enwikipedia-acc /
waca
@@ -15,137 +15,137 @@ |
||
| 15 | 15 | |
| 16 | 16 | abstract class CredentialProviderBase implements ICredentialProvider |
| 17 | 17 | { |
| 18 | - /** |
|
| 19 | - * @var PdoDatabase |
|
| 20 | - */ |
|
| 21 | - private $database; |
|
| 22 | - /** |
|
| 23 | - * @var SiteConfiguration |
|
| 24 | - */ |
|
| 25 | - private $configuration; |
|
| 26 | - /** @var string */ |
|
| 27 | - private $type; |
|
| 28 | - |
|
| 29 | - /** |
|
| 30 | - * CredentialProviderBase constructor. |
|
| 31 | - * |
|
| 32 | - * @param PdoDatabase $database |
|
| 33 | - * @param SiteConfiguration $configuration |
|
| 34 | - * @param string $type |
|
| 35 | - */ |
|
| 36 | - public function __construct(PdoDatabase $database, SiteConfiguration $configuration, $type) |
|
| 37 | - { |
|
| 38 | - $this->database = $database; |
|
| 39 | - $this->configuration = $configuration; |
|
| 40 | - $this->type = $type; |
|
| 41 | - } |
|
| 42 | - |
|
| 43 | - /** |
|
| 44 | - * @param int $userId |
|
| 45 | - * |
|
| 46 | - * @param bool $disabled |
|
| 47 | - * |
|
| 48 | - * @return Credential |
|
| 49 | - */ |
|
| 50 | - protected function getCredentialData($userId, $disabled = false) |
|
| 51 | - { |
|
| 52 | - $sql = 'SELECT * FROM credential WHERE type = :t AND user = :u'; |
|
| 53 | - $parameters = array( |
|
| 54 | - ':u' => $userId, |
|
| 55 | - ':t' => $this->type |
|
| 56 | - ); |
|
| 57 | - |
|
| 58 | - if($disabled !== null) { |
|
| 59 | - $sql .= ' AND disabled = :d'; |
|
| 60 | - $parameters[':d'] = $disabled ? 1 : 0; |
|
| 61 | - } |
|
| 62 | - |
|
| 63 | - $statement = $this->database->prepare($sql); |
|
| 64 | - $statement->execute($parameters); |
|
| 65 | - |
|
| 66 | - /** @var Credential $obj */ |
|
| 67 | - $obj = $statement->fetchObject(Credential::class); |
|
| 68 | - |
|
| 69 | - if ($obj === false) { |
|
| 70 | - return null; |
|
| 71 | - } |
|
| 72 | - |
|
| 73 | - $obj->setDatabase($this->database); |
|
| 74 | - |
|
| 75 | - $statement->closeCursor(); |
|
| 76 | - |
|
| 77 | - return $obj; |
|
| 78 | - } |
|
| 79 | - |
|
| 80 | - /** |
|
| 81 | - * @return PdoDatabase |
|
| 82 | - */ |
|
| 83 | - public function getDatabase() |
|
| 84 | - { |
|
| 85 | - return $this->database; |
|
| 86 | - } |
|
| 87 | - |
|
| 88 | - /** |
|
| 89 | - * @return SiteConfiguration |
|
| 90 | - */ |
|
| 91 | - public function getConfiguration() |
|
| 92 | - { |
|
| 93 | - return $this->configuration; |
|
| 94 | - } |
|
| 95 | - |
|
| 96 | - public function deleteCredential(User $user) { |
|
| 97 | - // get this factor |
|
| 98 | - $statement = $this->database->prepare('SELECT * FROM credential WHERE user = :user AND type = :type'); |
|
| 99 | - $statement->execute(array(':user' => $user->getId(), ':type' => $this->type)); |
|
| 100 | - /** @var Credential $credential */ |
|
| 101 | - $credential = $statement->fetchObject(Credential::class); |
|
| 102 | - $credential->setDatabase($this->database); |
|
| 103 | - $statement->closeCursor(); |
|
| 104 | - |
|
| 105 | - $stage = $credential->getFactor(); |
|
| 106 | - |
|
| 107 | - $statement = $this->database->prepare('SELECT COUNT(*) FROM credential WHERE user = :user AND factor = :factor'); |
|
| 108 | - $statement->execute(array(':user' => $user->getId(), ':factor' => $stage)); |
|
| 109 | - $alternates = $statement->fetchColumn(); |
|
| 110 | - $statement->closeCursor(); |
|
| 111 | - |
|
| 112 | - if($alternates <= 1) { |
|
| 113 | - // decrement the factor for every stage above this |
|
| 114 | - $sql = 'UPDATE credential SET factor = factor - 1 WHERE user = :user AND factor > :factor'; |
|
| 115 | - $statement = $this->database->prepare($sql); |
|
| 116 | - $statement->execute(array(':user' => $user->getId(), ':factor' => $stage)); |
|
| 117 | - } |
|
| 118 | - else { |
|
| 119 | - // There are other auth factors at this point. Don't renumber the factors just yet. |
|
| 120 | - } |
|
| 121 | - |
|
| 122 | - // delete this credential. |
|
| 123 | - $credential->delete(); |
|
| 124 | - } |
|
| 125 | - |
|
| 126 | - /** |
|
| 127 | - * @param User $user |
|
| 128 | - * |
|
| 129 | - * @return Credential |
|
| 130 | - */ |
|
| 131 | - protected function createNewCredential(User $user) |
|
| 132 | - { |
|
| 133 | - $credential = new Credential(); |
|
| 134 | - $credential->setDatabase($this->getDatabase()); |
|
| 135 | - $credential->setUserId($user->getId()); |
|
| 136 | - $credential->setType($this->type); |
|
| 137 | - |
|
| 138 | - return $credential; |
|
| 139 | - } |
|
| 140 | - |
|
| 141 | - /** |
|
| 142 | - * @param int $userId |
|
| 143 | - * |
|
| 144 | - * @return bool |
|
| 145 | - */ |
|
| 146 | - public function userIsEnrolled($userId) { |
|
| 147 | - $cred = $this->getCredentialData($userId); |
|
| 148 | - |
|
| 149 | - return $cred !== null; |
|
| 150 | - } |
|
| 18 | + /** |
|
| 19 | + * @var PdoDatabase |
|
| 20 | + */ |
