paul999 /
phpbb_2fa
@@ -75,9 +75,9 @@ discard block |
||
| 75 | 75 | $this->request = $request; |
| 76 | 76 | $this->template = $template; |
| 77 | 77 | |
| 78 | - $this->registration_table = $registration_table; |
|
| 78 | + $this->registration_table = $registration_table; |
|
| 79 | 79 | |
| 80 | - $this->u2f = new \paul999\u2f\U2F('https://' . $this->request->server('HTTP_HOST')); |
|
| 80 | + $this->u2f = new \paul999\u2f\U2F('https://'.$this->request->server('HTTP_HOST')); |
|
| 81 | 81 | } |
| 82 | 82 | |
| 83 | 83 | /** |
@@ -110,7 +110,7 @@ discard block |
||
| 110 | 110 | return false; |
| 111 | 111 | } |
| 112 | 112 | $sql = 'SELECT COUNT(registration_id) as reg_id |
| 113 | - FROM ' . $this->registration_table . ' |
|
| 113 | + FROM ' . $this->registration_table.' |
|
| 114 | 114 | WHERE |
| 115 | 115 | user_id = ' . (int) $user_id; |
| 116 | 116 | $result = $this->db->sql_query($sql); |
@@ -184,9 +184,9 @@ discard block |
||
| 184 | 184 | 'u2f_request' => $registrations |
| 185 | 185 | ); |
| 186 | 186 | |
| 187 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' |
|
| 187 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary).' |
|
| 188 | 188 | WHERE |
| 189 | - session_id = \'' . $this->db->sql_escape($this->user->data['session_id']) . '\' AND |
|
| 189 | + session_id = \'' . $this->db->sql_escape($this->user->data['session_id']).'\' AND |
|
| 190 | 190 | session_user_id = ' . (int) $this->user->data['user_id']; |
| 191 | 191 | $this->db->sql_query($sql); |
| 192 | 192 | $count = $this->db->sql_affectedrows(); |
@@ -197,9 +197,9 @@ discard block |
||
| 197 | 197 | { |
| 198 | 198 | // Reset sessions table. We had multiple sessions with same ID!!! |
| 199 | 199 | $sql_ary['u2f_request'] = ''; |
| 200 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' |
|
| 200 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary).' |
|
| 201 | 201 | WHERE |
| 202 | - session_id = \'' . $this->db->sql_escape($this->user->data['session_id']) . '\' AND |
|
| 202 | + session_id = \'' . $this->db->sql_escape($this->user->data['session_id']).'\' AND |
|
| 203 | 203 | session_user_id = ' . (int) $this->user->data['user_id']; |
| 204 | 204 | $this->db->sql_query($sql); |
| 205 | 205 | } |
@@ -219,9 +219,9 @@ discard block |
||
| 219 | 219 | try |
| 220 | 220 | { |
| 221 | 221 | $sql = 'SELECT u2f_request |
| 222 | - FROM ' . SESSIONS_TABLE . ' |
|
| 222 | + FROM ' . SESSIONS_TABLE.' |
|
| 223 | 223 | WHERE |
| 224 | - session_id = \'' . $this->db->sql_escape($this->user->data['session_id']) . '\' AND |
|
| 224 | + session_id = \'' . $this->db->sql_escape($this->user->data['session_id']).'\' AND |
|
| 225 | 225 | session_user_id = ' . (int) $this->user->data['user_id']; |
| 226 | 226 | $result = $this->db->sql_query($sql); |
| 227 | 227 | $row = $this->db->sql_fetchrow($result); |
@@ -251,7 +251,7 @@ discard block |
||
| 251 | 251 | 'last_used' => time(), |
| 252 | 252 | ); |
| 253 | 253 | |
| 254 | - $sql = 'UPDATE ' . $this->registration_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE registration_id = ' . (int) $reg->getId(); |
|
| 254 | + $sql = 'UPDATE '.$this->registration_table.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary).' WHERE registration_id = '.(int) $reg->getId(); |
|
| 255 | 255 | $this->db->sql_query($sql); |
| 256 | 256 | } |
| 257 | 257 | catch (U2fError $error) |
@@ -260,7 +260,7 @@ discard block |
||
| 260 | 260 | } |
| 261 | 261 | catch (\InvalidArgumentException $invalid) |
| 262 | 262 | { |
| 263 | - throw new BadRequestHttpException($this->user->lang('TFA_SOMETHING_WENT_WRONG') . '<br />' . $invalid->getMessage(), $invalid); |
