123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276 |
- <?php
- require_once(dirname(dirname(__FILE__))."/header.php");
- require_once("configuration.php");
- require_once("users.php");
- switch(get_conf('2-factor-method')){
- case 'authy':
- require_once("authy-php/Authy.php");
- //break;
- case 'google-authenticator':
- require_once("GoogleAuthenticator.php");
- break;
- }
- function get_api(){
- static $api;
- if(!$api){
- switch(get_conf('2-factor-method')){
- case 'authy':
- $api = new Authy_Api(get_conf('authy-api-key'),get_conf('authy-endpoint'));
- break;
- case 'google-authenticator':
- $api = new PHPGangsta_GoogleAuthenticator();
- break;
- }
- }
- return $api;
- }
- function login($nick,$pass,$type,$effective_role=null){
- if($type == 'user'){
- $user = atheme_command(get_conf('xmlrpc-server'),get_conf('xmlrpc-port'),get_conf('xmlrpc-path'),USER_IP,$nick,$pass,'NickServ','info',Array($nick));
- if($user[0]){
- $user[2] = explode(' ',$user[1]);
- $user[3] = Array();
- foreach($user[2] as $k => $row){
- $row = preg_split('/\s+:\s/',$row);
- if(isset($row[1])){
- $row[2] = explode(' ',$row[1]);
- }else{
- $row[1] = '';
- $row[2] = Array();
- }
- $user[3][$row[0]] = Array($row[1],$row[2]);
- }
- $_SESSION['password'] = $pass;
- $_SESSION['key'] = uniqid();
- $_SESSION['real_name'] = $nick;
- if(isset($user[3]['Email'][0])){
- $_SESSION['email'] = $user[3]['Email'][0];
- }else{
- $_SESSION['email'] = '';
- }
- if($res = query("SELECT u.api_key, u.real_name FROM users u WHERE lower(u.nick) = lower('%s')",Array($nick))){
- if($res->num_rows == 1){
- $res = $res->fetch_assoc();
- $_SESSION['key'] = $res['api_key'];
- $_SESSION['real_name'] = $res['real_name'];
- }
- }
- setcookie('key',$_SESSION['key'],null,'/');
- setcookie('user',$nick,null,'/');
- setcookie('type','user',null,'/');
- return true;
- }else{
- return __("Invalid credentials");
- }
- }elseif($type=='persona'){
- if(!$user = get_user_obj($nick,$effective_role)){
- return __("User")." {$nick} ".__("does not exist");
- }
- if(!isset($_COOKIE['personaUser'])){
- return false;
- }
- if(!in_array($_COOKIE['personaUser'],get_emails($user['id']))){
- return __("Invalid persona email");
- }
- setcookie('user',$nick,null,'/');
- setcookie('key',$user['api_key'],null,'/');
- setcookie('type',$user['type'],null,'/');
- return true;
- }else{
- if(!$user = get_user_obj($nick,$type)){
- return __("User")." {$nick} ".__("does not exist");
- }
- if($user['password'] != mkpasswd($pass,$user['salt'])){
- return __("Invalid password");
- }
- setcookie('user',$nick,null,'/');
- setcookie('key',$user['api_key'],null,'/');
- setcookie('type',$user['type'],null,'/');
- return true;
- }
- }
- function verify($token){
- $api = get_api();
- if($u = is_logged_in()){
- switch(get_conf('2-factor-method')){
- case 'authy':
- $verification = $api->verifyToken($u['secret_key'],$token);
- if($verification->ok()){
- setcookie('token',$u['secret_key'],null,'/');
- $r = true;
- }else{
- $r = __('Failed to create Authy user').': ';
- foreach($verification->errors() as $field => $message){
- $message = json_decode($message);
- $r .= $message['message'];
- }
- logout();
- }
- break;
- case 'google-authenticator':
- if($api->verifyCode($u['secret_key'],$token,2)){
- $_SESSION['secret_key'] = $u['secret_key'];
- $r = true;
- }else{
- $r = __("Token didn't match ").$u['secret_key'];
- }
- break;
- default:
- $r = true;
- }
- }else{
- $r = __("You have been logged out");
- }
- return $r;
- }
- function delete_token(){
- $r = true;
- $api = get_api();
- $u = is_logged_in();
- if($u){
- switch(get_conf('2-factor-method')){
- case 'authy':
- $deletion = $api->deleteUser($u['secret_key']);
- if($deletion->ok()){