|
| 21 | + private $database; |
|
| 22 | + /** |
|
| 23 | + * @var SiteConfiguration |
|
| 24 | + */ |
|
| 25 | + private $configuration; |
|
| 26 | + /** @var string */ |
|
| 27 | + private $type; |
|
| 28 | + |
|
| 29 | + /** |
|
| 30 | + * CredentialProviderBase constructor. |
|
| 31 | + * |
|
| 32 | + * @param PdoDatabase $database |
|
| 33 | + * @param SiteConfiguration $configuration |
|
| 34 | + * @param string $type |
|
| 35 | + */ |
|
| 36 | + public function __construct(PdoDatabase $database, SiteConfiguration $configuration, $type) |
|
| 37 | + { |
|
| 38 | + $this->database = $database; |
|
| 39 | + $this->configuration = $configuration; |
|
| 40 | + $this->type = $type; |
|
| 41 | + } |
|
| 42 | + |
|
| 43 | + /** |
|
| 44 | + * @param int $userId |
|
| 45 | + * |
|
| 46 | + * @param bool $disabled |
|
| 47 | + * |
|
| 48 | + * @return Credential |
|
| 49 | + */ |
|
| 50 | + protected function getCredentialData($userId, $disabled = false) |
|
| 51 | + { |
|
| 52 | + $sql = 'SELECT * FROM credential WHERE type = :t AND user = :u'; |
|
| 53 | + $parameters = array( |
|
| 54 | + ':u' => $userId, |
|
| 55 | + ':t' => $this->type |
|
| 56 | + ); |
|
| 57 | + |
|
| 58 | + if($disabled !== null) { |
|
| 59 | + $sql .= ' AND disabled = :d'; |
|
| 60 | + $parameters[':d'] = $disabled ? 1 : 0; |
|
| 61 | + } |
|
| 62 | + |
|
| 63 | + $statement = $this->database->prepare($sql); |
|
| 64 | + $statement->execute($parameters); |
|
| 65 | + |
|
| 66 | + /** @var Credential $obj */ |
|
| 67 | + $obj = $statement->fetchObject(Credential::class); |
|
| 68 | + |
|
| 69 | + if ($obj === false) { |
|
| 70 | + return null; |
|
| 71 | + } |
|
| 72 | + |
|
| 73 | + $obj->setDatabase($this->database); |
|
| 74 | + |
|
| 75 | + $statement->closeCursor(); |
|
| 76 | + |
|
| 77 | + return $obj; |
|
| 78 | + } |
|
| 79 | + |
|
| 80 | + /** |
|
| 81 | + * @return PdoDatabase |
|
| 82 | + */ |
|
| 83 | + public function getDatabase() |
|
| 84 | + { |
|
| 85 | + return $this->database; |
|
| 86 | + } |
|
| 87 | + |
|
| 88 | + /** |
|
| 89 | + * @return SiteConfiguration |
|
| 90 | + */ |
|
| 91 | + public function getConfiguration() |
|
| 92 | + { |
|
| 93 | + return $this->configuration; |
|
| 94 | + } |
|
| 95 | + |
|
| 96 | + public function deleteCredential(User $user) { |
|
| 97 | + // get this factor |
|
| 98 | + $statement = $this->database->prepare('SELECT * FROM credential WHERE user = :user AND type = :type'); |
|
| 99 | + $statement->execute(array(':user' => $user->getId(), ':type' => $this->type)); |
|
| 100 | + /** @var Credential $credential */ |
|
| 101 | + $credential = $statement->fetchObject(Credential::class); |
|
| 102 | + $credential->setDatabase($this->database); |
|
| 103 | + $statement->closeCursor(); |
|
| 104 | + |
|
| 105 | + $stage = $credential->getFactor(); |
|
| 106 | + |
|
| 107 | + $statement = $this->database->prepare('SELECT COUNT(*) FROM credential WHERE user = :user AND factor = :factor'); |
|
| 108 | + $statement->execute(array(':user' => $user->getId(), ':factor' => $stage)); |
|
| 109 | + $alternates = $statement->fetchColumn(); |
|
| 110 | + $statement->closeCursor(); |
|
| 111 | + |
|
| 112 | + if($alternates <= 1) { |
|
| 113 | + // decrement the factor for every stage above this |
|
| 114 | + $sql = 'UPDATE credential SET factor = factor - 1 WHERE user = :user AND factor > :factor'; |
|
| 115 | + $statement = $this->database->prepare($sql); |
|
| 116 | + $statement->execute(array(':user' => $user->getId(), ':factor' => $stage)); |
|
| 117 | + } |
|
| 118 | + else { |
|
| 119 | + // There are other auth factors at this point. Don't renumber the factors just yet. |
|
| 120 | + } |
|
| 121 | + |
|
| 122 | + // delete this credential. |
|
| 123 | + $credential->delete(); |
|
| 124 | + } |
|
| 125 | + |
|
| 126 | + /** |
|
| 127 | + * @param User $user |
|
| 128 | + * |
|
| 129 | + * @return Credential |
|
| 130 | + */ |
|
| 131 | + protected function createNewCredential(User $user) |
|
| 132 | + { |
|
| 133 | + $credential = new Credential(); |
|
| 134 | + $credential->setDatabase($this->getDatabase()); |
|
| 135 | + $credential->setUserId($user->getId()); |
|
| 136 | + $credential->setType($this->type); |
|
| 137 | + |
|
| 138 | + return $credential; |
|
| 139 | + } |
|
| 140 | + |
|
| 141 | + /** |
|
| 142 | + * @param int $userId |
|
| 143 | + * |
|
| 144 | + * @return bool |
|
| 145 | + */ |
|
| 146 | + public function userIsEnrolled($userId) { |
|
| 147 | + $cred = $this->getCredentialData($userId); |
|
| 148 | + |
|
| 149 | + return $cred !== null; |
|
| 150 | + } |
|
| 151 | 151 | } |
| 152 | 152 | \ No newline at end of file |
@@ -55,7 +55,7 @@ discard block |
||
| 55 | 55 | ':t' => $this->type |
| 56 | 56 | ); |
| 57 | 57 | |
| 58 | - if($disabled !== null) { |
|
| 58 | + if ($disabled !== null) { |
|
| 59 | 59 | $sql .= ' AND disabled = :d'; |
