nilsteampassnet /
TeamPass
@@ -123,7 +123,7 @@ discard block |
||
| 123 | 123 | * @param array $SETTINGS |
| 124 | 124 | * @return bool|string |
| 125 | 125 | */ |
| 126 | - function handleAuthAttempts($post_data, $SETTINGS): bool|string |
|
| 126 | + function handleAuthAttempts($post_data, $SETTINGS): bool | string |
|
| 127 | 127 | { |
| 128 | 128 | $session = SessionManager::getSession(); |
| 129 | 129 | $lang = new Language($session->get('user-language') ?? 'english'); |
@@ -252,7 +252,7 @@ discard block |
||
| 252 | 252 | $sessionPwdAttempts = $session->get('pwd_attempts'); |
| 253 | 253 | $sessionUrl = $session->get('user-initial_url'); |
| 254 | 254 | $server = []; |
| 255 | - $server['PHP_AUTH_USER'] = $request->getUser(); |
|
| 255 | + $server['PHP_AUTH_USER'] = $request->getUser(); |
|
| 256 | 256 | $server['PHP_AUTH_PW'] = $request->getPassword(); |
| 257 | 257 | |
| 258 | 258 | // decrypt and retreive data in JSON format |
@@ -267,18 +267,18 @@ discard block |
||
| 267 | 267 | } |
| 268 | 268 | |
| 269 | 269 | // Check if Duo auth is in progress and pass the pw and login back to the standard login process |
| 270 | - if( |
|
| 270 | + if ( |
|
| 271 | 271 | isKeyExistingAndEqual('duo', 1, $SETTINGS) === true |
| 272 | 272 | && $dataReceived['user_2fa_selection'] === 'duo' |
| 273 | 273 | && $session->get('user-duo_status') === 'IN_PROGRESS' |
| 274 | 274 | && !empty($dataReceived['duo_state']) |
| 275 | - ){ |
|
| 275 | + ) { |
|
| 276 | 276 | $key = hash('sha256', $dataReceived['duo_state']); |
| 277 | 277 | $iv = substr(hash('sha256', $dataReceived['duo_state']), 0, 16); |
| 278 | 278 | $duo_data_dec = openssl_decrypt(base64_decode($session->get('user-duo_data')), 'AES-256-CBC', $key, 0, $iv); |
| 279 | 279 | // Clear the data from the Duo process to continue clean with the standard login process |
| 280 | - $session->set('user-duo_data',''); |
|
| 281 | - if($duo_data_dec === false){ |
|
| 280 | + $session->set('user-duo_data', ''); |
|
| 281 | + if ($duo_data_dec === false) { |
|
| 282 | 282 | echo prepareExchangedData( |
| 283 | 283 | [ |
| 284 | 284 | 'error' => true, |
@@ -293,7 +293,7 @@ discard block |
||
| 293 | 293 | $dataReceived['login'] = $duo_data['duo_login']; |
| 294 | 294 | } |
| 295 | 295 | |
| 296 | - if(isset($dataReceived['pw']) === false || isset($dataReceived['login']) === false) { |
|
| 296 | + if (isset($dataReceived['pw']) === false || isset($dataReceived['login']) === false) { |
|
| 297 | 297 | echo json_encode([ |
| 298 | 298 | 'data' => prepareExchangedData( |
| 299 | 299 | [ |
@@ -613,7 +613,7 @@ discard block |
||
| 613 | 613 | } |
| 614 | 614 | // Append with roles from AD groups |
| 615 | 615 | if (is_null($userInfo['roles_from_ad_groups']) === false) { |
| 616 | - $userInfo['fonction_id'] = empty($userInfo['fonction_id']) === true ? $userInfo['roles_from_ad_groups'] : $userInfo['fonction_id']. ';' . $userInfo['roles_from_ad_groups']; |
|
| 616 | + $userInfo['fonction_id'] = empty($userInfo['fonction_id']) === true ? $userInfo['roles_from_ad_groups'] : $userInfo['fonction_id'].';'.$userInfo['roles_from_ad_groups']; |
