paul999 /
phpbb_2fa
@@ -11,8 +11,6 @@ |
||
| 11 | 11 | namespace paul999\tfa\controller; |
| 12 | 12 | |
| 13 | 13 | use paul999\tfa\helper\session_helper_interface; |
| 14 | -use phpbb\config\config; |
|
| 15 | -use phpbb\controller\helper; |
|
| 16 | 14 | use phpbb\db\driver\driver_interface; |
| 17 | 15 | use phpbb\exception\http_exception; |
| 18 | 16 | use phpbb\log\log; |
@@ -81,14 +81,14 @@ discard block |
||
| 81 | 81 | */ |
| 82 | 82 | public function __construct(driver_interface $db, template $template, user $user, request_interface $request, log $log, session_helper_interface $session_helper, $root_path, $php_ext) |
| 83 | 83 | { |
| 84 | - $this->template = $template; |
|
| 85 | - $this->db = $db; |
|
| 86 | - $this->user = $user; |
|
| 84 | + $this->template = $template; |
|
| 85 | + $this->db = $db; |
|
| 86 | + $this->user = $user; |
|
| 87 | 87 | $this->request = $request; |
| 88 | - $this->session_helper = $session_helper; |
|
| 89 | - $this->root_path = $root_path; |
|
| 88 | + $this->session_helper = $session_helper; |
|
| 89 | + $this->root_path = $root_path; |
|
| 90 | 90 | $this->php_ext = $php_ext; |
| 91 | - $this->log = $log; |
|
| 91 | + $this->log = $log; |
|
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | /** |
@@ -123,9 +123,9 @@ discard block |
||
| 123 | 123 | 'tfa_random' => '', |
| 124 | 124 | 'tfa_uid' => 0, |
| 125 | 125 | ); |
| 126 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 126 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 127 | 127 | WHERE |
| 128 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 128 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 129 | 129 | session_user_id = " . (int) $this->user->data['user_id']; |
| 130 | 130 | $this->db->sql_query($sql); |
| 131 | 131 | |
@@ -146,7 +146,7 @@ discard block |
||
| 146 | 146 | { |
| 147 | 147 | if (!$module->login($user_id)) |
| 148 | 148 | { |
| 149 | - $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION',false, ['TFA_INCORRECT_KEY']); |
|
| 149 | + $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, ['TFA_INCORRECT_KEY']); |
|
| 150 | 150 | $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); |
| 151 | 151 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 152 | 152 | } |
@@ -190,8 +190,8 @@ discard block |
||
| 190 | 190 | if ($admin) |
| 191 | 191 | { |
| 192 | 192 | // the login array is used because the user ids do not differ for re-authentication |
| 193 | - $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
|
| 194 | - WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "' |
|
| 193 | + $sql = 'DELETE FROM '.SESSIONS_TABLE." |
|
| 194 | + WHERE session_id = '" . $this->db->sql_escape($old_session_id)."' |
|
| 195 | 195 | AND session_user_id = " . (int) $user_id; |
| 196 | 196 | $this->db->sql_query($sql); |
| 197 | 197 | |
@@ -88,14 +88,14 @@ discard block |
||
| 88 | 88 | */ |
| 89 | 89 | public function __construct(driver_interface $db, config $config, user $user, service_collection $modules, template $template, helper $controller_helper, $registration_table, $user_table) |
| 90 | 90 | { |
| 91 | - $this->db = $db; |
|
| 92 | - $this->user = $user; |
|
| 93 | - $this->config = $config; |
|
| 94 | - $this->template = $template; |
|
| 91 | + $this->db = $db; |
|
| 92 | + $this->user = $user; |
|
| 93 | + $this->config = $config; |
|
| 94 | + $this->template = $template; |
|
| 95 | 95 | $this->controller_helper = $controller_helper; |
| 96 | 96 | $this->registration_table = $registration_table; |
| 97 | - $this->user_table = $user_table; |
|
| 98 | - $this->module_data = $modules; |
|
| 97 | + $this->user_table = $user_table; |
|
| 98 | + $this->module_data = $modules; |
|
| 99 | 99 | |
| 100 | 100 | |
| 101 | 101 | } |
@@ -284,9 +284,9 @@ discard block |
||
| 284 | 284 | 'tfa_random' => $random, |
| 285 | 285 | 'tfa_uid' => $user_id, |
| 286 | 286 | ); |
| 287 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 287 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 288 | 288 | WHERE |
| 289 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 289 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 290 | 290 | session_user_id = " . (int) $this->user->data['user_id']; |
