paul999 /
phpbb_2fa
@@ -177,8 +177,8 @@ discard block |
||
| 177 | 177 | $sql_ary = array( |
| 178 | 178 | 'last_used' => time(), |
| 179 | 179 | ); |
| 180 | - $sql = 'UPDATE ' . $this->otp_registration_table . ' |
|
| 181 | - SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' |
|
| 180 | + $sql = 'UPDATE '.$this->otp_registration_table.' |
|
| 181 | + SET ' . $this->db->sql_build_array('UPDATE', $sql_ary).' |
|
| 182 | 182 | WHERE |
| 183 | 183 | registration_id = ' . (int) $registration['registration_id']; |
| 184 | 184 | $this->db->sql_query($sql); |
@@ -210,7 +210,7 @@ discard block |
||
| 210 | 210 | $secret = $this->otp->generateSecret(); |
| 211 | 211 | $QR = $this->otp_helper->generateKeyURI('totp', $secret, $this->user->data['username'], generate_board_url(), 0, 'sha1'); |
| 212 | 212 | $this->template->assign_vars(array( |
| 213 | - 'TFA_QR_CODE' => 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=' . $QR, |
|
| 213 | + 'TFA_QR_CODE' => 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl='.$QR, |
|
| 214 | 214 | 'TFA_SECRET' => $secret, |
| 215 | 215 | 'L_TFA_ADD_OTP_KEY_EXPLAIN' => $this->user->lang('TFA_ADD_OTP_KEY_EXPLAIN', $secret), |
| 216 | 216 | 'S_HIDDEN_FIELDS_MODULE' => build_hidden_fields(array( |
@@ -230,7 +230,7 @@ discard block |
||
| 230 | 230 | public function register() |
| 231 | 231 | { |
| 232 | 232 | $secret = $this->request->variable('secret', ''); |
| 233 | - $otp = $this->request->variable('register', ''); |
|
| 233 | + $otp = $this->request->variable('register', ''); |
|
| 234 | 234 | |
| 235 | 235 | if (!$this->otp->checkTOTP($secret, $otp, 'sha1')) |
| 236 | 236 | { |
@@ -244,7 +244,7 @@ discard block |
||
| 244 | 244 | 'last_used' => time(), |
| 245 | 245 | ); |
| 246 | 246 | |
| 247 | - $sql = 'INSERT INTO ' . $this->otp_registration_table . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); |
|
| 247 | + $sql = 'INSERT INTO '.$this->otp_registration_table.' '.$this->db->sql_build_array('INSERT', $sql_ary); |
|
| 248 | 248 | $this->db->sql_query($sql); |
| 249 | 249 | } |
| 250 | 250 | |
@@ -267,8 +267,8 @@ discard block |
||
| 267 | 267 | */ |
| 268 | 268 | public function delete($key) |
| 269 | 269 | { |
| 270 | - $sql = 'DELETE FROM ' . $this->otp_registration_table . ' |
|
| 271 | - WHERE user_id = ' . (int) $this->user->data['user_id'] . ' |
|
| 270 | + $sql = 'DELETE FROM '.$this->otp_registration_table.' |
|
| 271 | + WHERE user_id = ' . (int) $this->user->data['user_id'].' |
|
| 272 | 272 | AND registration_id =' . (int) $key; |
| 273 | 273 | |
| 274 | 274 | $this->db->sql_query($sql); |
@@ -281,7 +281,7 @@ discard block |
||
| 281 | 281 | */ |
| 282 | 282 | private function getRegistrations($user_id) |
| 283 | 283 | { |
| 284 | - $sql = 'SELECT * FROM ' . $this->otp_registration_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 284 | + $sql = 'SELECT * FROM '.$this->otp_registration_table.' WHERE user_id = '.(int) $user_id; |
|
| 285 | 285 | $result = $this->db->sql_query($sql); |
| 286 | 286 | $rows = $this->db->sql_fetchrowset($result); |
| 287 | 287 | |
@@ -199,8 +199,7 @@ |
||
| 199 | 199 | // We simply return and continue the login procedure (The normal way :)), |
| 200 | 200 | // and will disable all pages until he has added a 2FA key. |
| 201 | 201 | return $event; |
| 202 | - } |
|
| 203 | - else |
|
| 202 | + } else |
|
| 204 | 203 | { |
| 205 | 204 | $this->session_helper->generate_page($event['login']['user_row']['user_id'], $event['admin'], $event['autologin'], !$this->request->is_set_post('viewonline'), $this->request->variable('redirect', '')); |
| 206 | 205 | } |
@@ -80,13 +80,13 @@ discard block |
||
| 80 | 80 | */ |
