paul999 /
phpbb_2fa
@@ -177,8 +177,8 @@ discard block |
||
| 177 | 177 | $sql_ary = array( |
| 178 | 178 | 'last_used' => time(), |
| 179 | 179 | ); |
| 180 | - $sql = 'UPDATE ' . $this->otp_registration_table . ' |
|
| 181 | - SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' |
|
| 180 | + $sql = 'UPDATE '.$this->otp_registration_table.' |
|
| 181 | + SET ' . $this->db->sql_build_array('UPDATE', $sql_ary).' |
|
| 182 | 182 | WHERE |
| 183 | 183 | registration_id = ' . (int) $registration['registration_id']; |
| 184 | 184 | $this->db->sql_query($sql); |
@@ -210,7 +210,7 @@ discard block |
||
| 210 | 210 | $secret = $this->otp->generateSecret(); |
| 211 | 211 | $QR = $this->otp_helper->generateKeyURI('totp', $secret, $this->user->data['username'], generate_board_url(), 0, 'sha1'); |
| 212 | 212 | $this->template->assign_vars(array( |
| 213 | - 'TFA_QR_CODE' => 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=' . $QR, |
|
| 213 | + 'TFA_QR_CODE' => 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl='.$QR, |
|
| 214 | 214 | 'TFA_SECRET' => $secret, |
| 215 | 215 | 'L_TFA_ADD_OTP_KEY_EXPLAIN' => $this->user->lang('TFA_ADD_OTP_KEY_EXPLAIN', $secret), |
| 216 | 216 | 'S_HIDDEN_FIELDS_MODULE' => build_hidden_fields(array( |
@@ -230,7 +230,7 @@ discard block |
||
| 230 | 230 | public function register() |
| 231 | 231 | { |
| 232 | 232 | $secret = $this->request->variable('secret', ''); |
| 233 | - $otp = $this->request->variable('register', ''); |
|
| 233 | + $otp = $this->request->variable('register', ''); |
|
| 234 | 234 | |
| 235 | 235 | if (!$this->otp->checkTOTP($secret, $otp, 'sha1')) |
| 236 | 236 | { |
@@ -244,7 +244,7 @@ discard block |
||
| 244 | 244 | 'last_used' => time(), |
| 245 | 245 | ); |
| 246 | 246 | |
| 247 | - $sql = 'INSERT INTO ' . $this->otp_registration_table . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); |
|
| 247 | + $sql = 'INSERT INTO '.$this->otp_registration_table.' '.$this->db->sql_build_array('INSERT', $sql_ary); |
|
| 248 | 248 | $this->db->sql_query($sql); |
| 249 | 249 | } |
| 250 | 250 | |
@@ -267,8 +267,8 @@ discard block |
||
| 267 | 267 | */ |
| 268 | 268 | public function delete($key) |
| 269 | 269 | { |
| 270 | - $sql = 'DELETE FROM ' . $this->otp_registration_table . ' |
|
| 271 | - WHERE user_id = ' . (int) $this->user->data['user_id'] . ' |
|
| 270 | + $sql = 'DELETE FROM '.$this->otp_registration_table.' |
|
| 271 | + WHERE user_id = ' . (int) $this->user->data['user_id'].' |
|
| 272 | 272 | AND registration_id =' . (int) $key; |
| 273 | 273 | |
| 274 | 274 | $this->db->sql_query($sql); |
@@ -281,7 +281,7 @@ discard block |
||
| 281 | 281 | */ |
| 282 | 282 | private function getRegistrations($user_id) |
| 283 | 283 | { |
| 284 | - $sql = 'SELECT * FROM ' . $this->otp_registration_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 284 | + $sql = 'SELECT * FROM '.$this->otp_registration_table.' WHERE user_id = '.(int) $user_id; |
|
| 285 | 285 | $result = $this->db->sql_query($sql); |
| 286 | 286 | $rows = $this->db->sql_fetchrowset($result); |
| 287 | 287 | |
@@ -199,8 +199,7 @@ |
||
| 199 | 199 | // We simply return and continue the login procedure (The normal way :)), |
| 200 | 200 | // and will disable all pages until he has added a 2FA key. |
| 201 | 201 | return $event; |
| 202 | - } |
|
| 203 | - else |
|
| 202 | + } else |