|
| 617 | 617 | } |
| 618 | 618 | // store |
| 619 | 619 | $session->set('user-roles', $userInfo['fonction_id']); |
@@ -625,7 +625,7 @@ discard block |
||
| 625 | 625 | if (count($session->get('user-roles_array')) > 0) { |
| 626 | 626 | $rolesList = DB::query( |
| 627 | 627 | 'SELECT id, title, complexity |
| 628 | - FROM ' . prefixTable('roles_title') . ' |
|
| 628 | + FROM ' . prefixTable('roles_title').' |
|
| 629 | 629 | WHERE id IN %li', |
| 630 | 630 | $session->get('user-roles_array') |
| 631 | 631 | ); |
@@ -671,7 +671,7 @@ discard block |
||
| 671 | 671 | if ($adjustPermissions) { |
| 672 | 672 | $session->set('user-admin', (int) $userInfo['admin']); |
| 673 | 673 | $session->set('user-manager', (int) $userInfo['gestionnaire']); |
| 674 | - $session->set('user-can_manage_all_users',(int) $userInfo['can_manage_all_users']); |
|
| 674 | + $session->set('user-can_manage_all_users', (int) $userInfo['can_manage_all_users']); |
|
| 675 | 675 | $session->set('user-read_only', (int) $userInfo['read_only']); |
| 676 | 676 | DB::update( |
| 677 | 677 | prefixTable('users'), |
@@ -743,10 +743,10 @@ discard block |
||
| 743 | 743 | $session->set('user-latest_items_tab', []); |
| 744 | 744 | $session->set('user-nb_roles', 0); |
| 745 | 745 | foreach ($session->get('user-latest_items') as $item) { |
| 746 | - if (! empty($item)) { |
|
| 746 | + if (!empty($item)) { |
|
| 747 | 747 | $dataLastItems = DB::queryFirstRow( |
| 748 | 748 | 'SELECT id,label,id_tree |
| 749 | - FROM ' . prefixTable('items') . ' |
|
| 749 | + FROM ' . prefixTable('items').' |
|
| 750 | 750 | WHERE id=%i', |
| 751 | 751 | $item |
| 752 | 752 | ); |
@@ -755,7 +755,7 @@ discard block |
||
| 755 | 755 | [ |
| 756 | 756 | 'id' => $item, |
| 757 | 757 | 'label' => $dataLastItems['label'], |
| 758 | - 'url' => 'index.php?page=items&group=' . $dataLastItems['id_tree'] . '&id=' . $item, |
|
| 758 | + 'url' => 'index.php?page=items&group='.$dataLastItems['id_tree'].'&id='.$item, |
|
| 759 | 759 | ], |
| 760 | 760 | 'add' |
| 761 | 761 | ); |
@@ -765,7 +765,7 @@ discard block |
||
| 765 | 765 | // Get cahce tree info |
| 766 | 766 | $cacheTreeData = DB::queryFirstRow( |
| 767 | 767 | 'SELECT visible_folders |
| 768 | - FROM ' . prefixTable('cache_tree') . ' |
|
| 768 | + FROM ' . prefixTable('cache_tree').' |
|
| 769 | 769 | WHERE user_id=%i', |
| 770 | 770 | (int) $session->get('user-id') |
| 771 | 771 | ); |
@@ -797,7 +797,7 @@ discard block |
||
| 797 | 797 | && (int) $sessionAdmin !== 1 |
| 798 | 798 | ) { |
| 799 | 799 | // get all Admin users |
| 800 | - $val = DB::queryfirstrow('SELECT email FROM ' . prefixTable('users') . " WHERE admin = %i and email != ''", 1); |
|
| 800 | + $val = DB::queryfirstrow('SELECT email FROM '.prefixTable('users')." WHERE admin = %i and email != ''", 1); |
|
| 801 | 801 | if (DB::count() > 0) { |
| 802 | 802 | // Add email to table |
| 803 | 803 | prepareSendingEmail( |
@@ -809,7 +809,7 @@ discard block |
||
| 809 | 809 | '#tp_time#', |
