paul999 /
phpbb_2fa
@@ -80,13 +80,13 @@ discard block |
||
| 80 | 80 | */ |
| 81 | 81 | public function __construct(session_helper_interface $session_helper, user $user, request_interface $request, driver_interface $db, template $template, config $config, $php_ext, $root_path) |
| 82 | 82 | { |
| 83 | - $this->session_helper = $session_helper; |
|
| 84 | - $this->user = $user; |
|
| 85 | - $this->request = $request; |
|
| 86 | - $this->config = $config; |
|
| 87 | - $this->db = $db; |
|
| 83 | + $this->session_helper = $session_helper; |
|
| 84 | + $this->user = $user; |
|
| 85 | + $this->request = $request; |
|
| 86 | + $this->config = $config; |
|
| 87 | + $this->db = $db; |
|
| 88 | 88 | $this->template = $template; |
| 89 | - $this->php_ext = $php_ext; |
|
| 89 | + $this->php_ext = $php_ext; |
|
| 90 | 90 | $this->root_path = $root_path; |
| 91 | 91 | } |
| 92 | 92 | |
@@ -137,7 +137,7 @@ discard block |
||
| 137 | 137 | if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data) && !$this->session_helper->is_tfa_registered($this->user->data['user_id'])) |
| 138 | 138 | { |
| 139 | 139 | @define('SKIP_CHECK_DISABLED', true); |
| 140 | - if ($this->user->page['page_name'] === 'memberlist.' . $this->php_ext && $this->request->variable('mode', '') == 'contactadmin') |
|
| 140 | + if ($this->user->page['page_name'] === 'memberlist.'.$this->php_ext && $this->request->variable('mode', '') == 'contactadmin') |
|
| 141 | 141 | { |
| 142 | 142 | // We are at the contact admin page. We will allow this in all cases. |
| 143 | 143 | return; |
@@ -145,19 +145,19 @@ discard block |
||
| 145 | 145 | |
| 146 | 146 | $this->user->set_cookie('rn', $this->user->data['session_id'], time() + 3600 * 24, true); |
| 147 | 147 | |
| 148 | - $msg_title = $this->user->lang['INFORMATION']; |
|
| 148 | + $msg_title = $this->user->lang['INFORMATION']; |
|
| 149 | 149 | if ($this->session_helper->is_tfa_key_registred($this->user->data['user_id'])) |
| 150 | 150 | { |
| 151 | 151 | // the user has keys registered, but they are not usable (Might be due to browser requirements, or others) |
| 152 | 152 | // We will not allow them to register a new key. They will need to contact the admin instead unfortunately. |
| 153 | 153 | $this->user->add_lang_ext('paul999/tfa', 'common'); |
| 154 | 154 | $url = phpbb_get_board_contact_link($this->config, $this->root_path, $this->php_ext); |
| 155 | - $msg_text = $this->user->lang('TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE', '<a href="' . $url . '">', '</a>'); |
|
| 155 | + $msg_text = $this->user->lang('TFA_REQUIRED_KEY_AVAILABLE_BUT_UNUSABLE', '<a href="'.$url.'">', '</a>'); |
|
| 156 | 156 | $this->user->session_kill(); |
| 157 | 157 | $this->generate_fatal_error($msg_title, $msg_text); |
| 158 | 158 | } |
| 159 | 159 | |
| 160 | - $sql = 'SELECT module_id FROM ' . MODULES_TABLE . " WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 160 | + $sql = 'SELECT module_id FROM '.MODULES_TABLE." WHERE module_langname = 'UCP_TFA' OR module_langname = 'UCP_TFA_MANAGE'"; |
|
| 161 | 161 | $result = $this->db->sql_query($sql, 3600); |
| 162 | 162 | $allowed_i = array(); |
| 163 | 163 | |
@@ -169,19 +169,19 @@ discard block |
||
| 169 | 169 | $ucp_mode = '-paul999-tfa-ucp-tfa_module'; |
| 170 | 170 | $allowed_i[] = $ucp_mode; |
| 171 | 171 | |
| 172 | - if ($this->user->page['page_name'] === 'ucp.' . $this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 172 | + if ($this->user->page['page_name'] === 'ucp.'.$this->php_ext && in_array($this->request->variable('i', ''), $allowed_i)) |
|
| 173 | 173 | { |
| 174 | 174 | return; // We are at our UCP page, so skip any other checks. This page is always available |
| 175 | 175 | } |
| 176 | 176 | $this->user->add_lang_ext('paul999/tfa', 'common'); |
| 177 | 177 | $url = append_sid("{$this->root_path}ucp.{$this->php_ext}", "i={$ucp_mode}"); |
| 178 | - $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="' . $url . '">', '</a>'); |
|
| 178 | + $msg_text = $this->user->lang('TFA_REQUIRED_KEY_MISSING', '<a href="'.$url.'">', '</a>'); |
|
| 179 | 179 | |
| 180 | 180 | $this->generate_fatal_error($msg_title, $msg_text); |
| 181 | 181 | } |
| 182 | 182 | |
| 183 | 183 | // If the user had no key when logged in, but now has a key, we will force him to use the key. |
| 184 | - if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->request->variable($this->config['cookie_name'] . '_rn', '', false, request_interface::COOKIE) !== '' && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data)) |