|
| 204 | 203 | { |
| 205 | 204 | $this->session_helper->generate_page($event['login']['user_row']['user_id'], $event['admin'], $event['autologin'], !$this->request->is_set_post('viewonline'), $this->request->variable('redirect', '')); |
| 206 | 205 | } |
@@ -80,13 +80,13 @@ discard block |
||
| 80 | 80 | */ |
| 81 | 81 | public function __construct(session_helper_interface $session_helper, user $user, request_interface $request, driver_interface $db, template $template, config $config, $php_ext, $root_path) |
| 82 | 82 | { |
| 83 | - $this->session_helper = $session_helper; |
|
| 84 | - $this->user = $user; |
|
| 85 | - $this->request = $request; |
|
| 86 | - $this->config = $config; |
|
| 87 | - $this->db = $db; |
|
| 83 | + $this->session_helper = $session_helper; |
|
| 84 | + $this->user = $user; |
|
| 85 | + $this->request = $request; |
|
| 86 | + $this->config = $config; |
|
| 87 | + $this->db = $db; |
|
| 88 | 88 | $this->template = $template; |
| 89 | - $this->php_ext = $php_ext; |
|
| 89 | + $this->php_ext = $php_ext; |
|
| 90 | 90 | $this->root_path = $root_path; |
| 91 | 91 | } |
| 92 | 92 | |
@@ -137,7 +137,7 @@ discard block |
||
| 137 | 137 | if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data) && !$this->session_helper->is_tfa_registered($this->user->data['user_id'])) |
| 138 | 138 | { |
| 139 | 139 | @define('SKIP_CHECK_DISABLED', true); |
| 140 | - if ($this->user->page['page_name'] === 'memberlist.' . $this->php_ext && $this->request->variable('mode', '') == 'contactadmin') |
|
| 140 | + if ($this->user->page['page_name'] === 'memberlist.'.$this->php_ext && $this->request->variable('mode', '') == 'contactadmin') |
|
| 141 | 141 | { |
| 142 | 142 | // We are at the contact admin page. We will allow this in all cases. |
| 143 | 143 | return; |
@@ -145,19 +145,19 @@ discard block |
||
| 145 | 145 | |
| 146 | 146 | $this->user->set_cookie('rn', $this->user->data['session_id'], time() + 3600 * 24, true); |
| 147 | 147 | |
| 148 | - $msg_title = $this->user->lang['INFORMATION']; |
|
| 148 | + $msg_title = $this->user->lang['INFORMATION']; |
|
| 149 | 149 | if ($this->session_helper->is_tfa_key_registred($this->user->data['user_id'])) |
| 150 | 150 | { |
| 151 | 151 | // the user has keys registered, but they are not usable (Might be due to browser requirements, or others) |
| 152 | 152 | // We will not allow them to register a new key. They will need to contact the admin instead unfortunately. |
| 153 | 153 | $this->user->add_lang_ext('paul999/tfa', 'common'); |
| 154 | 154 | $url = phpbb_get_board_contact_link($this->config, $this->root_path, $this->php_ext); |
| 155 | - $msg_text = $this->user->lang('TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE', '<a href="' . $url . '">', '</a>'); |
|
| 155 | + $msg_text = $this->user->lang('TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE', '<a href="'.$url.'">', '</a>'); |
|
| 156 | 156 | $this->user->session_kill(); |
| 157 | 157 | $this->generate_fatal_error($msg_title, $msg_text); |
| 158 | 158 | } |
| 159 | 159 | |
| 160 | - $sql = 'SELECT module_id FROM ' . MODULES_TABLE . " WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 160 | + $sql = 'SELECT module_id FROM '.MODULES_TABLE." WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 161 | 161 | $result = $this->db->sql_query($sql, 3600); |
| 162 | 162 | $allowed_i = array(); |