|
| 263 | + throw new BadRequestHttpException($this->user->lang('TFA_SOMETHING_WENT_WRONG').'<br />'.$invalid->getMessage(), $invalid); |
|
| 264 | 264 | } |
| 265 | 265 | } |
| 266 | 266 | |
@@ -332,7 +332,7 @@ discard block |
||
| 332 | 332 | 'last_used' => time(), |
| 333 | 333 | ); |
| 334 | 334 | |
| 335 | - $sql = 'INSERT INTO ' . $this->registration_table . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); |
|
| 335 | + $sql = 'INSERT INTO '.$this->registration_table.' '.$this->db->sql_build_array('INSERT', $sql_ary); |
|
| 336 | 336 | $this->db->sql_query($sql); |
| 337 | 337 | |
| 338 | 338 | $sql_ary = array( |
@@ -354,8 +354,8 @@ discard block |
||
| 354 | 354 | public function show_ucp() |
| 355 | 355 | { |
| 356 | 356 | $sql = 'SELECT * |
| 357 | - FROM ' . $this->registration_table . ' |
|
| 358 | - WHERE user_id = ' . (int) $this->user->data['user_id'] . ' |
|
| 357 | + FROM ' . $this->registration_table.' |
|
| 358 | + WHERE user_id = ' . (int) $this->user->data['user_id'].' |
|
| 359 | 359 | ORDER BY registration_id ASC'; |
| 360 | 360 | |
| 361 | 361 | $result = $this->db->sql_query($sql); |
@@ -392,8 +392,8 @@ discard block |
||
| 392 | 392 | if (isset($data['keys'])) |
| 393 | 393 | { |
| 394 | 394 | $sql_where = $this->db->sql_in_set('registration_id', $data['keys']); |
| 395 | - $sql = 'DELETE FROM ' . $this->registration_table . ' |
|
| 396 | - WHERE user_id = ' . (int) $this->user->data['user_id'] . ' |
|
| 395 | + $sql = 'DELETE FROM '.$this->registration_table.' |
|
| 396 | + WHERE user_id = ' . (int) $this->user->data['user_id'].' |
|
| 397 | 397 | AND ' . $sql_where; |
| 398 | 398 | |
| 399 | 399 | $this->db->sql_query($sql); |
@@ -407,7 +407,7 @@ discard block |
||
| 407 | 407 | */ |
| 408 | 408 | private function getRegistrations($user_id) |
| 409 | 409 | { |
| 410 | - $sql = 'SELECT * FROM ' . $this->registration_table . ' WHERE user_id = ' . (int) $user_id; |
|
| 410 | + $sql = 'SELECT * FROM '.$this->registration_table.' WHERE user_id = '.(int) $user_id; |
|
| 411 | 411 | $result = $this->db->sql_query($sql); |
| 412 | 412 | $rows = array(); |
| 413 | 413 | |
@@ -495,9 +495,9 @@ discard block |
||
| 495 | 495 | */ |
| 496 | 496 | private function update_session($sql_ary) |
| 497 | 497 | { |
| 498 | - $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' |
|
| 498 | + $sql = 'UPDATE '.SESSIONS_TABLE.' SET '.$this->db->sql_build_array('UPDATE', $sql_ary).' |
|
| 499 | 499 | WHERE |
| 500 | - session_id = \'' . $this->db->sql_escape($this->user->data['session_id']) . '\' AND |
|
| 500 | + session_id = \'' . $this->db->sql_escape($this->user->data['session_id']).'\' AND |
|
| 501 | 501 | session_user_id = ' . (int) $this->user->data['user_id']; |
| 502 | 502 | $this->db->sql_query($sql); |
| 503 | 503 | |
@@ -147,8 +147,7 @@ discard block |
||
| 147 | 147 | if (!empty($secure)) |
| 148 | 148 | { |
| 149 | 149 | return 'on' == strtolower($secure) || '1' == $secure; |
| 150 | - } |
|
| 151 | - elseif ('443' == $this->request->server('SERVER_PORT')) |
|
| 150 | + } elseif ('443' == $this->request->server('SERVER_PORT')) |
|
| 152 | 151 | { |
| 153 | 152 | return true; |
| 154 | 153 | } |
@@ -236,10 +235,12 @@ discard block |
||
| 236 | 235 | |
| 237 | 236 | if (property_exists($response, 'errorCode')) |
| 238 | 237 | { |
| 239 | - if ($response->errorCode == 4) // errorCode 4 means that this device wasn't registered |
|
| 238 | + if ($response->errorCode == 4) { |
|
| 239 | + // errorCode 4 means that this device wasn't registered |
|
| 240 | 240 | { |
| 241 | 241 | throw new AccessDeniedHttpException($this->user->lang('TFA_NOT_REGISTERED')); |
