<?php
require_once(dirname(dirname(__FILE__))."/header.php");
require_once("configuration.php");
require_once("users.php");
switch(get_conf('2-factor-method')){
case 'authy':
require_once("authy-php/Authy.php");
//break;
case 'google-authenticator':
require_once("GoogleAuthenticator.php");
break;
}
function get_api(){
static $api;
if(!$api){
switch(get_conf('2-factor-method')){
case 'authy':
$api = new Authy_Api(get_conf('authy-api-key'),get_conf('authy-endpoint'));
break;
case 'google-authenticator':
$api = new PHPGangsta_GoogleAuthenticator();
break;
}
}
return $api;
}
function login($nick,$pass,$type,$effective_role=null){
if($type == 'user'){
$user = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$nick,$pass,'NickServ','info',Array($nick));
if($user[0]){
$user[2] = explode(' ',$user[1]);
$user[3] = Array();
foreach($user[2] as $k => $row){
$row = preg_split('/\s+:\s/',$row);
if(isset($row[1])){
$row[2] = explode(' ',$row[1]);
}else{
$row[1] = '';
$row[2] = Array();
}
$user[3][$row[0]] = Array($row[1],$row[2]);
}
$_SESSION['password'] = $pass;
$_SESSION['key'] = uniqid();
$_SESSION['real_name'] = $nick;
if(isset($user[3]['Email'][0])){
$_SESSION['email'] = $user[3]['Email'][0];
}else{
$_SESSION['email'] = '';
}
if($res = query("SELECT u.api_key, u.real_name FROM users u WHERE lower(u.nick) = lower('%s')",Array($nick))){
if($res->num_rows == 1){
$res = $res->fetch_assoc();
$_SESSION['key'] = $res['api_key'];
$_SESSION['real_name'] = $res['real_name'];
}
}
setcookie('key',$_SESSION['key'],null,'/');
setcookie('user',$nick,null,'/');
setcookie('type','user',null,'/');
return true;
}else{
return __("Invalid credentials");
}
}elseif($type=='persona'){
if(!$user = get_user_obj($nick,$effective_role)){
return __("User")." {$nick} ".__("does not exist");
}
if(!isset($_COOKIE['personaUser'])){
return false;
}
if(!in_array($_COOKIE['personaUser'],get_emails($user['id']))){
return __("Invalid persona email");
}
setcookie('user',$nick,null,'/');
setcookie('key',$user['api_key'],null,'/');
setcookie('type',$user['type'],null,'/');
return true;
}else{
if(!$user = get_user_obj($nick,$type)){
return __("User")." {$nick} ".__("does not exist");
}
if($user['password'] != mkpasswd($pass,$user['salt'])){
return __("Invalid password");
}
setcookie('user',$nick,null,'/');
setcookie('key',$user['api_key'],null,'/');
setcookie('type',$user['type'],null,'/');
return true;
}
}
function verify($token){
$api = get_api();
if($u = is_logged_in()){
switch(get_conf('2-factor-method')){
case 'authy':
$verification = $api->verifyToken($u['secret_key'],$token);
if($verification->ok()){
setcookie('token',$u['secret_key'],null,'/');
$r = true;
}else{
$r = __('Failed to create Authy user').': ';
foreach($verification->errors() as $field => $message){
$message = json_decode($message);
$r .= $message['message'];
}
logout();
}
break;
case 'google-authenticator':
if($api->verifyCode($u['secret_key'],$token,2)){
$_SESSION['secret_key'] = $u['secret_key'];
$r = true;
}else{
$r = __("Token didn't match ").$u['secret_key'];
}
break;
default:
$r = true;
}
}else{
$r = __("You have been logged out");
}
return $r;
}
function delete_token(){
$r = true;
$api = get_api();
$u = is_logged_in();
if($u){
switch(get_conf('2-factor-method')){
case 'authy':
$deletion = $api->deleteUser($u['secret_key']);
if($deletion->ok()){
setcookie('secret_key','',time() - 3600,'/');