| 810 | 810 | ], |
| 811 | 811 | [ |
| 812 | - ' ' . $session->get('user-login') . ' (IP: ' . getClientIpServer() . ')', |
|
| 812 | + ' '.$session->get('user-login').' (IP: '.getClientIpServer().')', |
|
| 813 | 813 | date($SETTINGS['date_format'], (int) $session->get('user-last_connection')), |
| 814 | 814 | date($SETTINGS['time_format'], (int) $session->get('user-last_connection')), |
| 815 | 815 | ], |
@@ -960,7 +960,7 @@ discard block |
||
| 960 | 960 | { |
| 961 | 961 | $rows = DB::query( |
| 962 | 962 | 'SELECT date |
| 963 | - FROM ' . prefixTable('log_system') . " |
|
| 963 | + FROM ' . prefixTable('log_system')." |
|
| 964 | 964 | WHERE field_1 = %s |
| 965 | 965 | AND type = 'failed_auth' |
| 966 | 966 | AND label = 'password_is_not_correct' |
@@ -974,7 +974,7 @@ discard block |
||
| 974 | 974 | foreach ($rows as $record) { |
| 975 | 975 | array_push( |
| 976 | 976 | $arrAttempts, |
| 977 | - date($SETTINGS['date_format'] . ' ' . $SETTINGS['time_format'], (int) $record['date']) |
|
| 977 | + date($SETTINGS['date_format'].' '.$SETTINGS['time_format'], (int) $record['date']) |
|
| 978 | 978 | ); |
| 979 | 979 | } |
| 980 | 980 | } |
@@ -1009,7 +1009,7 @@ discard block |
||
| 1009 | 1009 | $ldapConnection |
| 1010 | 1010 | ) : bool |
| 1011 | 1011 | { |
| 1012 | - include_once $SETTINGS['cpassman_dir'] . '/sources/main.functions.php'; |
|
| 1012 | + include_once $SETTINGS['cpassman_dir'].'/sources/main.functions.php'; |
|
| 1013 | 1013 | |
| 1014 | 1014 | if ((int) $userInfoDisabled === 1) { |
| 1015 | 1015 | return false; |
@@ -1227,7 +1227,7 @@ discard block |
||
| 1227 | 1227 | $openLdapExtra = new OpenLdapExtra(); |
| 1228 | 1228 | break; |
| 1229 | 1229 | default: |
| 1230 | - throw new Exception("Unsupported LDAP type: " . $SETTINGS['ldap_type']); |
|
| 1230 | + throw new Exception("Unsupported LDAP type: ".$SETTINGS['ldap_type']); |
|
| 1231 | 1231 | } |
| 1232 | 1232 | } catch (Exception $e) { |
| 1233 | 1233 | return [ |
@@ -1240,7 +1240,7 @@ discard block |
||
| 1240 | 1240 | // 2- Get user info from AD |
| 1241 | 1241 | // We want to isolate attribute ldap_user_attribute or mostly samAccountName |
| 1242 | 1242 | $userADInfos = $ldapConnection->query() |
| 1243 | - ->where((isset($SETTINGS['ldap_user_attribute']) ===true && empty($SETTINGS['ldap_user_attribute']) === false) ? $SETTINGS['ldap_user_attribute'] : 'samaccountname', '=', $username) |
|
| 1243 | + ->where((isset($SETTINGS['ldap_user_attribute']) === true && empty($SETTINGS['ldap_user_attribute']) === false) ? $SETTINGS['ldap_user_attribute'] : 'samaccountname', '=', $username) |
|
| 1244 | 1244 | ->firstOrFail(); |
| 1245 | 1245 | |
| 1246 | 1246 | // Is user enabled? Only ActiveDirectory |
@@ -1258,7 +1258,7 @@ discard block |
||
| 1258 | 1258 | // For OpenLDAP and others, we use attribute dn |
| 1259 | 1259 | $userAuthAttempt = $ldapConnection->auth()->attempt( |
| 1260 | 1260 | $SETTINGS['ldap_type'] === 'ActiveDirectory' ? |
| 1261 | - $userADInfos['userprincipalname'][0] : // refering to https://ldaprecord.com/docs/core/v2/authentication#basic-authentication |