| 291 | 291 | $this->db->sql_query($sql); |
| 292 | 292 | |
@@ -315,7 +315,7 @@ discard block |
||
| 315 | 315 | { |
| 316 | 316 | if (empty($userdata)) |
| 317 | 317 | { |
| 318 | - $sql = 'SELECT * FROM ' . $this->user_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 318 | + $sql = 'SELECT * FROM '.$this->user_table.' WHERE user_id = '.(int) $user_id; |
|
| 319 | 319 | $result = $this->db->sql_query($sql); |
| 320 | 320 | $userdata = $this->db->sql_fetchrow($result); |
| 321 | 321 | $this->db->sql_freeresult($result); |
@@ -80,13 +80,13 @@ discard block |
||
| 80 | 80 | */ |
| 81 | 81 | public function __construct(session_helper_interface $session_helper, user $user, request_interface $request, driver_interface $db, template $template, config $config, $php_ext, $root_path) |
| 82 | 82 | { |
| 83 | - $this->session_helper = $session_helper; |
|
| 84 | - $this->user = $user; |
|
| 85 | - $this->request = $request; |
|
| 86 | - $this->config = $config; |
|
| 87 | - $this->db = $db; |
|
| 83 | + $this->session_helper = $session_helper; |
|
| 84 | + $this->user = $user; |
|
| 85 | + $this->request = $request; |
|
| 86 | + $this->config = $config; |
|
| 87 | + $this->db = $db; |
|
| 88 | 88 | $this->template = $template; |
| 89 | - $this->php_ext = $php_ext; |
|
| 89 | + $this->php_ext = $php_ext; |
|
| 90 | 90 | $this->root_path = $root_path; |
| 91 | 91 | } |
| 92 | 92 | |
@@ -137,7 +137,7 @@ discard block |
||
| 137 | 137 | if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data) && !$this->session_helper->is_tfa_registered($this->user->data['user_id'])) |
| 138 | 138 | { |
| 139 | 139 | @define('SKIP_CHECK_DISABLED', true); |
| 140 | - if ($this->user->page['page_name'] === 'memberlist.' . $this->php_ext && $this->request->variable('mode', '') == 'contactadmin') |
|
| 140 | + if ($this->user->page['page_name'] === 'memberlist.'.$this->php_ext && $this->request->variable('mode', '') == 'contactadmin') |
|
| 141 | 141 | { |
| 142 | 142 | // We are at the contact admin page. We will allow this in all cases. |
| 143 | 143 | return; |
@@ -145,19 +145,19 @@ discard block |
||
| 145 | 145 | |
| 146 | 146 | $this->user->set_cookie('rn', $this->user->data['session_id'], time() + 3600 * 24, true); |
| 147 | 147 | |
| 148 | - $msg_title = $this->user->lang['INFORMATION']; |
|
| 148 | + $msg_title = $this->user->lang['INFORMATION']; |
|
| 149 | 149 | if ($this->session_helper->is_tfa_key_registred($this->user->data['user_id'])) |
| 150 | 150 | { |
| 151 | 151 | // the user has keys registered, but they are not usable (Might be due to browser requirements, or others) |
| 152 | 152 | // We will not allow them to register a new key. They will need to contact the admin instead unfortunately. |
| 153 | 153 | $this->user->add_lang_ext('paul999/tfa', 'common'); |
| 154 | 154 | $url = phpbb_get_board_contact_link($this->config, $this->root_path, $this->php_ext); |
| 155 | - $msg_text = $this->user->lang('TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE', '<a href="' . $url . '">', '</a>'); |
|
| 155 | + $msg_text = $this->user->lang('TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE', '<a href="'.$url.'">', '</a>'); |
|
| 156 | 156 | $this->user->session_kill(); |
| 157 | 157 | $this->generate_fatal_error($msg_title, $msg_text); |
| 158 | 158 | } |
| 159 | 159 | |
| 160 | - $sql = 'SELECT module_id FROM ' . MODULES_TABLE . " WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 160 | + $sql = 'SELECT module_id FROM '.MODULES_TABLE." WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 161 | 161 | $result = $this->db->sql_query($sql, 3600); |
| 162 | 162 | $allowed_i = array(); |
| 163 | 163 | |
@@ -169,19 +169,19 @@ discard block |
||
| 169 | 169 | $ucp_mode = '-paul999-tfa-ucp-tfa_module'; |
| 170 | 170 | $allowed_i[] = $ucp_mode; |
| 171 | 171 | |
| 172 | - if ($this->user->page['page_name'] === 'ucp.' . $this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 172 | + if ($this->user->page['page_name'] === 'ucp.'.$this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 173 | 173 | { |