| 60 | 60 | $parameters[':d'] = $disabled ? 1 : 0; |
| 61 | 61 | } |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | $alternates = $statement->fetchColumn(); |
| 110 | 110 | $statement->closeCursor(); |
| 111 | 111 | |
| 112 | - if($alternates <= 1) { |
|
| 112 | + if ($alternates <= 1) { |
|
| 113 | 113 | // decrement the factor for every stage above this |
| 114 | 114 | $sql = 'UPDATE credential SET factor = factor - 1 WHERE user = :user AND factor > :factor'; |
| 115 | 115 | $statement = $this->database->prepare($sql); |
@@ -93,7 +93,8 @@ discard block |
||
| 93 | 93 | return $this->configuration; |
| 94 | 94 | } |
| 95 | 95 | |
| 96 | - public function deleteCredential(User $user) { |
|
| 96 | + public function deleteCredential(User $user) |
|
| 97 | + { |
|
| 97 | 98 | // get this factor |
| 98 | 99 | $statement = $this->database->prepare('SELECT * FROM credential WHERE user = :user AND type = :type'); |
| 99 | 100 | $statement->execute(array(':user' => $user->getId(), ':type' => $this->type)); |
@@ -143,7 +144,8 @@ discard block |
||
| 143 | 144 | * |
| 144 | 145 | * @return bool |
| 145 | 146 | */ |
| 146 | - public function userIsEnrolled($userId) { |
|
| 147 | + public function userIsEnrolled($userId) |
|
| 148 | + { |
|
| 147 | 149 | $cred = $this->getCredentialData($userId); |
| 148 | 150 | |
| 149 | 151 | return $cred !== null; |
@@ -12,32 +12,32 @@ |
||
| 12 | 12 | |
| 13 | 13 | interface ICredentialProvider |
| 14 | 14 | { |
| 15 | - /** |
|
| 16 | - * Validates a user-provided credential |
|
| 17 | - * |
|
| 18 | - * @param User $user The user to test the authentication against |
|
| 19 | - * @param string $data The raw credential data to be validated |
|
| 20 | - * |
|
| 21 | - * @return bool |
|
| 22 | - */ |
|
| 23 | - public function authenticate(User $user, $data); |
|
| 15 | + /** |
|
| 16 | + * Validates a user-provided credential |
|
| 17 | + * |
|
| 18 | + * @param User $user The user to test the authentication against |
|
| 19 | + * @param string $data The raw credential data to be validated |
|
| 20 | + * |
|
| 21 | + * @return bool |
|
| 22 | + */ |
|
| 23 | + public function authenticate(User $user, $data); |
|
| 24 | 24 | |
| 25 | - /** |
|
| 26 | - * @param User $user The user the credential belongs to |
|
| 27 | - * @param int $factor The factor this credential provides |
|
| 28 | - * @param string $data |
|
| 29 | - */ |
|
| 30 | - public function setCredential(User $user, $factor, $data); |
|
| 25 | + /** |
|
| 26 | + * @param User $user The user the credential belongs to |
|
| 27 | + * @param int $factor The factor this credential provides |
|
| 28 | + * @param string $data |
|
| 29 | + */ |
|
| 30 | + public function setCredential(User $user, $factor, $data); |
|
| 31 | 31 | |
| 32 | - /** |
|
| 33 | - * @param User $user |
|
| 34 | - */ |
|
| 35 | - public function deleteCredential(User $user); |
|
| 32 | + /** |
|
| 33 | + * @param User $user |
|
| 34 | + */ |
|
| 35 | + public function deleteCredential(User $user); |
|
| 36 | 36 | |
| 37 | - /** |
|
| 38 | - * @param int $userId |
|
| 39 | - * |
|
| 40 | - * @return bool |
|
| 41 | - */ |
|
| 42 | - public function userIsEnrolled($userId); |
|
| 37 | + /** |
|
| 38 | + * @param int $userId |
|
| 39 | + * |
|
| 40 | + * @return bool |
|
| 41 | + */ |
|
| 42 | + public function userIsEnrolled($userId); |
|
| 43 | 43 | } |
| 44 | 44 | \ No newline at end of file |
@@ -12,48 +12,48 @@ |
||
| 12 | 12 | |
| 13 | 13 | class EncryptionHelper |
| 14 | 14 | { |
| 15 | - /** |
|
| 16 | - * @var SiteConfiguration |
|
| 17 | - */ |
|
| 18 | - private $configuration; |
|
| 19 | - |
|
| 20 | - /** |
|
| 21 | - * EncryptionHelper constructor. |
|
| 22 | - * |
|
| 23 | - * @param SiteConfiguration $configuration |
|
| 24 | - */ |
|
| 25 | - public function __construct(SiteConfiguration $configuration) |
|
| 26 | - { |
|
| 27 | - $this->configuration = $configuration; |
|
| 28 | - } |
|
| 29 | - |
|
| 30 | - public function encryptData($secret) |
|
| 31 | - { |
|
| 32 | - $iv = openssl_random_pseudo_bytes(16); |
|
| 33 | - $password = $this->getEncryptionKey(); |
|
| 34 | - $encryptedKey = openssl_encrypt($secret, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv); |
|
| 35 | - |
|
| 36 | - $data = base64_encode($iv) . '|' . base64_encode($encryptedKey); |
|
| 37 | - |
|
| 38 | - return $data; |
|
| 39 | - } |
|
| 40 | - |
|
| 41 | - public function decryptData($data) |
|
| 42 | - { |
|
| 43 | - list($iv, $encryptedKey) = array_map('base64_decode', explode('|', $data)); |
|
| 44 | - |
|
| 45 | - $password = $this->getEncryptionKey(); |
|
| 46 | - |
|
| 47 | - $secret = openssl_decrypt($encryptedKey, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv); |
|
| 48 | - |
|
| 49 | - return $secret; |
|
| 50 | - } |
|
| 51 | - |
|
| 52 | - /** |
|
| 53 | - * @return string |
|
| 54 | - */ |
|