|
| 1261 | + $userADInfos['userprincipalname'][0] : // refering to https://ldaprecord.com/docs/core/v2/authentication#basic-authentication |
|
| 1262 | 1262 | $userADInfos['dn'], |
| 1263 | 1263 | $passwordClear |
| 1264 | 1264 | ); |
@@ -1341,7 +1341,7 @@ discard block |
||
| 1341 | 1341 | // error |
| 1342 | 1342 | return [ |
| 1343 | 1343 | 'error' => true, |
| 1344 | - 'message' => "Error: Unsupported LDAP type: " . $SETTINGS['ldap_type'], |
|
| 1344 | + 'message' => "Error: Unsupported LDAP type: ".$SETTINGS['ldap_type'], |
|
| 1345 | 1345 | ]; |
| 1346 | 1346 | } |
| 1347 | 1347 | |
@@ -1376,12 +1376,12 @@ discard block |
||
| 1376 | 1376 | if (isset($SETTINGS['enable_ad_users_with_ad_groups']) === true && (int) $SETTINGS['enable_ad_users_with_ad_groups'] === 1) { |
| 1377 | 1377 | // Get user groups from AD |
| 1378 | 1378 | $user_ad_groups = []; |
| 1379 | - foreach($groups as $group) { |
|
| 1379 | + foreach ($groups as $group) { |
|
| 1380 | 1380 | //print_r($group); |
| 1381 | 1381 | // get relation role id for AD group |
| 1382 | 1382 | $role = DB::queryFirstRow( |
| 1383 | 1383 | 'SELECT lgr.role_id |
| 1384 | - FROM ' . prefixTable('ldap_groups_roles') . ' AS lgr |
|
| 1384 | + FROM ' . prefixTable('ldap_groups_roles').' AS lgr |
|
| 1385 | 1385 | WHERE lgr.ldap_group_id = %s', |
| 1386 | 1386 | $group |
| 1387 | 1387 | ); |
@@ -1526,7 +1526,7 @@ discard block |
||
| 1526 | 1526 | } |
| 1527 | 1527 | |
| 1528 | 1528 | // Now check yubico validity |
| 1529 | - include_once $SETTINGS['cpassman_dir'] . '/includes/libraries/Authentication/Yubico/Yubico.php'; |
|
| 1529 | + include_once $SETTINGS['cpassman_dir'].'/includes/libraries/Authentication/Yubico/Yubico.php'; |
|
| 1530 | 1530 | $yubi = new Auth_Yubico($yubico_user_id, $yubico_user_key); |
| 1531 | 1531 | $auth = $yubi->verify($yubico_key); |
| 1532 | 1532 | //, null, null, null, 60 |
@@ -1585,7 +1585,7 @@ discard block |
||
| 1585 | 1585 | // Check if exists in DB |
| 1586 | 1586 | $groupData = DB::queryFirstRow( |
| 1587 | 1587 | 'SELECT id |
| 1588 | - FROM ' . prefixTable('roles_title') . ' |
|
| 1588 | + FROM ' . prefixTable('roles_title').' |
|
| 1589 | 1589 | WHERE title = %s', |
| 1590 | 1590 | $group["displayName"] |
| 1591 | 1591 | ); |
@@ -1714,7 +1714,7 @@ discard block |
||
| 1714 | 1714 | |
| 1715 | 1715 | // generate new QR |
| 1716 | 1716 | $new_2fa_qr = $tfa->getQRCodeImageAsDataUri( |
| 1717 | - 'Teampass - ' . $username, |
|
| 1717 | + 'Teampass - '.$username, |
|
| 1718 | 1718 | $userInfo['ga'] |
| 1719 | 1719 | ); |
| 1720 | 1720 | // clear temporary code from DB |
@@ -1727,7 +1727,7 @@ discard block |
||
| 1727 | 1727 | $userInfo['id'] |
| 1728 | 1728 | ); |
| 1729 | 1729 | $firstTime = [ |
| 1730 | - 'value' => '<img src="' . $new_2fa_qr . '">', |
|
| 1730 | + 'value' => '<img src="'.$new_2fa_qr.'">', |
|
| 1731 | 1731 | 'user_admin' => isset($sessionAdmin) ? (int) $sessionAdmin : '', |
| 1732 | 1732 | 'initial_url' => isset($sessionUrl) === true ? $sessionUrl : '', |