| 174 | 174 | return; // We are at our UCP page, so skip any other checks. This page is always available |
| 175 | 175 | } |
| 176 | 176 | $this->user->add_lang_ext('paul999/tfa', 'common'); |
| 177 | 177 | $url = append_sid("{$this->root_path}ucp.{$this->php_ext}", "i={$ucp_mode}"); |
| 178 | - $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="' . $url . '">', '</a>'); |
|
| 178 | + $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="'.$url.'">', '</a>'); |
|
| 179 | 179 | |
| 180 | 180 | $this->generate_fatal_error($msg_title, $msg_text); |
| 181 | 181 | } |
| 182 | 182 | |
| 183 | 183 | // If the user had no key when logged in, but now has a key, we will force him to use the key. |
| 184 | - if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->request->variable($this->config['cookie_name'] . '_rn', '', false, request_interface::COOKIE) !== '' && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data)) |
|
| 184 | + if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->request->variable($this->config['cookie_name'].'_rn', '', false, request_interface::COOKIE) !== '' && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data)) |
|
| 185 | 185 | { |
| 186 | 186 | $this->session_helper->generate_page($this->user->data['user_id'], false, $this->user->data['session_autologin'], $this->user->data['session_viewonline'], $this->user->page['page'], true); |
| 187 | 187 | } |
@@ -59,14 +59,14 @@ discard block |
||
| 59 | 59 | $this->user = $user; |
| 60 | 60 | $this->request = $request; |
| 61 | 61 | $this->template = $template; |
| 62 | - $this->root_path= $root_path; |
|
| 62 | + $this->root_path = $root_path; |
|
| 63 | 63 | |
| 64 | - $this->registration_table = $registration_table; |
|
| 64 | + $this->registration_table = $registration_table; |
|
| 65 | 65 | } |
| 66 | 66 | |
| 67 | 67 | private function getU2f() { |
| 68 | 68 | if (empty($this->u2f)) { |
| 69 | - $this->u2f = new \paul999\u2f\U2F('https://' . $this->request->server('HTTP_HOST')); |
|
| 69 | + $this->u2f = new \paul999\u2f\U2F('https://'.$this->request->server('HTTP_HOST')); |
|
| 70 | 70 | } |
| 71 | 71 | return $this->u2f; |
| 72 | 72 | } |
@@ -210,9 +210,9 @@ discard block |
||
| 210 | 210 | try |
| 211 | 211 | { |
| 212 | 212 | $sql = 'SELECT u2f_request |
| 213 | - FROM ' . SESSIONS_TABLE . " |
|
| 213 | + FROM ' . SESSIONS_TABLE." |
|
| 214 | 214 | WHERE |
| 215 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 215 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 216 | 216 | session_user_id = " . (int) $this->user->data['user_id']; |
| 217 | 217 | $result = $this->db->sql_query($sql); |
| 218 | 218 | $row = $this->db->sql_fetchrow($result); |
@@ -242,7 +242,7 @@ discard block |
||
| 242 | 242 | 'last_used' => time(), |
| 243 | 243 | ); |
| 244 | 244 | |
| 245 | - $sql = 'UPDATE ' . $this->registration_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE registration_id = ' . (int) $reg->getId(); |
|
| 245 | + $sql = 'UPDATE '.$this->registration_table.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary).' WHERE registration_id = '.(int) $reg->getId(); |
|
| 246 | 246 | $this->db->sql_query($sql); |
| 247 | 247 | |
| 248 | 248 | return true; |
@@ -339,7 +339,7 @@ discard block |
||
| 339 | 339 | 'last_used' => time(), |
| 340 | 340 | ); |
| 341 | 341 | |
| 342 | - $sql = 'INSERT INTO ' . $this->registration_table . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); |
|
| 342 | + $sql = 'INSERT INTO '.$this->registration_table.' '.$this->db->sql_build_array('INSERT', $sql_ary); |
|
| 343 | 343 | $this->db->sql_query($sql); |
| 344 | 344 | |
| 345 | 345 | $sql_ary = array( |
@@ -371,8 +371,8 @@ discard block |
||
| 371 | 371 | */ |
| 372 | 372 | public function delete($key) |
| 373 | 373 | { |
| 374 | - $sql = 'DELETE FROM ' . $this->registration_table . ' |
|
| 375 | - WHERE user_id = ' . (int) $this->user->data['user_id'] . ' |
|
| 374 | + $sql = 'DELETE FROM '.$this->registration_table.' |
|
| 375 | + WHERE user_id = ' . (int) $this->user->data['user_id'].' |
|
| 376 | 376 | AND registration_id =' . (int) $key; |