| 55 | - private function getEncryptionKey() |
|
| 56 | - { |
|
| 57 | - return openssl_digest($this->configuration->getTotpEncryptionKey(), 'sha256'); |
|
| 58 | - } |
|
| 15 | + /** |
|
| 16 | + * @var SiteConfiguration |
|
| 17 | + */ |
|
| 18 | + private $configuration; |
|
| 19 | + |
|
| 20 | + /** |
|
| 21 | + * EncryptionHelper constructor. |
|
| 22 | + * |
|
| 23 | + * @param SiteConfiguration $configuration |
|
| 24 | + */ |
|
| 25 | + public function __construct(SiteConfiguration $configuration) |
|
| 26 | + { |
|
| 27 | + $this->configuration = $configuration; |
|
| 28 | + } |
|
| 29 | + |
|
| 30 | + public function encryptData($secret) |
|
| 31 | + { |
|
| 32 | + $iv = openssl_random_pseudo_bytes(16); |
|
| 33 | + $password = $this->getEncryptionKey(); |
|
| 34 | + $encryptedKey = openssl_encrypt($secret, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv); |
|
| 35 | + |
|
| 36 | + $data = base64_encode($iv) . '|' . base64_encode($encryptedKey); |
|
| 37 | + |
|
| 38 | + return $data; |
|
| 39 | + } |
|
| 40 | + |
|
| 41 | + public function decryptData($data) |
|
| 42 | + { |
|
| 43 | + list($iv, $encryptedKey) = array_map('base64_decode', explode('|', $data)); |
|
| 44 | + |
|
| 45 | + $password = $this->getEncryptionKey(); |
|
| 46 | + |
|
| 47 | + $secret = openssl_decrypt($encryptedKey, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv); |
|
| 48 | + |
|
| 49 | + return $secret; |
|
| 50 | + } |
|
| 51 | + |
|
| 52 | + /** |
|
| 53 | + * @return string |
|
| 54 | + */ |
|
| 55 | + private function getEncryptionKey() |
|
| 56 | + { |
|
| 57 | + return openssl_digest($this->configuration->getTotpEncryptionKey(), 'sha256'); |
|
| 58 | + } |
|
| 59 | 59 | } |
| 60 | 60 | \ No newline at end of file |
@@ -33,7 +33,7 @@ |
||
| 33 | 33 | $password = $this->getEncryptionKey(); |
| 34 | 34 | $encryptedKey = openssl_encrypt($secret, 'aes-256-ctr', $password, OPENSSL_RAW_DATA, $iv); |
| 35 | 35 | |
| 36 | - $data = base64_encode($iv) . '|' . base64_encode($encryptedKey); |
|
| 36 | + $data = base64_encode($iv).'|'.base64_encode($encryptedKey); |
|
| 37 | 37 | |
| 38 | 38 | return $data; |
| 39 | 39 | } |
@@ -22,67 +22,67 @@ |
||
| 22 | 22 | |
| 23 | 23 | class AuthenticationManager |
| 24 | 24 | { |
| 25 | - const AUTH_OK = 1; |
|
| 26 | - const AUTH_FAIL = 2; |
|
| 27 | - const AUTH_REQUIRE_NEXT_STAGE = 3; |
|
| 28 | - private $typeMap = array(); |
|
| 29 | - /** |
|
| 30 | - * @var PdoDatabase |
|
| 31 | - */ |
|
| 32 | - private $database; |
|
| 25 | + const AUTH_OK = 1; |
|
| 26 | + const AUTH_FAIL = 2; |
|
| 27 | + const AUTH_REQUIRE_NEXT_STAGE = 3; |
|
| 28 | + private $typeMap = array(); |
|
| 29 | + /** |
|
| 30 | + * @var PdoDatabase |
|
| 31 | + */ |
|
| 32 | + private $database; |
|
| 33 | 33 | |
| 34 | - /** |
|
| 35 | - * AuthenticationManager constructor. |
|
| 36 | - * |
|
| 37 | - * @param PdoDatabase $database |
|
| 38 | - * @param SiteConfiguration $siteConfiguration |
|
| 39 | - * @param HttpHelper $httpHelper |
|
| 40 | - */ |
|
| 41 | - public function __construct(PdoDatabase $database, SiteConfiguration $siteConfiguration, HttpHelper $httpHelper) |
|
| 42 | - { |
|
| 43 | - // setup providers |
|
| 44 | - // note on type map: this *must* be the value in the database, as this is what it maps. |
|
| 45 | - $this->typeMap['password'] = new PasswordCredentialProvider($database, $siteConfiguration); |
|
| 46 | - $this->typeMap['yubikeyotp'] = new YubikeyOtpCredentialProvider($database, $siteConfiguration, $httpHelper); |
|
| 47 | - $this->typeMap['totp'] = new TotpCredentialProvider($database, $siteConfiguration); |
|
| 48 | - $this->typeMap['scratch'] = new ScratchTokenCredentialProvider($database, $siteConfiguration); |
|
| 49 | - $this->typeMap['u2f'] = new U2FCredentialProvider($database, $siteConfiguration); |
|
| 50 | - $this->database = $database; |
|
| 51 | - } |
|
| 34 | + /** |
|
| 35 | + * AuthenticationManager constructor. |
|
| 36 | + * |
|
| 37 | + * @param PdoDatabase $database |
|
| 38 | + * @param SiteConfiguration $siteConfiguration |
|
| 39 | + * @param HttpHelper $httpHelper |
|
| 40 | + */ |
|
| 41 | + public function __construct(PdoDatabase $database, SiteConfiguration $siteConfiguration, HttpHelper $httpHelper) |
|
| 42 | + { |
|
| 43 | + // setup providers |
|
| 44 | + // note on type map: this *must* be the value in the database, as this is what it maps. |
|
| 45 | + $this->typeMap['password'] = new PasswordCredentialProvider($database, $siteConfiguration); |
|
| 46 | + $this->typeMap['yubikeyotp'] = new YubikeyOtpCredentialProvider($database, $siteConfiguration, $httpHelper); |
|
| 47 | + $this->typeMap['totp'] = new TotpCredentialProvider($database, $siteConfiguration); |
|
| 48 | + $this->typeMap['scratch'] = new ScratchTokenCredentialProvider($database, $siteConfiguration); |
|
| 49 | + $this->typeMap['u2f'] = new U2FCredentialProvider($database, $siteConfiguration); |