| 1733 | 1733 | 'pwd_attempts' => (int) $sessionPwdAttempts, |
@@ -1883,7 +1883,7 @@ discard block |
||
| 1883 | 1883 | }*/ |
| 1884 | 1884 | return [ |
| 1885 | 1885 | 'error' => true, |
| 1886 | - 'message' => $duo_error . $lang->get('duo_error_check_config'), |
|
| 1886 | + 'message' => $duo_error.$lang->get('duo_error_check_config'), |
|
| 1887 | 1887 | 'pwd_attempts' => (int) $sessionPwdAttempts, |
| 1888 | 1888 | 'debug_message' => $e->getMessage(), |
| 1889 | 1889 | 'proceedIdentification' => false, |
@@ -1899,7 +1899,7 @@ discard block |
||
| 1899 | 1899 | } catch (DuoException $e) { |
| 1900 | 1900 | return [ |
| 1901 | 1901 | 'error' => true, |
| 1902 | - 'message' => $duo_error . $lang->get('duo_error_url'), |
|
| 1902 | + 'message' => $duo_error.$lang->get('duo_error_url'), |
|
| 1903 | 1903 | 'pwd_attempts' => (int) $sessionPwdAttempts, |
| 1904 | 1904 | 'debug_message' => $e->getMessage(), |
| 1905 | 1905 | 'proceedIdentification' => false, |
@@ -1907,7 +1907,7 @@ discard block |
||
| 1907 | 1907 | } |
| 1908 | 1908 | |
| 1909 | 1909 | // Somethimes Duo return success but fail to return a URL, double check if the URL has been created |
| 1910 | - if (!empty($duo_redirect_url) && isset($duo_redirect_url) && filter_var($duo_redirect_url,FILTER_SANITIZE_URL)) { |
|
| 1910 | + if (!empty($duo_redirect_url) && isset($duo_redirect_url) && filter_var($duo_redirect_url, FILTER_SANITIZE_URL)) { |
|
| 1911 | 1911 | // Since Duo Universal requires a redirect, let's store some info when the user get's back after completing the Duo prompt |
| 1912 | 1912 | $key = hash('sha256', $duo_state); |
| 1913 | 1913 | $iv = substr(hash('sha256', $duo_state), 0, 16); |
@@ -1935,7 +1935,7 @@ discard block |
||
| 1935 | 1935 | } else { |
| 1936 | 1936 | return [ |
| 1937 | 1937 | 'error' => true, |
| 1938 | - 'message' => $duo_error . $lang->get('duo_error_url'), |
|
| 1938 | + 'message' => $duo_error.$lang->get('duo_error_url'), |
|
| 1939 | 1939 | 'pwd_attempts' => (int) $sessionPwdAttempts, |
| 1940 | 1940 | 'proceedIdentification' => false, |
| 1941 | 1941 | ]; |
@@ -1956,8 +1956,8 @@ discard block |
||
| 1956 | 1956 | // return the response (which should be the user name) |
| 1957 | 1957 | if ($decoded_token['preferred_username'] === $username) { |
| 1958 | 1958 | $session->set('user-duo_status', 'COMPLET'); |
| 1959 | - $session->set('user-duo_state',''); |
|
| 1960 | - $session->set('user-duo_data',''); |
|
| 1959 | + $session->set('user-duo_state', ''); |
|
| 1960 | + $session->set('user-duo_data', ''); |
|
| 1961 | 1961 | $session->set('user-login', $username); |
| 1962 | 1962 | |
| 1963 | 1963 | return [ |
@@ -1968,9 +1968,9 @@ discard block |
||
| 1968 | 1968 | ]; |
| 1969 | 1969 | } else { |
| 1970 | 1970 | // Something wrong, username from the original Duo request is different than the one received now |
| 1971 | - $session->set('user-duo_status',''); |
|
| 1972 | - $session->set('user-duo_state',''); |
|
| 1973 | - $session->set('user-duo_data',''); |
|
| 1971 | + $session->set('user-duo_status', ''); |