| 81 | 81 | public function __construct(session_helper_interface $session_helper, user $user, request_interface $request, driver_interface $db, template $template, config $config, $php_ext, $root_path) |
| 82 | 82 | { |
| 83 | - $this->session_helper = $session_helper; |
|
| 84 | - $this->user = $user; |
|
| 85 | - $this->request = $request; |
|
| 86 | - $this->config = $config; |
|
| 87 | - $this->db = $db; |
|
| 83 | + $this->session_helper = $session_helper; |
|
| 84 | + $this->user = $user; |
|
| 85 | + $this->request = $request; |
|
| 86 | + $this->config = $config; |
|
| 87 | + $this->db = $db; |
|
| 88 | 88 | $this->template = $template; |
| 89 | - $this->php_ext = $php_ext; |
|
| 89 | + $this->php_ext = $php_ext; |
|
| 90 | 90 | $this->root_path = $root_path; |
| 91 | 91 | } |
| 92 | 92 | |
@@ -138,7 +138,7 @@ discard block |
||
| 138 | 138 | if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data) && !$this->session_helper->is_tfa_registered($this->user->data['user_id'])) |
| 139 | 139 | { |
| 140 | 140 | @define('SKIP_CHECK_DISABLED', true); |
| 141 | - if ($this->user->page['page_name'] === 'memberlist.' . $this->php_ext && $this->request->variable('mode', '') == 'contactadmin') |
|
| 141 | + if ($this->user->page['page_name'] === 'memberlist.'.$this->php_ext && $this->request->variable('mode', '') == 'contactadmin') |
|
| 142 | 142 | { |
| 143 | 143 | // We are at the contact admin page. We will allow this in all cases. |
| 144 | 144 | return; |
@@ -146,18 +146,18 @@ discard block |
||
| 146 | 146 | |
| 147 | 147 | $this->user->set_cookie('rn', $this->user->data['session_id'], time() + 3600 * 24, true); |
| 148 | 148 | |
| 149 | - $msg_title = $this->user->lang['INFORMATION']; |
|
| 149 | + $msg_title = $this->user->lang['INFORMATION']; |
|
| 150 | 150 | if ($this->session_helper->is_tfa_key_registred($this->user->data['user_id'])) |
| 151 | 151 | { |
| 152 | 152 | // the user has keys registered, but they are not usable (Might be due to browser requirements, or others) |
| 153 | 153 | // We will not allow them to register a new key. They will need to contact the admin instead unfortunately. |
| 154 | 154 | $url = phpbb_get_board_contact_link($this->config, $this->root_path, $this->php_ext); |
| 155 | - $msg_text = $this->user->lang('TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE', '<a href="' . $url . '">', '</a>'); |
|
| 155 | + $msg_text = $this->user->lang('TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE', '<a href="'.$url.'">', '</a>'); |
|
| 156 | 156 | $this->user->session_kill(); |
| 157 | 157 | $this->generate_fatal_error($msg_title, $msg_text); |
| 158 | 158 | } |
| 159 | 159 | |
| 160 | - $sql = 'SELECT module_id FROM ' . MODULES_TABLE . " WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 160 | + $sql = 'SELECT module_id FROM '.MODULES_TABLE." WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 161 | 161 | $result = $this->db->sql_query($sql, 3600); |
| 162 | 162 | $allowed_i = array(); |
| 163 | 163 | |
@@ -169,18 +169,18 @@ discard block |
||
| 169 | 169 | $ucp_mode = '-paul999-tfa-ucp-tfa_module'; |
| 170 | 170 | $allowed_i[] = $ucp_mode; |
| 171 | 171 | |
| 172 | - if ($this->user->page['page_name'] === 'ucp.' . $this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 172 | + if ($this->user->page['page_name'] === 'ucp.'.$this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 173 | 173 | { |
| 174 | 174 | return; // We are at our UCP page, so skip any other checks. This page is always available |
| 175 | 175 | } |
| 176 | 176 | $url = append_sid("{$this->root_path}ucp.{$this->php_ext}", "i={$ucp_mode}"); |
| 177 | - $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="' . $url . '">', '</a>'); |