|
| 50 | + $this->database = $database; |
|
| 51 | + } |
|
| 52 | 52 | |
| 53 | - public function authenticate(User $user, $data, $stage) |
|
| 54 | - { |
|
| 55 | - $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority ASC'; |
|
| 56 | - $statement = $this->database->prepare($sql); |
|
| 57 | - $statement->execute(array(':user' => $user->getId(), ':stage' => $stage)); |
|
| 58 | - $options = $statement->fetchAll(PDO::FETCH_COLUMN); |
|
| 53 | + public function authenticate(User $user, $data, $stage) |
|
| 54 | + { |
|
| 55 | + $sql = 'SELECT type FROM credential WHERE user = :user AND factor = :stage AND disabled = 0 ORDER BY priority ASC'; |
|
| 56 | + $statement = $this->database->prepare($sql); |
|
| 57 | + $statement->execute(array(':user' => $user->getId(), ':stage' => $stage)); |
|
| 58 | + $options = $statement->fetchAll(PDO::FETCH_COLUMN); |
|
| 59 | 59 | |
| 60 | - $sql = 'SELECT count(DISTINCT factor) FROM credential WHERE user = :user AND factor > :stage AND disabled = 0 AND type <> :scratch'; |
|
| 61 | - $statement = $this->database->prepare($sql); |
|
| 62 | - $statement->execute(array(':user' => $user->getId(), ':stage' => $stage, ':scratch' => 'scratch')); |
|
| 63 | - $requiredFactors = $statement->fetchColumn(); |
|
| 60 | + $sql = 'SELECT count(DISTINCT factor) FROM credential WHERE user = :user AND factor > :stage AND disabled = 0 AND type <> :scratch'; |
|
| 61 | + $statement = $this->database->prepare($sql); |
|
| 62 | + $statement->execute(array(':user' => $user->getId(), ':stage' => $stage, ':scratch' => 'scratch')); |
|
| 63 | + $requiredFactors = $statement->fetchColumn(); |
|
| 64 | 64 | |
| 65 | - // prep the correct OK response based on how many factors are ahead of this one |
|
| 66 | - $success = self::AUTH_OK; |
|
| 67 | - if ($requiredFactors > 0) { |
|
| 68 | - $success = self::AUTH_REQUIRE_NEXT_STAGE; |
|
| 69 | - } |
|
| 65 | + // prep the correct OK response based on how many factors are ahead of this one |
|
| 66 | + $success = self::AUTH_OK; |
|
| 67 | + if ($requiredFactors > 0) { |
|
| 68 | + $success = self::AUTH_REQUIRE_NEXT_STAGE; |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - foreach ($options as $type) { |
|
| 72 | - if (!isset($this->typeMap[$type])) { |
|
| 73 | - // does this type have a credentialProvider registered? |
|
| 74 | - continue; |
|
| 75 | - } |
|
| 71 | + foreach ($options as $type) { |
|
| 72 | + if (!isset($this->typeMap[$type])) { |
|
| 73 | + // does this type have a credentialProvider registered? |
|
| 74 | + continue; |
|
| 75 | + } |
|
| 76 | 76 | |
| 77 | - /** @var ICredentialProvider $credentialProvider */ |
|
| 78 | - $credentialProvider = $this->typeMap[$type]; |
|
| 79 | - if ($credentialProvider->authenticate($user, $data)) { |
|
| 80 | - return $success; |
|
| 81 | - } |
|
| 82 | - } |
|
| 77 | + /** @var ICredentialProvider $credentialProvider */ |
|
| 78 | + $credentialProvider = $this->typeMap[$type]; |
|
| 79 | + if ($credentialProvider->authenticate($user, $data)) { |
|
| 80 | + return $success; |
|
| 81 | + } |
|
| 82 | + } |
|
| 83 | 83 | |
| 84 | - // We've iterated over all the available providers for this stage. |
|
| 85 | - // They all hate you. |
|
| 86 | - return self::AUTH_FAIL; |
|
| 87 | - } |
|
| 84 | + // We've iterated over all the available providers for this stage. |
|
| 85 | + // They all hate you. |
|
| 86 | + return self::AUTH_FAIL; |
|
| 87 | + } |
|
| 88 | 88 | } |
| 89 | 89 | \ No newline at end of file |
@@ -14,9 +14,9 @@ |
||
| 14 | 14 | |
| 15 | 15 | function smarty_modifier_nlimplode($list, $conjunction = 'or') |
| 16 | 16 | { |
| 17 | - $last = array_pop($list); |
|
| 18 | - if ($list) { |
|
| 19 | - return implode(', ', $list) . ', ' . $conjunction . ' ' . $last; |
|
| 20 | - } |
|
| 21 | - return $last; |
|
| 17 | + $last = array_pop($list); |
|
| 18 | + if ($list) { |
|
| 19 | + return implode(', ', $list) . ', ' . $conjunction . ' ' . $last; |
|
| 20 | + } |
|
| 21 | + return $last; |
|
| 22 | 22 | } |
| 23 | 23 | \ No newline at end of file |
@@ -16,7 +16,7 @@ |
||
| 16 | 16 | { |
| 17 | 17 | $last = array_pop($list); |
| 18 | 18 | if ($list) { |
| 19 | - return implode(', ', $list) . ', ' . $conjunction . ' ' . $last; |
|
| 19 | + return implode(', ', $list).', '.$conjunction.' '.$last; |
|
| 20 | 20 | } |
| 21 | 21 | return $last; |
| 22 | 22 | } |
| 23 | 23 | \ No newline at end of file |
@@ -8,10 +8,10 @@ |
||
| 8 | 8 | |
| 9 | 9 | function smarty_modifier_demodhex($input) |
| 10 | 10 | { |
| 11 | - $hex = preg_replace( |
|
| 12 | - array('/c/', '/b/', '/d/', '/e/', '/f/', '/g/', '/h/', '/i/', '/j/', '/k/', '/l/', '/n/', '/r/', '/t/', '/u/', '/v/'), |
|
| 13 | - array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'), |
|
| 14 | - $input); |
|
| 11 | + $hex = preg_replace( |
|