|
| 1972 | + $session->set('user-duo_state', ''); |
|
| 1973 | + $session->set('user-duo_data', ''); |
|
| 1974 | 1974 | |
| 1975 | 1975 | return [ |
| 1976 | 1976 | 'error' => true, |
@@ -1981,9 +1981,9 @@ discard block |
||
| 1981 | 1981 | } |
| 1982 | 1982 | } |
| 1983 | 1983 | // If we are here something wrong |
| 1984 | - $session->set('user-duo_status',''); |
|
| 1985 | - $session->set('user-duo_state',''); |
|
| 1986 | - $session->set('user-duo_data',''); |
|
| 1984 | + $session->set('user-duo_status', ''); |
|
| 1985 | + $session->set('user-duo_state', ''); |
|
| 1986 | + $session->set('user-duo_data', ''); |
|
| 1987 | 1987 | return [ |
| 1988 | 1988 | 'error' => true, |
| 1989 | 1989 | 'message' => $lang->get('duo_login_mismatch'), |
@@ -2098,8 +2098,8 @@ discard block |
||
| 2098 | 2098 | // Get user info from DB |
| 2099 | 2099 | $data = DB::queryFirstRow( |
| 2100 | 2100 | 'SELECT u.*, a.value AS api_key |
| 2101 | - FROM ' . prefixTable('users') . ' AS u |
|
| 2102 | - LEFT JOIN ' . prefixTable('api') . ' AS a ON (u.id = a.user_id) |
|
| 2101 | + FROM ' . prefixTable('users').' AS u |
|
| 2102 | + LEFT JOIN ' . prefixTable('api').' AS a ON (u.id = a.user_id) |
|
| 2103 | 2103 | WHERE login = %s AND deleted_at IS NULL', |
| 2104 | 2104 | $login |
| 2105 | 2105 | ); |
@@ -2115,7 +2115,7 @@ discard block |
||
| 2115 | 2115 | $oauth2LoginOngoing = isset($session->get('userOauth2Info')['oauth2LoginOngoing']) ? $session->get('userOauth2Info')['oauth2LoginOngoing'] : false; |
| 2116 | 2116 | $data['oauth2_login_ongoing'] = $oauth2LoginOngoing; |
| 2117 | 2117 | $data['ldap_user_to_be_created'] = $enable_ad_user_auto_creation === true && DB::count() === 0 && $oauth2LoginOngoing !== true ? true : false; |
| 2118 | - $data['oauth2_user_to_be_created'] = (bool)$oauth2_enabled === true && DB::count() === 0 && $oauth2LoginOngoing === true ? true : false; |
|
| 2118 | + $data['oauth2_user_to_be_created'] = (bool) $oauth2_enabled === true && DB::count() === 0 && $oauth2LoginOngoing === true ? true : false; |
|
| 2119 | 2119 | |
| 2120 | 2120 | return $data; |
| 2121 | 2121 | } |
@@ -2630,15 +2630,15 @@ discard block |
||
| 2630 | 2630 | |
| 2631 | 2631 | if ($ret['error'] !== false) { |
| 2632 | 2632 | logEvents($SETTINGS, 'failed_auth', 'bad_duo_mfa', '', stripslashes($username), stripslashes($username)); |
| 2633 | - $session->set('user-duo_status',''); |
|
| 2634 | - $session->set('user-duo_state',''); |
|
| 2635 | - $session->set('user-duo_data',''); |
|
| 2633 | + $session->set('user-duo_status', ''); |
|
| 2634 | + $session->set('user-duo_state', ''); |
|
| 2635 | + $session->set('user-duo_data', ''); |
|
| 2636 | 2636 | return [ |
| 2637 | 2637 | 'error' => true, |
| 2638 | 2638 | 'mfaData' => $ret, |
| 2639 | 2639 | 'mfaQRCodeInfos' => false, |
| 2640 | 2640 | ]; |
| 2641 | - } else if ($ret['duo_url_ready'] === true){ |
|
| 2641 | + } else if ($ret['duo_url_ready'] === true) { |
|
| 2642 | 2642 | return [ |
| 2643 | 2643 | 'error' => false, |
| 2644 | 2644 | 'mfaData' => $ret, |