| 163 | 163 | |
@@ -169,19 +169,19 @@ discard block |
||
| 169 | 169 | $ucp_mode = '-paul999-tfa-ucp-tfa_module'; |
| 170 | 170 | $allowed_i[] = $ucp_mode; |
| 171 | 171 | |
| 172 | - if ($this->user->page['page_name'] === 'ucp.' . $this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 172 | + if ($this->user->page['page_name'] === 'ucp.'.$this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 173 | 173 | { |
| 174 | 174 | return; // We are at our UCP page, so skip any other checks. This page is always available |
| 175 | 175 | } |
| 176 | 176 | $this->user->add_lang_ext('paul999/tfa', 'common'); |
| 177 | 177 | $url = append_sid("{$this->root_path}ucp.{$this->php_ext}", "i={$ucp_mode}"); |
| 178 | - $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="' . $url . '">', '</a>'); |
|
| 178 | + $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="'.$url.'">', '</a>'); |
|
| 179 | 179 | |
| 180 | 180 | $this->generate_fatal_error($msg_title, $msg_text); |
| 181 | 181 | } |
| 182 | 182 | |
| 183 | 183 | // If the user had no key when logged in, but now has a key, we will force him to use the key. |
| 184 | - if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->request->variable($this->config['cookie_name'] . '_rn', '', false, request_interface::COOKIE) !== '' && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data)) |
|
| 184 | + if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->request->variable($this->config['cookie_name'].'_rn', '', false, request_interface::COOKIE) !== '' && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data)) |
|
| 185 | 185 | { |
| 186 | 186 | $this->session_helper->generate_page($this->user->data['user_id'], false, $this->user->data['session_autologin'], $this->user->data['session_viewonline'], $this->user->page['page'], true); |
| 187 | 187 | } |
@@ -162,8 +162,7 @@ discard block |
||
| 162 | 162 | $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); |
| 163 | 163 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 164 | 164 | } |
| 165 | - } |
|
| 166 | - catch (http_exception $ex) // @TODO: Replace exception with own exception |
|
| 165 | + } catch (http_exception $ex) // @TODO: Replace exception with own exception |
|
| 167 | 166 | { |
| 168 | 167 | |
| 169 | 168 | $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]); |
@@ -177,8 +176,7 @@ discard block |
||
| 177 | 176 | { |
| 178 | 177 | $this->template->assign_var('S_ERROR', $this->user->lang($ex->getMessage())); |
| 179 | 178 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 180 | - } |
|
| 181 | - else |
|
| 179 | + } else |
|
| 182 | 180 | { |
| 183 | 181 | throw $ex; |
| 184 | 182 | } |
@@ -81,14 +81,14 @@ discard block |
||
| 81 | 81 | */ |
| 82 | 82 | public function __construct(driver_interface $db, template $template, user $user, request_interface $request, log $log, session_helper_interface $session_helper, $root_path, $php_ext) |
| 83 | 83 | { |
| 84 | - $this->template = $template; |
|
| 85 | - $this->db = $db; |
|
| 86 | - $this->user = $user; |
|
| 84 | + $this->template = $template; |
|
| 85 | + $this->db = $db; |
|
| 86 | + $this->user = $user; |
|
| 87 | 87 | $this->request = $request; |
| 88 | - $this->session_helper = $session_helper; |
|
| 89 | - $this->root_path = $root_path; |
|
| 88 | + $this->session_helper = $session_helper; |
|