|
| 177 | + $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="'.$url.'">', '</a>'); |
|
| 178 | 178 | |
| 179 | 179 | $this->generate_fatal_error($msg_title, $msg_text); |
| 180 | 180 | } |
| 181 | 181 | |
| 182 | 182 | // If the user had no key when logged in, but now has a key, we will force him to use the key. |
| 183 | - if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->request->variable($this->config['cookie_name'] . '_rn', '', false, request_interface::COOKIE) !== '' && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data)) |
|
| 183 | + if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->request->variable($this->config['cookie_name'].'_rn', '', false, request_interface::COOKIE) !== '' && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data)) |
|
| 184 | 184 | { |
| 185 | 185 | $this->session_helper->generate_page($this->user->data['user_id'], false, $this->user->data['session_autologin'], $this->user->data['session_viewonline'], $this->user->page['page'], true); |
| 186 | 186 | } |
@@ -162,8 +162,7 @@ discard block |
||
| 162 | 162 | $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); |
| 163 | 163 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 164 | 164 | } |
| 165 | - } |
|
| 166 | - catch (http_exception $ex) // @TODO: Replace exception with own exception |
|
| 165 | + } catch (http_exception $ex) // @TODO: Replace exception with own exception |
|
| 167 | 166 | { |
| 168 | 167 | |
| 169 | 168 | $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]); |
@@ -177,8 +176,7 @@ discard block |
||
| 177 | 176 | { |
| 178 | 177 | $this->template->assign_var('S_ERROR', $this->user->lang($ex->getMessage())); |
| 179 | 178 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 180 | - } |
|
| 181 | - else |
|
| 179 | + } else |
|
| 182 | 180 | { |
| 183 | 181 | throw $ex; |
| 184 | 182 | } |
@@ -81,14 +81,14 @@ discard block |
||
| 81 | 81 | */ |
| 82 | 82 | public function __construct(driver_interface $db, template $template, user $user, request_interface $request, log $log, session_helper_interface $session_helper, $root_path, $php_ext) |
| 83 | 83 | { |
| 84 | - $this->template = $template; |
|
| 85 | - $this->db = $db; |
|
| 86 | - $this->user = $user; |
|
| 84 | + $this->template = $template; |
|
| 85 | + $this->db = $db; |
|
| 86 | + $this->user = $user; |
|
| 87 | 87 | $this->request = $request; |
| 88 | - $this->session_helper = $session_helper; |
|
| 89 | - $this->root_path = $root_path; |
|
| 88 | + $this->session_helper = $session_helper; |
|
| 89 | + $this->root_path = $root_path; |
|
| 90 | 90 | $this->php_ext = $php_ext; |
| 91 | - $this->log = $log; |
|
| 91 | + $this->log = $log; |
|
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | /** |
@@ -123,9 +123,9 @@ discard block |
||
| 123 | 123 | 'tfa_random' => '', |
| 124 | 124 | 'tfa_uid' => 0, |
| 125 | 125 | ); |
| 126 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 126 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 127 | 127 | WHERE |
| 128 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 128 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 129 | 129 | session_user_id = " . (int) $this->user->data['user_id']; |
| 130 | 130 | $this->db->sql_query($sql); |
| 131 | 131 | |
@@ -146,7 +146,7 @@ discard block |
||
| 146 | 146 | { |
| 147 | 147 | if (!$module->login($user_id)) |
| 148 | 148 | { |
| 149 | - $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION',false, ['TFA_INCORRECT_KEY']); |
|
| 149 | + $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, ['TFA_INCORRECT_KEY']); |
|
| 150 | 150 | $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); |