|
| 184 | + if ($this->user->data['is_bot'] == false && $this->user->data['user_id'] != ANONYMOUS && $this->request->variable($this->config['cookie_name'].'_rn', '', false, request_interface::COOKIE) !== '' && $this->session_helper->is_tfa_required($this->user->data['user_id'], false, $this->user->data)) |
|
| 185 | 185 | { |
| 186 | 186 | $this->session_helper->generate_page($this->user->data['user_id'], false, $this->user->data['session_autologin'], $this->user->data['session_viewonline'], $this->user->page['page'], true); |
| 187 | 187 | } |
@@ -81,14 +81,14 @@ discard block |
||
| 81 | 81 | */ |
| 82 | 82 | public function __construct(driver_interface $db, template $template, user $user, request_interface $request, log $log, session_helper_interface $session_helper, $root_path, $php_ext) |
| 83 | 83 | { |
| 84 | - $this->template = $template; |
|
| 85 | - $this->db = $db; |
|
| 86 | - $this->user = $user; |
|
| 84 | + $this->template = $template; |
|
| 85 | + $this->db = $db; |
|
| 86 | + $this->user = $user; |
|
| 87 | 87 | $this->request = $request; |
| 88 | - $this->session_helper = $session_helper; |
|
| 89 | - $this->root_path = $root_path; |
|
| 88 | + $this->session_helper = $session_helper; |
|
| 89 | + $this->root_path = $root_path; |
|
| 90 | 90 | $this->php_ext = $php_ext; |
| 91 | - $this->log = $log; |
|
| 91 | + $this->log = $log; |
|
| 92 | 92 | } |
| 93 | 93 | |
| 94 | 94 | /** |
@@ -123,9 +123,9 @@ discard block |
||
| 123 | 123 | 'tfa_random' => '', |
| 124 | 124 | 'tfa_uid' => 0, |
| 125 | 125 | ); |
| 126 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 126 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 127 | 127 | WHERE |
| 128 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 128 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 129 | 129 | session_user_id = " . (int) $this->user->data['user_id']; |
| 130 | 130 | $this->db->sql_query($sql); |
| 131 | 131 | |
@@ -146,7 +146,7 @@ discard block |
||
| 146 | 146 | { |
| 147 | 147 | if (!$module->login($user_id)) |
| 148 | 148 | { |
| 149 | - $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION',false, ['TFA_INCORRECT_KEY']); |
|
| 149 | + $this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, ['TFA_INCORRECT_KEY']); |
|
| 150 | 150 | $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY')); |
| 151 | 151 | $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect); |
| 152 | 152 | } |
@@ -190,8 +190,8 @@ discard block |
||
| 190 | 190 | if ($admin) |
| 191 | 191 | { |
| 192 | 192 | // the login array is used because the user ids do not differ for re-authentication |
| 193 | - $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
|
| 194 | - WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "' |
|
| 193 | + $sql = 'DELETE FROM '.SESSIONS_TABLE." |
|
| 194 | + WHERE session_id = '" . $this->db->sql_escape($old_session_id)."' |
|
| 195 | 195 | AND session_user_id = " . (int) $user_id; |
| 196 | 196 | $this->db->sql_query($sql); |
| 197 | 197 | |
@@ -88,14 +88,14 @@ discard block |
||
| 88 | 88 | */ |
| 89 | 89 | public function __construct(driver_interface $db, config $config, user $user, service_collection $modules, template $template, helper $controller_helper, $registration_table, $user_table) |
| 90 | 90 | { |
| 91 | - $this->db = $db; |
|
| 92 | - $this->user = $user; |
|
| 93 | - $this->config = $config; |
|
| 94 | - $this->template = $template; |
|
| 91 | + $this->db = $db; |
|
| 92 | + $this->user = $user; |
|
| 93 | + $this->config = $config; |
|
| 94 | + $this->template = $template; |
|
| 95 | 95 | $this->controller_helper = $controller_helper; |
| 96 | 96 | $this->registration_table = $registration_table; |
| 97 | - $this->user_table = $user_table; |
|
| 98 | - $this->module_data = $modules; |
|
| 97 | + $this->user_table = $user_table; |
|
| 98 | + $this->module_data = $modules; |
|
| 99 | 99 | } |
| 100 | 100 | |
| 101 | 101 | /** |
@@ -283,9 +283,9 @@ discard block |
||
| 283 | 283 | 'tfa_random' => $random, |
| 284 | 284 | 'tfa_uid' => $user_id, |
| 285 | 285 | ); |
| 286 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 286 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 287 | 287 | WHERE |
| 288 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 288 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 289 | 289 | session_user_id = " . (int) $this->user->data['user_id']; |