| 12 | + array('/c/', '/b/', '/d/', '/e/', '/f/', '/g/', '/h/', '/i/', '/j/', '/k/', '/l/', '/n/', '/r/', '/t/', '/u/', '/v/'), |
|
| 13 | + array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'), |
|
| 14 | + $input); |
|
| 15 | 15 | |
| 16 | - return hexdec($hex); |
|
| 16 | + return hexdec($hex); |
|
| 17 | 17 | } |
| 18 | 18 | \ No newline at end of file |
@@ -15,56 +15,56 @@ |
||
| 15 | 15 | |
| 16 | 16 | class PasswordCredentialProvider extends CredentialProviderBase |
| 17 | 17 | { |
| 18 | - const PASSWORD_COST = 10; |
|
| 19 | - const PASSWORD_ALGO = PASSWORD_BCRYPT; |
|
| 18 | + const PASSWORD_COST = 10; |
|
| 19 | + const PASSWORD_ALGO = PASSWORD_BCRYPT; |
|
| 20 | 20 | |
| 21 | - public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 22 | - { |
|
| 23 | - parent::__construct($database, $configuration, 'password'); |
|
| 24 | - } |
|
| 21 | + public function __construct(PdoDatabase $database, SiteConfiguration $configuration) |
|
| 22 | + { |
|
| 23 | + parent::__construct($database, $configuration, 'password'); |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | - public function authenticate(User $user, $data) |
|
| 27 | - { |
|
| 28 | - $storedData = $this->getCredentialData($user->getId()); |
|
| 29 | - if($storedData === null) |
|
| 30 | - { |
|
| 31 | - // No available credential matching these parameters |
|
| 32 | - return false; |
|
| 33 | - } |
|
| 26 | + public function authenticate(User $user, $data) |
|
| 27 | + { |
|
| 28 | + $storedData = $this->getCredentialData($user->getId()); |
|
| 29 | + if($storedData === null) |
|
| 30 | + { |
|
| 31 | + // No available credential matching these parameters |
|
| 32 | + return false; |
|
| 33 | + } |
|
| 34 | 34 | |
| 35 | - if($storedData->getVersion() !== 2) { |
|
| 36 | - // Non-2 versions are not supported. |
|
| 37 | - return false; |
|
| 38 | - } |
|
| 35 | + if($storedData->getVersion() !== 2) { |
|
| 36 | + // Non-2 versions are not supported. |
|
| 37 | + return false; |
|
| 38 | + } |
|
| 39 | 39 | |
| 40 | - if(password_verify($data, $storedData->getData())) { |
|
| 41 | - if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 42 | - $this->setCredential($user, $storedData->getFactor(), $data); |
|
| 43 | - } |
|
| 40 | + if(password_verify($data, $storedData->getData())) { |
|
| 41 | + if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 42 | + $this->setCredential($user, $storedData->getFactor(), $data); |
|
| 43 | + } |
|
| 44 | 44 | |
| 45 | - return true; |
|
| 46 | - } |
|
| 45 | + return true; |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - return false; |
|
| 49 | - } |
|
| 48 | + return false; |
|
| 49 | + } |
|
| 50 | 50 | |
| 51 | - public function setCredential(User $user, $factor, $password) |
|
| 52 | - { |
|
| 53 | - $storedData = $this->getCredentialData($user->getId()); |
|
| 51 | + public function setCredential(User $user, $factor, $password) |
|
| 52 | + { |
|
| 53 | + $storedData = $this->getCredentialData($user->getId()); |
|
| 54 | 54 | |
| 55 | - if($storedData === null){ |
|
| 56 | - $storedData = $this->createNewCredential($user); |
|
| 57 | - } |
|
| 55 | + if($storedData === null){ |
|
| 56 | + $storedData = $this->createNewCredential($user); |
|
| 57 | + } |
|
| 58 | 58 | |
| 59 | - $storedData->setData(password_hash($password, self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))); |
|
| 60 | - $storedData->setFactor($factor); |
|
| 61 | - $storedData->setVersion(2); |
|
| 59 | + $storedData->setData(password_hash($password, self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))); |
|
| 60 | + $storedData->setFactor($factor); |
|
| 61 | + $storedData->setVersion(2); |
|
| 62 | 62 | |
| 63 | - $storedData->save(); |
|
| 64 | - } |
|
| 63 | + $storedData->save(); |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - public function deleteCredential(User $user) |
|
| 67 | - { |
|
| 68 | - throw new ApplicationLogicException('Deletion of password credential is not allowed.'); |
|
| 69 | - } |
|
| 66 | + public function deleteCredential(User $user) |
|
| 67 | + { |
|
| 68 | + throw new ApplicationLogicException('Deletion of password credential is not allowed.'); |
|
| 69 | + } |
|
| 70 | 70 | } |
@@ -26,19 +26,19 @@ discard block |
||
| 26 | 26 | public function authenticate(User $user, $data) |
| 27 | 27 | { |
| 28 | 28 | $storedData = $this->getCredentialData($user->getId()); |
| 29 | - if($storedData === null) |
|
| 29 | + if ($storedData === null) |
|
| 30 | 30 | { |
| 31 | 31 | // No available credential matching these parameters |
| 32 | 32 | return false; |
| 33 | 33 | } |
| 34 | 34 | |
| 35 | - if($storedData->getVersion() !== 2) { |
|
| 35 | + if ($storedData->getVersion() !== 2) { |
|
| 36 | 36 | // Non-2 versions are not supported. |
| 37 | 37 | return false; |
| 38 | 38 | } |
| 39 | 39 | |
| 40 | - if(password_verify($data, $storedData->getData())) { |