| 151 | 151 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 152 | 152 | } |
@@ -190,8 +190,8 @@ discard block |
||
| 190 | 190 | if ($admin) |
| 191 | 191 | { |
| 192 | 192 | // the login array is used because the user ids do not differ for re-authentication |
| 193 | - $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
|
| 194 | - WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "' |
|
| 193 | + $sql = 'DELETE FROM '.SESSIONS_TABLE." |
|
| 194 | + WHERE session_id = '" . $this->db->sql_escape($old_session_id)."' |
|
| 195 | 195 | AND session_user_id = " . (int) $user_id; |
| 196 | 196 | $this->db->sql_query($sql); |
| 197 | 197 | |
@@ -43,8 +43,8 @@ discard block |
||
| 43 | 43 | 'title' => 'ACP_TFA_SETTINGS', |
| 44 | 44 | 'vars' => array( |
| 45 | 45 | 'legend1' => 'ACP_TFA_SETTINGS', |
| 46 | - 'tfa_mode' => array('lang' => 'TFA_MODE', 'validate' => 'int', 'type' => 'select', 'method' => 'select_tfa_method', 'explain' => true), |
|
| 47 | - 'tfa_acp' => array('lang' => 'TFA_ACP', 'validate' => 'int', 'type' => 'radio:no_yes', 'explain' => true), |
|
| 46 | + 'tfa_mode' => array('lang' => 'TFA_MODE', 'validate' => 'int', 'type' => 'select', 'method' => 'select_tfa_method', 'explain' => true), |
|
| 47 | + 'tfa_acp' => array('lang' => 'TFA_ACP', 'validate' => 'int', 'type' => 'radio:no_yes', 'explain' => true), |
|
| 48 | 48 | |
| 49 | 49 | 'legend4' => 'ACP_SUBMIT_CHANGES', |
| 50 | 50 | ) |
@@ -98,12 +98,12 @@ discard block |
||
| 98 | 98 | |
| 99 | 99 | if ($submit) |
| 100 | 100 | { |
| 101 | - $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_TFA_CONFIG_' . strtoupper($mode)); |
|
| 101 | + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_TFA_CONFIG_'.strtoupper($mode)); |
|
| 102 | 102 | |
| 103 | 103 | $message = $user->lang('CONFIG_UPDATED'); |
| 104 | 104 | $message_type = E_USER_NOTICE; |
| 105 | 105 | |
| 106 | - trigger_error($message . adm_back_link($this->u_action), $message_type); |
|
| 106 | + trigger_error($message.adm_back_link($this->u_action), $message_type); |
|
| 107 | 107 | } |
| 108 | 108 | |
| 109 | 109 | if (!$request->is_secure()) |
@@ -116,7 +116,7 @@ discard block |
||
| 116 | 116 | |
| 117 | 117 | $template->assign_vars(array( |
| 118 | 118 | 'L_TITLE' => $user->lang($display_vars['title']), |
| 119 | - 'L_TITLE_EXPLAIN' => $user->lang($display_vars['title'] . '_EXPLAIN'), |
|
| 119 | + 'L_TITLE_EXPLAIN' => $user->lang($display_vars['title'].'_EXPLAIN'), |
|
| 120 | 120 | |
| 121 | 121 | 'S_ERROR' => (sizeof($error)) ? true : false, |
| 122 | 122 | 'ERROR_MSG' => implode('<br />', $error), |
@@ -145,9 +145,9 @@ discard block |
||
| 145 | 145 | $type = explode(':', $vars['type']); |
| 146 | 146 | |
| 147 | 147 | $l_explain = ''; |
| 148 | - if ($vars['explain'] && array_key_exists($vars['lang'] . '_EXPLAIN', $user->lang)) |
|
| 148 | + if ($vars['explain'] && array_key_exists($vars['lang'].'_EXPLAIN', $user->lang)) |
|
| 149 | 149 | { |
| 150 | - $l_explain = $user->lang($vars['lang'] . '_EXPLAIN'); |
|
| 150 | + $l_explain = $user->lang($vars['lang'].'_EXPLAIN'); |
|
| 151 | 151 | } |
| 152 | 152 | |
| 153 | 153 | $content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars); |
@@ -187,7 +187,7 @@ discard block |
||
| 187 | 187 | foreach ($act_ary as $key => $data) |
| 188 | 188 | { |
| 189 | 189 | $selected = ($data == $selected_value) ? ' selected="selected"' : ''; |
| 190 | - $act_options .= '<option value="' . $data . '"' . $selected . '>' . $user->lang($key) . '</option>'; |
|
| 190 | + $act_options .= '<option value="'.$data.'"'.$selected.'>'.$user->lang($key).'</option>'; |
|
| 191 | 191 | } |
| 192 | 192 | return $act_options; |