| 377 | 377 | |
| 378 | 378 | $this->db->sql_query($sql); |
@@ -414,7 +414,7 @@ discard block |
||
| 414 | 414 | */ |
| 415 | 415 | private function getRegistrations($user_id) |
| 416 | 416 | { |
| 417 | - $sql = 'SELECT * FROM ' . $this->registration_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 417 | + $sql = 'SELECT * FROM '.$this->registration_table.' WHERE user_id = '.(int) $user_id; |
|
| 418 | 418 | $result = $this->db->sql_query($sql); |
| 419 | 419 | $rows = array(); |
| 420 | 420 | |
@@ -502,9 +502,9 @@ discard block |
||
| 502 | 502 | */ |
| 503 | 503 | private function update_session($sql_ary) |
| 504 | 504 | { |
| 505 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 505 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 506 | 506 | WHERE |
| 507 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 507 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 508 | 508 | session_user_id = " . (int) $this->user->data['user_id']; |
| 509 | 509 | $this->db->sql_query($sql); |
| 510 | 510 | |
@@ -190,8 +190,8 @@ discard block |
||
| 190 | 190 | $sql_ary = array( |
| 191 | 191 | 'last_used' => time(), |
| 192 | 192 | ); |
| 193 | - $sql = 'UPDATE ' . $this->otp_registration_table . ' |
|
| 194 | - SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' |
|
| 193 | + $sql = 'UPDATE '.$this->otp_registration_table.' |
|
| 194 | + SET ' . $this->db->sql_build_array('UPDATE', $sql_ary).' |
|
| 195 | 195 | WHERE |
| 196 | 196 | registration_id = ' . (int) $registration['registration_id']; |
| 197 | 197 | $this->db->sql_query($sql); |
@@ -223,7 +223,7 @@ discard block |
||
| 223 | 223 | $secret = $this->otp->generateSecret(); |
| 224 | 224 | $QR = $this->otp_helper->generateKeyURI('totp', $secret, $this->user->data['username'], generate_board_url(), 0, 'sha256'); |
| 225 | 225 | $this->template->assign_vars(array( |
| 226 | - 'TFA_QR_CODE' => 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=' . $QR, |
|
| 226 | + 'TFA_QR_CODE' => 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl='.$QR, |
|
| 227 | 227 | 'TFA_SECRET' => $secret, |
| 228 | 228 | 'L_TFA_ADD_OTP_KEY_EXPLAIN' => $this->user->lang('TFA_ADD_OTP_KEY_EXPLAIN', $secret), |
| 229 | 229 | 'S_HIDDEN_FIELDS_MODULE' => build_hidden_fields(array( |
@@ -242,7 +242,7 @@ discard block |
||
| 242 | 242 | public function register() |
| 243 | 243 | { |
| 244 | 244 | $secret = $this->request->variable('secret', ''); |
| 245 | - $otp = $this->request->variable('register', ''); |
|
| 245 | + $otp = $this->request->variable('register', ''); |
|
| 246 | 246 | |
| 247 | 247 | if (!$this->otp->checkTOTP($secret, $otp, 'sha256')) |
| 248 | 248 | { |
@@ -256,7 +256,7 @@ discard block |
||
| 256 | 256 | 'last_used' => time(), |
| 257 | 257 | ); |
| 258 | 258 | |
| 259 | - $sql = 'INSERT INTO ' . $this->otp_registration_table . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); |
|
| 259 | + $sql = 'INSERT INTO '.$this->otp_registration_table.' '.$this->db->sql_build_array('INSERT', $sql_ary); |
|
| 260 | 260 | $this->db->sql_query($sql); |
| 261 | 261 | } |
| 262 | 262 | |
@@ -279,8 +279,8 @@ discard block |
||
| 279 | 279 | */ |
| 280 | 280 | public function delete($key) |
| 281 | 281 | { |
| 282 | - $sql = 'DELETE FROM ' . $this->otp_registration_table . ' |
|
| 283 | - WHERE user_id = ' . (int) $this->user->data['user_id'] . ' |
|
| 282 | + $sql = 'DELETE FROM '.$this->otp_registration_table.' |
|
| 283 | + WHERE user_id = ' . (int) $this->user->data['user_id'].' |
|
| 284 | 284 | AND registration_id =' . (int) $key; |
| 285 | 285 | |
| 286 | 286 | $this->db->sql_query($sql); |
@@ -293,7 +293,7 @@ discard block |
||
| 293 | 293 | */ |
| 294 | 294 | private function getRegistrations($user_id) |
| 295 | 295 | { |
| 296 | - $sql = 'SELECT * FROM ' . $this->otp_registration_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 296 | + $sql = 'SELECT * FROM '.$this->otp_registration_table.' WHERE user_id = '.(int) $user_id; |
|
| 297 | 297 | $result = $this->db->sql_query($sql); |
| 298 | 298 | $rows = $this->db->sql_fetchrowset($result); |
| 299 | 299 | |