| 89 | + $this->root_path = $root_path; |
|
| 90 | 90 | $this->php_ext = $php_ext; |
| 91 | - $this->log = $log; |
|
| 91 | + $this->log = $log; |
|
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | /** |
@@ -123,9 +123,9 @@ discard block |
||
| 123 | 123 | 'tfa_random' => '', |
| 124 | 124 | 'tfa_uid' => 0, |
| 125 | 125 | ); |
| 126 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 126 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 127 | 127 | WHERE |
| 128 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 128 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 129 | 129 | session_user_id = " . (int) $this->user->data['user_id']; |
| 130 | 130 | $this->db->sql_query($sql); |
| 131 | 131 | |
@@ -146,7 +146,7 @@ discard block |
||
| 146 | 146 | { |
| 147 | 147 | if (!$module->login($user_id)) |
| 148 | 148 | { |
| 149 | - $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION',false, ['TFA_INCORRECT_KEY']); |
|
| 149 | + $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, ['TFA_INCORRECT_KEY']); |
|
| 150 | 150 | $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); |
| 151 | 151 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 152 | 152 | } |
@@ -190,8 +190,8 @@ discard block |
||
| 190 | 190 | if ($admin) |
| 191 | 191 | { |
| 192 | 192 | // the login array is used because the user ids do not differ for re-authentication |
| 193 | - $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
|
| 194 | - WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "' |
|
| 193 | + $sql = 'DELETE FROM '.SESSIONS_TABLE." |
|
| 194 | + WHERE session_id = '" . $this->db->sql_escape($old_session_id)."' |
|
| 195 | 195 | AND session_user_id = " . (int) $user_id; |
| 196 | 196 | $this->db->sql_query($sql); |
| 197 | 197 | |
@@ -43,8 +43,8 @@ discard block |
||
| 43 | 43 | 'title' => 'ACP_TFA_SETTINGS', |
| 44 | 44 | 'vars' => array( |
| 45 | 45 | 'legend1' => 'ACP_TFA_SETTINGS', |
| 46 | - 'tfa_mode' => array('lang' => 'TFA_MODE', 'validate' => 'int', 'type' => 'select', 'method' => 'select_tfa_method', 'explain' => true), |
|
| 47 | - 'tfa_acp' => array('lang' => 'TFA_ACP', 'validate' => 'int', 'type' => 'radio:no_yes', 'explain' => true), |
|
| 46 | + 'tfa_mode' => array('lang' => 'TFA_MODE', 'validate' => 'int', 'type' => 'select', 'method' => 'select_tfa_method', 'explain' => true), |
|
| 47 | + 'tfa_acp' => array('lang' => 'TFA_ACP', 'validate' => 'int', 'type' => 'radio:no_yes', 'explain' => true), |
|
| 48 | 48 | |
| 49 | 49 | 'legend4' => 'ACP_SUBMIT_CHANGES', |
| 50 | 50 | ) |
@@ -98,12 +98,12 @@ discard block |
||
| 98 | 98 | |
| 99 | 99 | if ($submit) |
| 100 | 100 | { |
| 101 | - $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_TFA_CONFIG_' . strtoupper($mode)); |
|
| 101 | + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_TFA_CONFIG_'.strtoupper($mode)); |
|
| 102 | 102 | |
| 103 | 103 | $message = $user->lang('CONFIG_UPDATED'); |
| 104 | 104 | $message_type = E_USER_NOTICE; |
| 105 | 105 | |
| 106 | - trigger_error($message . adm_back_link($this->u_action), $message_type); |
|
| 106 | + trigger_error($message.adm_back_link($this->u_action), $message_type); |
|
| 107 | 107 | } |
| 108 | 108 | |
| 109 | 109 | if (!$request->is_secure()) |
@@ -116,7 +116,7 @@ discard block |
||
| 116 | 116 | |
| 117 | 117 | $template->assign_vars(array( |