if(!query("UPDATE users u SET u.secret_key=NULL WHERE u.id=%d",Array($u['id']))){
$r = __('Failed to disable 2-factor authentication');
}
}else{
$r = __('Failed to disable 2-factor authentication').': ';
foreach($deletion->errors() as $field => $message){
$message = json_decode($message);
$r .= $message->message;
}
}
break;
case 'google-authenticator':
setcookie('secret_key','',time() - 3600,'/');
if(!query("UPDATE users u SET u.secret_key=NULL WHERE u.id=%d",Array($u['id']))){
$r = __('Failed to disable 2-factor authentication');
}
break;
default:
}
}
return $r;
}
function register_token(){
$api = get_api();
$u = is_logged_in();
if($u){
switch(get_conf('2-factor-method')){
case 'authy':
if(isset($_GET['country-code'])){
if(isset($_GET['cellphone'])){
$user = $api->registerUser($u['email'],$_GET['cellphone'],$_GET['country-code']);
if($user->ok()){
query("UPDATE users u SET u.secret_key='%s' WHERE u.id=%d",Array($user->id(),$u['id']));
$r = true;
}else{
$r = __('Failed to create Authy user').': ';
foreach($user->errors() as $field => $message){
$message = json_decode($message);
$r .= $message['message'];
}
}
}else{
$r = __("No cell number set");
}
}else{
$r = __("No country code set");
}
break;
case 'google-authenticator':
if(isset($_GET['token'])){
if(isset($_SESSION['secret_key'])){
if($api->verifyCode($_SESSION['secret_key'],$_GET['token'], 2)){
query("UPDATE users u SET u.secret_key='%s' WHERE u.id=%d",Array($_SESSION['secret_key'],$u['id']));
$r = true;
}else{
$r = __('Could not register');
}
}else{
$r = __('No secret key defined');
}
}else{
$r = __('No token provided');
}
break;
default:
$r = true;
}
}else{
$r = __("You have been logged out");
}
return $r;
}
function is_logged_in(){
$user = false;
if(isset($_COOKIE['user']) && isset($_COOKIE['key']) && isset($_COOKIE['type'])){
$user = get_user_obj($_COOKIE['user'],$_COOKIE['type']);
if(!$user || $user['api_key'] != $_COOKIE['key']){
$user = false;
}
}
return $user;
}
function is_verified(){
$api = get_api();
$user = is_logged_in();
$r = false;
if($user){
if(!isset($user['secret_key']) || is_null($user['secret_key']) || $user['secret_key'] == ''){
$r = true;
}else{
switch(get_conf('2-factor-method')){
case 'authy':
if(isset($_COOIKE['token']) && $user['secret_key'] == $_COOKIE['token']){
$r = true;
}
break;
case 'google-authenticator':
if(isset($_SESSION['secret_key']) && $_SESSION['secret_key'] == $user['secret_key']){
$r = true;
}
break;
default:
$r = true;
}
}
}
return $r;
}
function logout(){
setcookie('key','',time() - 3600,'/');
setcookie('user','',time() - 3600,'/');
setcookie('type','',time() - 3600,'/');
setcookie('personaUser','',time() - 3600,'/');
switch(get_conf('2-factor-method')){
case 'authy':break;
case 'google-authenticator':
default:
setcookie('token','',time() - 3600,'/');
}
unset($_SESSION['secret_key']);
if (isset($_COOKIE[session_name()])){
setcookie(session_name(),"",time()-3600,'/');
}
$_SESSION = array();
session_unset();
session_destroy();
session_write_close();
session_regenerate_id(true);
}
function mkpasswd($input,$salt=null){
$firsthash = pack("H*", sha1($input));
srand(time());
if($salt === null){
$salt = pack("c6", rand(0,255), rand(0,255), rand(0,255), rand(0,255), rand(0,255), rand(0,255));
}else{
$salt = base64_decode($salt);
}
$finalhash = pack("H*", sha1($firsthash.$salt));
return "$".base64_encode($salt)."$".base64_encode($finalhash);
}
?>