| 242 | 242 | } |
| 243 | + } |
|
| 243 | 244 | throw new BadRequestHttpException($this->user->lang('TFA_SOMETHING_WENT_WRONG')); |
| 244 | 245 | } |
| 245 | 246 | $result = new AuthenticationResponse($response->signatureData, $response->clientData, $response->keyHandle, $response->errorCode); |
@@ -253,12 +254,10 @@ discard block |
||
| 253 | 254 | |
| 254 | 255 | $sql = 'UPDATE ' . $this->registration_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE registration_id = ' . (int) $reg->getId(); |
| 255 | 256 | $this->db->sql_query($sql); |
| 256 | - } |
|
| 257 | - catch (U2fError $error) |
|
| 257 | + } catch (U2fError $error) |
|
| 258 | 258 | { |
| 259 | 259 | $this->createError($error); |
| 260 | - } |
|
| 261 | - catch (\InvalidArgumentException $invalid) |
|
| 260 | + } catch (\InvalidArgumentException $invalid) |
|
| 262 | 261 | { |
| 263 | 262 | throw new BadRequestHttpException($this->user->lang('TFA_SOMETHING_WENT_WRONG') . '<br />' . $invalid->getMessage(), $invalid); |
| 264 | 263 | } |
@@ -295,8 +294,7 @@ discard block |
||
| 295 | 294 | if ($count == 0) |
| 296 | 295 | { |
| 297 | 296 | trigger_error('TFA_UNABLE_TO_UPDATE_SESSION'); |
| 298 | - } |
|
| 299 | - else if ($count > 1) |
|
| 297 | + } else if ($count > 1) |
|
| 300 | 298 | { |
| 301 | 299 | // Reset sessions table. We had multiple sessions with same ID!!! |
| 302 | 300 | $sql_ary['u2f_request'] = ''; |
@@ -340,8 +338,7 @@ discard block |
||
| 340 | 338 | ); |
| 341 | 339 | |
| 342 | 340 | $this->update_session($sql_ary); |
| 343 | - } |
|
| 344 | - catch (U2fError $err) |
|
| 341 | + } catch (U2fError $err) |
|
| 345 | 342 | { |
| 346 | 343 | $this->createError($err); |
| 347 | 344 | } |
@@ -87,15 +87,15 @@ discard block |
||
| 87 | 87 | */ |
| 88 | 88 | public function __construct(helper $controller_helper, driver_interface $db, template $template, user $user, request_interface $request, config $config, session_helper_interface $session_helper, $root_path, $php_ext) |
| 89 | 89 | { |
| 90 | - $this->controller_helper = $controller_helper; |
|
| 91 | - $this->template = $template; |
|
| 92 | - $this->db = $db; |
|
| 93 | - $this->user = $user; |
|
| 94 | - $this->request = $request; |
|
| 95 | - $this->config = $config; |
|
| 96 | - $this->session_helper = $session_helper; |
|
| 97 | - $this->root_path = $root_path; |
|
| 98 | - $this->php_ext = $php_ext; |
|
| 90 | + $this->controller_helper = $controller_helper; |
|
| 91 | + $this->template = $template; |
|
| 92 | + $this->db = $db; |
|
| 93 | + $this->user = $user; |
|
| 94 | + $this->request = $request; |
|
| 95 | + $this->config = $config; |
|
| 96 | + $this->session_helper = $session_helper; |
|
| 97 | + $this->root_path = $root_path; |
|
| 98 | + $this->php_ext = $php_ext; |
|
| 99 | 99 | |
| 100 | 100 | } |
| 101 | 101 | |
@@ -225,9 +225,9 @@ discard block |
||
| 225 | 225 | if ($admin) |
| 226 | 226 | { |
| 227 | 227 | // the login array is used because the user ids do not differ for re-authentication |
| 228 | - $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
|
| 229 | - WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "' |
|
| 230 | - AND session_user_id = " . (int)$user_id; |
|
| 228 | + $sql = 'DELETE FROM '.SESSIONS_TABLE." |
|
| 229 | + WHERE session_id = '" . $this->db->sql_escape($old_session_id)."' |
|
| 230 | + AND session_user_id = " . (int) $user_id; |
|
| 231 | 231 | $this->db->sql_query($sql); |
| 232 | 232 | |
| 233 | 233 | redirect(append_sid("{$this->root_path}adm/index.{$this->php_ext}", false, true, $this->user->data['session_id'])); |