|
| 41 | - if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 40 | + if (password_verify($data, $storedData->getData())) { |
|
| 41 | + if (password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))) { |
|
| 42 | 42 | $this->setCredential($user, $storedData->getFactor(), $data); |
| 43 | 43 | } |
| 44 | 44 | |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | { |
| 53 | 53 | $storedData = $this->getCredentialData($user->getId()); |
| 54 | 54 | |
| 55 | - if($storedData === null){ |
|
| 55 | + if ($storedData === null) { |
|
| 56 | 56 | $storedData = $this->createNewCredential($user); |
| 57 | 57 | } |
| 58 | 58 | |
@@ -26,8 +26,7 @@ discard block |
||
| 26 | 26 | public function authenticate(User $user, $data) |
| 27 | 27 | { |
| 28 | 28 | $storedData = $this->getCredentialData($user->getId()); |
| 29 | - if($storedData === null) |
|
| 30 | - { |
|
| 29 | + if($storedData === null) { |
|
| 31 | 30 | // No available credential matching these parameters |
| 32 | 31 | return false; |
| 33 | 32 | } |
@@ -38,7 +37,7 @@ discard block |
||
| 38 | 37 | } |
| 39 | 38 | |
| 40 | 39 | if(password_verify($data, $storedData->getData())) { |
| 41 | - if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))){ |
|
| 40 | + if(password_needs_rehash($storedData->getData(), self::PASSWORD_ALGO, array('cost' => self::PASSWORD_COST))) { |
|
| 42 | 41 | $this->setCredential($user, $storedData->getFactor(), $data); |
| 43 | 42 | } |
| 44 | 43 | |
@@ -52,7 +51,7 @@ discard block |
||
| 52 | 51 | { |
| 53 | 52 | $storedData = $this->getCredentialData($user->getId()); |
| 54 | 53 | |
| 55 | - if($storedData === null){ |
|
| 54 | + if($storedData === null) { |
|
| 56 | 55 | $storedData = $this->createNewCredential($user); |
| 57 | 56 | } |
| 58 | 57 | |
@@ -16,57 +16,57 @@ |
||
| 16 | 16 | */ |
| 17 | 17 | class Offline |
| 18 | 18 | { |
| 19 | - /** |
|
| 20 | - * Determines if the tool is offline |
|
| 21 | - * @return bool |
|
| 22 | - */ |
|
| 23 | - public static function isOffline() |
|
| 24 | - { |
|
| 25 | - global $dontUseDb; |
|
| 19 | + /** |
|
| 20 | + * Determines if the tool is offline |
|
| 21 | + * @return bool |
|
| 22 | + */ |
|
| 23 | + public static function isOffline() |
|
| 24 | + { |
|
| 25 | + global $dontUseDb; |
|
| 26 | 26 | |
| 27 | - return (bool)$dontUseDb; |
|
| 28 | - } |
|
| 27 | + return (bool)$dontUseDb; |
|
| 28 | + } |
|
| 29 | 29 | |
| 30 | - /** |
|
| 31 | - * Gets the offline message |
|
| 32 | - * |
|
| 33 | - * @param bool $external |
|
| 34 | - * @param null $message |
|
| 35 | - * |
|
| 36 | - * @return string |
|
| 37 | - */ |
|
| 38 | - public static function getOfflineMessage($external, $message = null) |
|
| 39 | - { |
|
| 40 | - global $dontUseDbCulprit, $dontUseDbReason, $baseurl; |
|
| 30 | + /** |
|
| 31 | + * Gets the offline message |
|
| 32 | + * |
|
| 33 | + * @param bool $external |
|
| 34 | + * @param null $message |
|
| 35 | + * |
|
| 36 | + * @return string |
|
| 37 | + */ |
|
| 38 | + public static function getOfflineMessage($external, $message = null) |
|
| 39 | + { |
|
| 40 | + global $dontUseDbCulprit, $dontUseDbReason, $baseurl; |
|
| 41 | 41 | |
| 42 | - $smarty = new Smarty(); |
|
| 43 | - $smarty->assign("baseurl", $baseurl); |
|
| 44 | - $smarty->assign("alerts", []); |
|
| 45 | - $smarty->assign("toolversion", Environment::getToolVersion()); |
|
| 42 | + $smarty = new Smarty(); |
|
| 43 | + $smarty->assign("baseurl", $baseurl); |
|
| 44 | + $smarty->assign("alerts", []); |
|
| 45 | + $smarty->assign("toolversion", Environment::getToolVersion()); |
|
| 46 | 46 | |
| 47 | - if (!headers_sent()) { |
|
| 48 | - header("HTTP/1.1 503 Service Unavailable"); |
|
| 49 | - } |
|
| 47 | + if (!headers_sent()) { |
|
| 48 | + header("HTTP/1.1 503 Service Unavailable"); |
|
| 49 | + } |
|
| 50 | 50 | |
| 51 | - if ($external) { |
|
| 52 | - return $smarty->fetch("offline/external.tpl"); |
|
| 53 | - } |
|
| 54 | - else { |
|
| 55 | - $hideCulprit = true; |
|
| 51 | + if ($external) { |
|
| 52 | + return $smarty->fetch("offline/external.tpl"); |
|
| 53 | + } |
|
| 54 | + else { |
|
| 55 | + $hideCulprit = true; |
|
| 56 | 56 | |
| 57 | - // Use the provided message if possible |
|
| 58 | - if ($message === null) { |
|
| 59 | - $hideCulprit = false; |
|
| 60 | - $message = $dontUseDbReason; |
|
| 61 | - } |
|
| 57 | + // Use the provided message if possible |
|
| 58 | + if ($message === null) { |
|
| 59 | + $hideCulprit = false; |
|
| 60 | + $message = $dontUseDbReason; |
|
| 61 | + } |
|
| 62 | 62 | |
| 63 | - $smarty->assign("hideCulprit", $hideCulprit); |
|
| 64 | - $smarty->assign("dontUseDbCulprit", $dontUseDbCulprit); |
|
| 65 | - $smarty->assign("dontUseDbReason", $message); |
|
| 66 | - $smarty->assign("alerts", array()); |
|
| 67 | - $smarty->assign('currentUser', User::getCommunity()); |
|
| 63 | + $smarty->assign("hideCulprit", $hideCulprit); |
