paul999 /
phpbb_2fa
@@ -111,18 +111,15 @@ discard block |
||
| 111 | 111 | 'S_UCP_ACTION' => $this->u_action, |
| 112 | 112 | )); |
| 113 | 113 | $this->tpl_name = $module->register_start(); |
| 114 | - } |
|
| 115 | - else |
|
| 114 | + } else |
|
| 116 | 115 | { |
| 117 | 116 | $error[] = 'TFA_MODULE_NO_REGISTER'; |
| 118 | 117 | } |
| 119 | - } |
|
| 120 | - else |
|
| 118 | + } else |
|
| 121 | 119 | { |
| 122 | 120 | $error[] = $this->user->lang('TFA_MODULE_NOT_FOUND', $class); |
| 123 | 121 | } |
| 124 | - } |
|
| 125 | - catch (\Exception $e) |
|
| 122 | + } catch (\Exception $e) |
|
| 126 | 123 | { |
| 127 | 124 | $error[] = $e->getMessage(); |
| 128 | 125 | } |
@@ -154,8 +151,7 @@ discard block |
||
| 154 | 151 | if (!check_form_key('ucp_tfa_keys')) |
| 155 | 152 | { |
| 156 | 153 | $error[] = 'FORM_INVALID'; |
| 157 | - } |
|
| 158 | - else |
|
| 154 | + } else |
|
| 159 | 155 | { |
| 160 | 156 | $this->delete_keys(); |
| 161 | 157 | } |
@@ -59,11 +59,11 @@ discard block |
||
| 59 | 59 | $this->user = $user; |
| 60 | 60 | $this->request = $request; |
| 61 | 61 | $this->template = $template; |
| 62 | - $this->root_path= $root_path; |
|
| 62 | + $this->root_path = $root_path; |
|
| 63 | 63 | |
| 64 | - $this->registration_table = $registration_table; |
|
| 64 | + $this->registration_table = $registration_table; |
|
| 65 | 65 | |
| 66 | - $this->u2f = new \paul999\u2f\U2F('https://' . $this->request->server('HTTP_HOST')); |
|
| 66 | + $this->u2f = new \paul999\u2f\U2F('https://'.$this->request->server('HTTP_HOST')); |
|
| 67 | 67 | } |
| 68 | 68 | |
| 69 | 69 | /** |
@@ -190,9 +190,9 @@ discard block |
||
| 190 | 190 | try |
| 191 | 191 | { |
| 192 | 192 | $sql = 'SELECT u2f_request |
| 193 | - FROM ' . SESSIONS_TABLE . " |
|
| 193 | + FROM ' . SESSIONS_TABLE." |
|
| 194 | 194 | WHERE |
| 195 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 195 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 196 | 196 | session_user_id = " . (int) $this->user->data['user_id']; |
| 197 | 197 | $result = $this->db->sql_query($sql); |
| 198 | 198 | $row = $this->db->sql_fetchrow($result); |
@@ -222,7 +222,7 @@ discard block |
||
| 222 | 222 | 'last_used' => time(), |
| 223 | 223 | ); |
| 224 | 224 | |
| 225 | - $sql = 'UPDATE ' . $this->registration_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE registration_id = ' . (int) $reg->getId(); |
|
| 225 | + $sql = 'UPDATE '.$this->registration_table.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary).' WHERE registration_id = '.(int) $reg->getId(); |
|
| 226 | 226 | $this->db->sql_query($sql); |
| 227 | 227 | |
| 228 | 228 | return true; |
@@ -318,7 +318,7 @@ discard block |
||
| 318 | 318 | 'last_used' => time(), |
| 319 | 319 | ); |
| 320 | 320 | |
| 321 | - $sql = 'INSERT INTO ' . $this->registration_table . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); |
|
| 321 | + $sql = 'INSERT INTO '.$this->registration_table.' '.$this->db->sql_build_array('INSERT', $sql_ary); |
|
| 322 | 322 | $this->db->sql_query($sql); |
| 323 | 323 | |
| 324 | 324 | $sql_ary = array( |
@@ -350,8 +350,8 @@ discard block |
||
| 350 | 350 | */ |
| 351 | 351 | public function delete($key) |
| 352 | 352 | { |
| 353 | - $sql = 'DELETE FROM ' . $this->registration_table . ' |
|
| 354 | - WHERE user_id = ' . (int) $this->user->data['user_id'] . ' |
|
| 353 | + $sql = 'DELETE FROM '.$this->registration_table.' |
|
| 354 | + WHERE user_id = ' . (int) $this->user->data['user_id'].' |
|
| 355 | 355 | AND registration_id =' . (int) $key; |
| 356 | 356 | |
| 357 | 357 | $this->db->sql_query($sql); |
@@ -393,7 +393,7 @@ discard block |
||
| 393 | 393 | */ |
| 394 | 394 | private function getRegistrations($user_id) |
| 395 | 395 | { |
| 396 | - $sql = 'SELECT * FROM ' . $this->registration_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 396 | + $sql = 'SELECT * FROM '.$this->registration_table.' WHERE user_id = '.(int) $user_id; |
|
| 397 | 397 | $result = $this->db->sql_query($sql); |
| 398 | 398 | $rows = array(); |
| 399 | 399 | |
@@ -481,9 +481,9 @@ discard block |
||
| 481 | 481 | */ |
| 482 | 482 | private function update_session($sql_ary) |
| 483 | 483 | { |