- setcookie('secret_key','',time() - 3600,'/');
- if(!query("UPDATE users u SET u.secret_key=NULL WHERE u.id=%d",Array($u['id']))){
- $r = __('Failed to disable 2-factor authentication');
- }
- }else{
- $r = __('Failed to disable 2-factor authentication').': ';
- foreach($deletion->errors() as $field => $message){
- $message = json_decode($message);
- $r .= $message->message;
- }
- }
- break;
- case 'google-authenticator':
- setcookie('secret_key','',time() - 3600,'/');
- if(!query("UPDATE users u SET u.secret_key=NULL WHERE u.id=%d",Array($u['id']))){
- $r = __('Failed to disable 2-factor authentication');
- }
- break;
- default:
- }
- }
- return $r;
- }
- function register_token(){
- $api = get_api();
- $u = is_logged_in();
- if($u){
- switch(get_conf('2-factor-method')){
- case 'authy':
- if(isset($_GET['country-code'])){
- if(isset($_GET['cellphone'])){
- $user = $api->registerUser($u['email'],$_GET['cellphone'],$_GET['country-code']);
- if($user->ok()){
- query("UPDATE users u SET u.secret_key='%s' WHERE u.id=%d",Array($user->id(),$u['id']));
- $r = true;
- }else{
- $r = __('Failed to create Authy user').': ';
- foreach($user->errors() as $field => $message){
- $message = json_decode($message);
- $r .= $message['message'];
- }
- }
- }else{
- $r = __("No cell number set");
- }
- }else{
- $r = __("No country code set");
- }
- break;
- case 'google-authenticator':
- if(isset($_GET['token'])){
- if(isset($_SESSION['secret_key'])){
- if($api->verifyCode($_SESSION['secret_key'],$_GET['token'], 2)){
- query("UPDATE users u SET u.secret_key='%s' WHERE u.id=%d",Array($_SESSION['secret_key'],$u['id']));
- $r = true;
- }else{
- $r = __('Could not register');
- }
- }else{
- $r = __('No secret key defined');
- }
- }else{
- $r = __('No token provided');
- }
- break;
- default:
- $r = true;
- }
- }else{
- $r = __("You have been logged out");
- }
- return $r;
- }
- function is_logged_in(){
- $user = false;
- if(isset($_COOKIE['user']) && isset($_COOKIE['key']) && isset($_COOKIE['type'])){
- $user = get_user_obj($_COOKIE['user'],$_COOKIE['type']);
- if(!$user || $user['api_key'] != $_COOKIE['key']){
- $user = false;
- }
- }
- return $user;
- }
- function is_verified(){
- $api = get_api();
- $user = is_logged_in();
- $r = false;
- if($user){
- if(!isset($user['secret_key']) || is_null($user['secret_key']) || $user['secret_key'] == ''){
- $r = true;
- }else{
- switch(get_conf('2-factor-method')){
- case 'authy':
- if(isset($_COOIKE['token']) && $user['secret_key'] == $_COOKIE['token']){
- $r = true;
- }
- break;
- case 'google-authenticator':
- if(isset($_SESSION['secret_key']) && $_SESSION['secret_key'] == $user['secret_key']){
- $r = true;
- }
- break;
- default:
- $r = true;
- }
- }
- }
- return $r;
- }
- function logout(){
- setcookie('key','',time() - 3600,'/');
- setcookie('user','',time() - 3600,'/');
- setcookie('type','',time() - 3600,'/');
- setcookie('personaUser','',time() - 3600,'/');
- switch(get_conf('2-factor-method')){
- case 'authy':break;
- case 'google-authenticator':
- default:
- setcookie('token','',time() - 3600,'/');
- }
- unset($_SESSION['secret_key']);
- if (isset($_COOKIE[session_name()])){
- setcookie(session_name(),"",time()-3600,'/');
- }
- $_SESSION = array();
- session_unset();
- session_destroy();
- session_write_close();
- session_regenerate_id(true);
- }
- function mkpasswd($input,$salt=null){
- $firsthash = pack("H*", sha1($input));
- srand(time());
- if($salt === null){
- $salt = pack("c6", rand(0,255), rand(0,255), rand(0,255), rand(0,255), rand(0,255), rand(0,255));
- }else{
- $salt = base64_decode($salt);
- }
- $finalhash = pack("H*", sha1($firsthash.$salt));
- return "$".base64_encode($salt)."$".base64_encode($finalhash);
- }
- ?>
|