|
| 64 | + $smarty->assign("dontUseDbCulprit", $dontUseDbCulprit); |
|
| 65 | + $smarty->assign("dontUseDbReason", $message); |
|
| 66 | + $smarty->assign("alerts", array()); |
|
| 67 | + $smarty->assign('currentUser', User::getCommunity()); |
|
| 68 | 68 | |
| 69 | - return $smarty->fetch("offline/internal.tpl"); |
|
| 70 | - } |
|
| 71 | - } |
|
| 69 | + return $smarty->fetch("offline/internal.tpl"); |
|
| 70 | + } |
|
| 71 | + } |
|
| 72 | 72 | } |
@@ -7,46 +7,46 @@ |
||
| 7 | 7 | ******************************************************************************/ |
| 8 | 8 | |
| 9 | 9 | $toolList = array( |
| 10 | - 'tparis-pcount' => '//tools.wmflabs.org/supercount/index.php?user=%DATA%&project=en.wikipedia', |
|
| 11 | - 'guc' => '//tools.wmflabs.org/guc/?by=date&user=%DATA%', |
|
| 12 | - 'oq-whois' => 'https://whois.domaintools.com/%DATA%', |
|
| 13 | - 'tl-whois' => 'https://tools.wmflabs.org/whois/gateway.py?lookup=true&ip=%DATA%', |
|
| 14 | - 'honeypot' => 'https://www.projecthoneypot.org/ip_%DATA%', |
|
| 15 | - 'stopforumspam' => 'https://www.stopforumspam.com/ipcheck/%DATA%', |
|
| 16 | - 'google' => 'https://www.google.com/search?q=%DATA%', |
|
| 17 | - 'domain' => 'http://%DATA%/', |
|
| 18 | - 'rangefinder' => 'https://tools.wmflabs.org/rangeblockfinder/?ip=%DATA%', |
|
| 10 | + 'tparis-pcount' => '//tools.wmflabs.org/supercount/index.php?user=%DATA%&project=en.wikipedia', |
|
| 11 | + 'guc' => '//tools.wmflabs.org/guc/?by=date&user=%DATA%', |
|
| 12 | + 'oq-whois' => 'https://whois.domaintools.com/%DATA%', |
|
| 13 | + 'tl-whois' => 'https://tools.wmflabs.org/whois/gateway.py?lookup=true&ip=%DATA%', |
|
| 14 | + 'honeypot' => 'https://www.projecthoneypot.org/ip_%DATA%', |
|
| 15 | + 'stopforumspam' => 'https://www.stopforumspam.com/ipcheck/%DATA%', |
|
| 16 | + 'google' => 'https://www.google.com/search?q=%DATA%', |
|
| 17 | + 'domain' => 'http://%DATA%/', |
|
| 18 | + 'rangefinder' => 'https://tools.wmflabs.org/rangeblockfinder/?ip=%DATA%', |
|
| 19 | 19 | 'ipcheck' => 'https://ipcheck.toolforge.org/index.php?ip=%DATA%', |
| 20 | 20 | 'bgpview' => 'https://bgpview.io/ip/%DATA%' |
| 21 | 21 | ); |
| 22 | 22 | |
| 23 | 23 | if (!isset($_GET['tool']) |
| 24 | - || !isset($toolList[$_GET['tool']]) |
|
| 25 | - || !isset($_GET['data']) |
|
| 24 | + || !isset($toolList[$_GET['tool']]) |
|
| 25 | + || !isset($_GET['data']) |
|
| 26 | 26 | ) { |
| 27 | - header("HTTP/1.1 403 Forbidden"); |
|
| 27 | + header("HTTP/1.1 403 Forbidden"); |
|
| 28 | 28 | |
| 29 | - return; |
|
| 29 | + return; |
|
| 30 | 30 | } |
| 31 | 31 | |
| 32 | 32 | if (isset($_GET['round2'])) { |
| 33 | - $data = $_GET['data']; |
|
| 34 | - $tool = $_GET['tool']; |
|
| 33 | + $data = $_GET['data']; |
|
| 34 | + $tool = $_GET['tool']; |
|
| 35 | 35 | |
| 36 | - if ($tool === 'domain') { |
|
| 37 | - // quick security check - if you want to exploit something, you better be sure your exploit resolves via dns. |
|
| 38 | - // this is not intended to catch everything, just as a quick sanity check. |
|
| 39 | - if (gethostbyname($data) == $data) { |
|
| 40 | - echo 'Error resolving hostname, it doesn\'t look like this domain exists.'; |
|
| 41 | - die(); |
|
| 42 | - } |
|
| 43 | - } |
|
| 44 | - else { |
|
| 45 | - $data = urlencode($data); |
|
| 46 | - } |
|
| 36 | + if ($tool === 'domain') { |
|
| 37 | + // quick security check - if you want to exploit something, you better be sure your exploit resolves via dns. |
|
| 38 | + // this is not intended to catch everything, just as a quick sanity check. |
|
| 39 | + if (gethostbyname($data) == $data) { |
|
| 40 | + echo 'Error resolving hostname, it doesn\'t look like this domain exists.'; |
|
| 41 | + die(); |
|
| 42 | + } |
|
| 43 | + } |
|
| 44 | + else { |
|
| 45 | + $data = urlencode($data); |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - echo '<script>window.location.href=' . json_encode(str_replace("%DATA%", $data, $toolList[$tool])) . '</script>'; |
|
| 48 | + echo '<script>window.location.href=' . json_encode(str_replace("%DATA%", $data, $toolList[$tool])) . '</script>'; |
|
| 49 | 49 | } |
| 50 | 50 | else { |
| 51 | - header("Location: " . $_SERVER["REQUEST_URI"] . "&round2=true"); |
|
| 51 | + header("Location: " . $_SERVER["REQUEST_URI"] . "&round2=true"); |
|
| 52 | 52 | } |
@@ -45,8 +45,8 @@ |
||
| 45 | 45 | $data = urlencode($data); |
| 46 | 46 | } |
| 47 | 47 | |
| 48 | - echo '<script>window.location.href=' . json_encode(str_replace("%DATA%", $data, $toolList[$tool])) . '</script>'; |
|
| 48 | + echo '<script>window.location.href='.json_encode(str_replace("%DATA%", $data, $toolList[$tool])).'</script>'; |
|
| 49 | 49 | } |
| 50 | 50 | else { |
| 51 | - header("Location: " . $_SERVER["REQUEST_URI"] . "&round2=true"); |
|
| 51 | + header("Location: ".$_SERVER["REQUEST_URI"]."&round2=true"); |
|
| 52 | 52 | } |