| 118 | 118 | 'L_TITLE' => $user->lang($display_vars['title']), |
| 119 | - 'L_TITLE_EXPLAIN' => $user->lang($display_vars['title'] . '_EXPLAIN'), |
|
| 119 | + 'L_TITLE_EXPLAIN' => $user->lang($display_vars['title'].'_EXPLAIN'), |
|
| 120 | 120 | |
| 121 | 121 | 'S_ERROR' => (sizeof($error)) ? true : false, |
| 122 | 122 | 'ERROR_MSG' => implode('<br />', $error), |
@@ -145,9 +145,9 @@ discard block |
||
| 145 | 145 | $type = explode(':', $vars['type']); |
| 146 | 146 | |
| 147 | 147 | $l_explain = ''; |
| 148 | - if ($vars['explain'] && array_key_exists($vars['lang'] . '_EXPLAIN', $user->lang)) |
|
| 148 | + if ($vars['explain'] && array_key_exists($vars['lang'].'_EXPLAIN', $user->lang)) |
|
| 149 | 149 | { |
| 150 | - $l_explain = $user->lang($vars['lang'] . '_EXPLAIN'); |
|
| 150 | + $l_explain = $user->lang($vars['lang'].'_EXPLAIN'); |
|
| 151 | 151 | } |
| 152 | 152 | |
| 153 | 153 | $content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars); |
@@ -187,7 +187,7 @@ discard block |
||
| 187 | 187 | foreach ($act_ary as $key => $data) |
| 188 | 188 | { |
| 189 | 189 | $selected = ($data == $selected_value) ? ' selected="selected"' : ''; |
| 190 | - $act_options .= '<option value="' . $data . '"' . $selected . '>' . $user->lang($key) . '</option>'; |
|
| 190 | + $act_options .= '<option value="'.$data.'"'.$selected.'>'.$user->lang($key).'</option>'; |
|
| 191 | 191 | } |
| 192 | 192 | return $act_options; |
| 193 | 193 | } |
@@ -88,14 +88,14 @@ discard block |
||
| 88 | 88 | */ |
| 89 | 89 | public function __construct(driver_interface $db, config $config, user $user, service_collection $modules, template $template, helper $controller_helper, $registration_table, $user_table) |
| 90 | 90 | { |
| 91 | - $this->db = $db; |
|
| 92 | - $this->user = $user; |
|
| 93 | - $this->config = $config; |
|
| 94 | - $this->template = $template; |
|
| 91 | + $this->db = $db; |
|
| 92 | + $this->user = $user; |
|
| 93 | + $this->config = $config; |
|
| 94 | + $this->template = $template; |
|
| 95 | 95 | $this->controller_helper = $controller_helper; |
| 96 | 96 | $this->registration_table = $registration_table; |
| 97 | - $this->user_table = $user_table; |
|
| 98 | - $this->module_data = $modules; |
|
| 97 | + $this->user_table = $user_table; |
|
| 98 | + $this->module_data = $modules; |
|
| 99 | 99 | } |
| 100 | 100 | |
| 101 | 101 | /** |
@@ -283,9 +283,9 @@ discard block |
||
| 283 | 283 | 'tfa_random' => $random, |
| 284 | 284 | 'tfa_uid' => $user_id, |
| 285 | 285 | ); |
| 286 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 286 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 287 | 287 | WHERE |
| 288 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 288 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 289 | 289 | session_user_id = " . (int) $this->user->data['user_id']; |
| 290 | 290 | $this->db->sql_query($sql); |
| 291 | 291 | |
@@ -314,7 +314,7 @@ discard block |
||
| 314 | 314 | { |
| 315 | 315 | if (empty($userdata)) |
| 316 | 316 | { |
| 317 | - $sql = 'SELECT * FROM ' . $this->user_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 317 | + $sql = 'SELECT * FROM '.$this->user_table.' WHERE user_id = '.(int) $user_id; |
|
| 318 | 318 | $result = $this->db->sql_query($sql); |
| 319 | 319 | $userdata = $this->db->sql_fetchrow($result); |
| 320 | 320 | $this->db->sql_freeresult($result); |