| 484 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 484 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 485 | 485 | WHERE |
| 486 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 486 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 487 | 487 | session_user_id = " . (int) $this->user->data['user_id']; |
| 488 | 488 | $this->db->sql_query($sql); |
| 489 | 489 | |
@@ -123,8 +123,7 @@ discard block |
||
| 123 | 123 | if (!empty($secure)) |
| 124 | 124 | { |
| 125 | 125 | return 'on' === strtolower($secure) || '1' == $secure; |
| 126 | - } |
|
| 127 | - else if ('443' == $this->request->server('SERVER_PORT')) |
|
| 126 | + } else if ('443' == $this->request->server('SERVER_PORT')) |
|
| 128 | 127 | { |
| 129 | 128 | return true; |
| 130 | 129 | } |
@@ -207,10 +206,12 @@ discard block |
||
| 207 | 206 | |
| 208 | 207 | if (property_exists($response, 'errorCode')) |
| 209 | 208 | { |
| 210 | - if ($response->errorCode == 4) // errorCode 4 means that this device wasn't registered |
|
| 209 | + if ($response->errorCode == 4) { |
|
| 210 | + // errorCode 4 means that this device wasn't registered |
|
| 211 | 211 | { |
| 212 | 212 | throw new http_exception(403, 'TFA_NOT_REGISTERED'); |
| 213 | 213 | } |
| 214 | + } |
|
| 214 | 215 | throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); |
| 215 | 216 | } |
| 216 | 217 | $result = new AuthenticationResponse($response->signatureData, $response->clientData, $response->keyHandle); // Do not need to include errorCode, as we already handled it. |
@@ -226,12 +227,10 @@ discard block |
||
| 226 | 227 | $this->db->sql_query($sql); |
| 227 | 228 | |
| 228 | 229 | return true; |
| 229 | - } |
|
| 230 | - catch (U2fError $error) |
|
| 230 | + } catch (U2fError $error) |
|
| 231 | 231 | { |
| 232 | 232 | $this->createError($error); |
| 233 | - } |
|
| 234 | - catch (\InvalidArgumentException $invalid) |
|
| 233 | + } catch (\InvalidArgumentException $invalid) |
|
| 235 | 234 | { |
| 236 | 235 | throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG'); |
| 237 | 236 | } |
@@ -326,8 +325,7 @@ discard block |
||
| 326 | 325 | ); |
| 327 | 326 | |
| 328 | 327 | $this->update_session($sql_ary); |
| 329 | - } |
|
| 330 | - catch (U2fError $err) |
|
| 328 | + } catch (U2fError $err) |
|
| 331 | 329 | { |
| 332 | 330 | $this->createError($err); |
| 333 | 331 | } |
@@ -79,13 +79,13 @@ discard block |
||
| 79 | 79 | */ |
| 80 | 80 | public function __construct(session_helper_interface $session_helper, user $user, request_interface $request, driver_interface $db, template $template, config $config, $php_ext, $root_path) |
| 81 | 81 | { |
| 82 | - $this->session_helper = $session_helper; |
|
| 83 | - $this->user = $user; |
|
| 84 | - $this->request = $request; |
|
| 85 | - $this->config = $config; |
|
| 86 | - $this->db = $db; |
|
| 82 | + $this->session_helper = $session_helper; |
|
| 83 | + $this->user = $user; |
|
| 84 | + $this->request = $request; |
|
| 85 | + $this->config = $config; |
|
| 86 | + $this->db = $db; |
|
| 87 | 87 | $this->template = $template; |
| 88 | - $this->php_ext = $php_ext; |
|
| 88 | + $this->php_ext = $php_ext; |
|
| 89 | 89 | $this->root_path = $root_path; |
| 90 | 90 | } |
| 91 | 91 | |
@@ -127,7 +127,7 @@ discard block |
||
| 127 | 127 | } |
| 128 | 128 | if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->session_helper->isTfaRequired($this->user->data['user_id'], false, $this->user->data) && !$this->session_helper->isTfaRegistered($this->user->data['user_id'])) |
| 129 | 129 | { |
| 130 | - $sql = 'SELECT module_id FROM ' . MODULES_TABLE . " WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 130 | + $sql = 'SELECT module_id FROM '.MODULES_TABLE." WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 131 | 131 | $result = $this->db->sql_query($sql, 3600); |
| 132 | 132 | $allowed_i = array(); |
| 133 | 133 | |
@@ -139,14 +139,14 @@ discard block |
||
| 139 | 139 | $ucp_mode = '-paul999-tfa-ucp-tfa_module'; |
| 140 | 140 | $allowed_i[] = $ucp_mode; |
| 141 | 141 | |
| 142 | - if ($this->user->page['page_name'] === 'ucp.' . $this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 142 | + if ($this->user->page['page_name'] === 'ucp.'.$this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 143 | 143 | { |