| 193 | 193 | } |
@@ -88,14 +88,14 @@ discard block |
||
| 88 | 88 | */ |
| 89 | 89 | public function __construct(driver_interface $db, config $config, user $user, service_collection $modules, template $template, helper $controller_helper, $registration_table, $user_table) |
| 90 | 90 | { |
| 91 | - $this->db = $db; |
|
| 92 | - $this->user = $user; |
|
| 93 | - $this->config = $config; |
|
| 94 | - $this->template = $template; |
|
| 91 | + $this->db = $db; |
|
| 92 | + $this->user = $user; |
|
| 93 | + $this->config = $config; |
|
| 94 | + $this->template = $template; |
|
| 95 | 95 | $this->controller_helper = $controller_helper; |
| 96 | 96 | $this->registration_table = $registration_table; |
| 97 | - $this->user_table = $user_table; |
|
| 98 | - $this->module_data = $modules; |
|
| 97 | + $this->user_table = $user_table; |
|
| 98 | + $this->module_data = $modules; |
|
| 99 | 99 | } |
| 100 | 100 | |
| 101 | 101 | /** |
@@ -283,9 +283,9 @@ discard block |
||
| 283 | 283 | 'tfa_random' => $random, |
| 284 | 284 | 'tfa_uid' => $user_id, |
| 285 | 285 | ); |
| 286 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 286 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 287 | 287 | WHERE |
| 288 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 288 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 289 | 289 | session_user_id = " . (int) $this->user->data['user_id']; |
| 290 | 290 | $this->db->sql_query($sql); |
| 291 | 291 | |
@@ -314,7 +314,7 @@ discard block |
||
| 314 | 314 | { |
| 315 | 315 | if (empty($userdata)) |
| 316 | 316 | { |
| 317 | - $sql = 'SELECT * FROM ' . $this->user_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 317 | + $sql = 'SELECT * FROM '.$this->user_table.' WHERE user_id = '.(int) $user_id; |
|
| 318 | 318 | $result = $this->db->sql_query($sql); |
| 319 | 319 | $userdata = $this->db->sql_fetchrow($result); |
| 320 | 320 | $this->db->sql_freeresult($result); |
@@ -31,7 +31,7 @@ |
||
| 31 | 31 | $lang, array( |
| 32 | 32 | 'TFA_REQUIRED_KEY_MISSING' => 'Administrator tego forum wymaga, abyś dodał klucz Uwierzytelniania Dwuskładnikowego aby uzyskać dostęp do (pewnych) części tego forum, jednak do Twojego konta nie są przypisane żadne (odpowiednie) klucze. Nowy klucz bezpieczeństwa możesz dodać %s tutaj%s |
| 33 | 33 | <br />Ze względów bezpieczeństwa, dostęp do forum został dla Ciebie zablokowany do momentu aż dodasz klucz bezpieczeństwa do swojego konta. Podczas dodawania klucza może być wymagane podanie hasła!', |
| 34 | - 'TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE' => 'Administrator tego forum wymaga, abyś dodał klucz Uwierzytelniania Dwuskładnikowego aby uzyskać dostęp do (pewnych) części tego forum. Zarejstrowałeś już jakieś klucze, ale niestety z rozmaitych przyczyn nie jesteś w stanie ich użyć. Być może być to wina niewłaściwej przeglądarki. |
|
| 34 | + 'TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE' => 'Administrator tego forum wymaga, abyś dodał klucz Uwierzytelniania Dwuskładnikowego aby uzyskać dostęp do (pewnych) części tego forum. Zarejstrowałeś już jakieś klucze, ale niestety z rozmaitych przyczyn nie jesteś w stanie ich użyć. Być może być to wina niewłaściwej przeglądarki. |
|
| 35 | 35 | <br />Ze względów bezpieczeństwa, nie pozwalamy na dodanie kluczy osobom które są nie w pełni zalogowane. Spróbuj z przeglądarką która działała wcześniej, użyj kluczy zapasowych, albo w ostateczności skontaktuj się z administratorami forum aby wyzerowali twoje klucze przechowywane na serwerze, umożliwiajac ci dodanie właściwych.', |
| 36 | 36 | // Controller |
| 37 | 37 | 'ERR_NO_MATCHING_REQUEST' => 'Nie znaleziono pasującego żądania', |