| 290 | 290 | $this->db->sql_query($sql); |
| 291 | 291 | |
@@ -314,7 +314,7 @@ discard block |
||
| 314 | 314 | { |
| 315 | 315 | if (empty($userdata)) |
| 316 | 316 | { |
| 317 | - $sql = 'SELECT * FROM ' . $this->user_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 317 | + $sql = 'SELECT * FROM '.$this->user_table.' WHERE user_id = '.(int) $user_id; |
|
| 318 | 318 | $result = $this->db->sql_query($sql); |
| 319 | 319 | $userdata = $this->db->sql_fetchrow($result); |
| 320 | 320 | $this->db->sql_freeresult($result); |
@@ -59,16 +59,16 @@ discard block |
||
| 59 | 59 | $this->user = $user; |
| 60 | 60 | $this->request = $request; |
| 61 | 61 | $this->template = $template; |
| 62 | - $this->root_path= $root_path; |
|
| 62 | + $this->root_path = $root_path; |
|
| 63 | 63 | |
| 64 | - $this->registration_table = $registration_table; |
|
| 64 | + $this->registration_table = $registration_table; |
|
| 65 | 65 | } |
| 66 | 66 | |
| 67 | 67 | private function getU2f() |
| 68 | 68 | { |
| 69 | 69 | if (empty($this->u2f)) |
| 70 | 70 | { |
| 71 | - $this->u2f = new \paul999\u2f\U2F('https://' . $this->request->server('HTTP_HOST')); |
|
| 71 | + $this->u2f = new \paul999\u2f\U2F('https://'.$this->request->server('HTTP_HOST')); |
|
| 72 | 72 | } |
| 73 | 73 | return $this->u2f; |
| 74 | 74 | } |
@@ -212,9 +212,9 @@ discard block |
||
| 212 | 212 | try |
| 213 | 213 | { |
| 214 | 214 | $sql = 'SELECT u2f_request |
| 215 | - FROM ' . SESSIONS_TABLE . " |
|
| 215 | + FROM ' . SESSIONS_TABLE." |
|
| 216 | 216 | WHERE |
| 217 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 217 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 218 | 218 | session_user_id = " . (int) $this->user->data['user_id']; |
| 219 | 219 | $result = $this->db->sql_query($sql); |
| 220 | 220 | $row = $this->db->sql_fetchrow($result); |
@@ -244,7 +244,7 @@ discard block |
||
| 244 | 244 | 'last_used' => time(), |
| 245 | 245 | ); |
| 246 | 246 | |
| 247 | - $sql = 'UPDATE ' . $this->registration_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE registration_id = ' . (int) $reg->getId(); |
|
| 247 | + $sql = 'UPDATE '.$this->registration_table.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary).' WHERE registration_id = '.(int) $reg->getId(); |
|
| 248 | 248 | $this->db->sql_query($sql); |
| 249 | 249 | |
| 250 | 250 | return true; |
@@ -341,7 +341,7 @@ discard block |
||
| 341 | 341 | 'last_used' => time(), |
| 342 | 342 | ); |
| 343 | 343 | |
| 344 | - $sql = 'INSERT INTO ' . $this->registration_table . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); |
|
| 344 | + $sql = 'INSERT INTO '.$this->registration_table.' '.$this->db->sql_build_array('INSERT', $sql_ary); |
|
| 345 | 345 | $this->db->sql_query($sql); |
| 346 | 346 | |
| 347 | 347 | $sql_ary = array( |
@@ -373,8 +373,8 @@ discard block |
||
| 373 | 373 | */ |
| 374 | 374 | public function delete($key) |
| 375 | 375 | { |
| 376 | - $sql = 'DELETE FROM ' . $this->registration_table . ' |
|
| 377 | - WHERE user_id = ' . (int) $this->user->data['user_id'] . ' |
|
| 376 | + $sql = 'DELETE FROM '.$this->registration_table.' |
|
| 377 | + WHERE user_id = ' . (int) $this->user->data['user_id'].' |
|
| 378 | 378 | AND registration_id =' . (int) $key; |
| 379 | 379 | |
| 380 | 380 | $this->db->sql_query($sql); |
@@ -416,7 +416,7 @@ discard block |
||
| 416 | 416 | */ |
| 417 | 417 | private function getRegistrations($user_id) |
| 418 | 418 | { |
| 419 | - $sql = 'SELECT * FROM ' . $this->registration_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 419 | + $sql = 'SELECT * FROM '.$this->registration_table.' WHERE user_id = '.(int) $user_id; |
|
| 420 | 420 | $result = $this->db->sql_query($sql); |
| 421 | 421 | $rows = array(); |
| 422 | 422 | |
@@ -504,9 +504,9 @@ discard block |
||
| 504 | 504 | */ |
| 505 | 505 | private function update_session($sql_ary) |
| 506 | 506 | { |
| 507 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . " |
|
| 507 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary)." |
|
| 508 | 508 | WHERE |
| 509 | - session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND |
|
| 509 | + session_id = '" . $this->db->sql_escape($this->user->data['session_id'])."' AND |
|
| 510 | 510 | session_user_id = " . (int) $this->user->data['user_id']; |
| 511 | 511 | $this->db->sql_query($sql); |
| 512 | 512 | |