| 144 | 144 | return; // We are at our UCP page, so skip any other checks. This page is always available |
| 145 | 145 | } |
| 146 | 146 | $this->user->add_lang_ext('paul999/tfa', 'common'); |
| 147 | 147 | $url = append_sid("{$this->root_path}ucp.{$this->php_ext}", "i={$ucp_mode}"); |
| 148 | - $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="' . $url . '">', '</a>'); |
|
| 149 | - $msg_title = $this->user->lang['INFORMATION']; |
|
| 148 | + $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="'.$url.'">', '</a>'); |
|
| 149 | + $msg_title = $this->user->lang['INFORMATION']; |
|
| 150 | 150 | |
| 151 | 151 | page_header($msg_title); |
| 152 | 152 | |
@@ -193,8 +193,7 @@ |
||
| 193 | 193 | // We simply return and continue the login procedure (The normal way :)), |
| 194 | 194 | // and will disable all pages until he has added a 2FA key. |
| 195 | 195 | return $event; |
| 196 | - } |
|
| 197 | - else |
|
| 196 | + } else |
|
| 198 | 197 | { |
| 199 | 198 | $this->session_helper->generate_page($event['login']['user_row']['user_id'], $event['admin'], $event['view_online'], !$this->request->is_set_post('viewonline'), $this->request->variable('redirect', '')); |
| 200 | 199 | } |
@@ -85,15 +85,15 @@ discard block |
||
| 85 | 85 | */ |
| 86 | 86 | public function __construct(helper $controller_helper, driver_interface $db, template $template, user $user, request_interface $request, config $config, session_helper_interface $session_helper, $root_path, $php_ext) |
| 87 | 87 | { |
| 88 | - $this->controller_helper = $controller_helper; |
|
| 89 | - $this->template = $template; |
|
| 90 | - $this->db = $db; |
|
| 91 | - $this->user = $user; |
|
| 92 | - $this->request = $request; |
|
| 93 | - $this->config = $config; |
|
| 94 | - $this->session_helper = $session_helper; |
|
| 95 | - $this->root_path = $root_path; |
|
| 96 | - $this->php_ext = $php_ext; |
|
| 88 | + $this->controller_helper = $controller_helper; |
|
| 89 | + $this->template = $template; |
|
| 90 | + $this->db = $db; |
|
| 91 | + $this->user = $user; |
|
| 92 | + $this->request = $request; |
|
| 93 | + $this->config = $config; |
|
| 94 | + $this->session_helper = $session_helper; |
|
| 95 | + $this->root_path = $root_path; |
|
| 96 | + $this->php_ext = $php_ext; |
|
| 97 | 97 | |
| 98 | 98 | } |
| 99 | 99 | |
@@ -129,9 +129,9 @@ discard block |
||
| 129 | 129 | 'tfa_random' => '', |
| 130 | 130 | 'tfa_uid' => 0, |
| 131 | 131 | ); |
| 132 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 132 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 133 | 133 | WHERE |
| 134 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 134 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 135 | 135 | session_user_id = " . (int) $this->user->data['user_id']; |
| 136 | 136 | $this->db->sql_query($sql); |
| 137 | 137 | |
@@ -187,8 +187,8 @@ discard block |
||
| 187 | 187 | if ($admin) |
| 188 | 188 | { |
| 189 | 189 | // the login array is used because the user ids do not differ for re-authentication |
| 190 | - $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
|
| 191 | - WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "' |
|
| 190 | + $sql = 'DELETE FROM '.SESSIONS_TABLE." |
|
| 191 | + WHERE session_id = '" . $this->db->sql_escape($old_session_id)."' |
|
| 192 | 192 | AND session_user_id = " . (int) $user_id; |
| 193 | 193 | $this->db->sql_query($sql); |
| 194 | 194 | |
@@ -155,15 +155,13 @@ |
||
| 155 | 155 | $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); |
| 156 | 156 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 157 | 157 | } |
| 158 | - } |
|
| 159 | - catch (http_exception $ex) // @TODO: Replace exception with own exception |
|
| 158 | + } catch (http_exception $ex) // @TODO: Replace exception with own exception |
|
| 160 | 159 | { |
| 161 | 160 | if ($ex->getStatusCode() == 400) |
| 162 | 161 | { |
| 163 | 162 | $this->template->assign_var('S_ERROR', $this->user->lang($ex->getMessage())); |
| 164 | 163 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 165 | - } |
|
| 166 | - else |
|
| 164 | + } else |
|
| 167 | 165 | { |
| 168 | 166 | throw $ex; |
| 169 | 167 | } |
