('redirect', '')); } } } return null; }