LEPTON CMS 7.4.0
feel free to keep it strictly simple...
Loading...
Searching...
No Matches
lepton_tfa.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
4
21{
22 public bool $key_new = false;
23 public string $pin = '-1';
24 public string $pin_encode = '-1';
25 public int $user_id = -99;
26 public int $iCodeExpires = 3600; // 60 minutes as default if there is no entry in the L*ini
27
28 public object|null $oTwig = null;
29 public object|null $oAC = null;
30 public object|null $database = null;
31 public object|null $mailer = null;
32 public static $instance;
33
34// public static $instance;
35
40 public static function getInstance()
41 {
42 if (null === static::$instance)
43 {
44 static::$instance = new static();
45 static::$instance->initialize();
46 }
47 return static::$instance;
48 }
49
50 public function initialize( int $user_id = -99)
51 {
52 $this->oTwig = lib_twig_box::getInstance();
53 $this->oAC = account::getInstance();
54 $this->database = LEPTON_database::getInstance();
55 $this->mailer = LEPTON_mailer::getInstance();
56
57 $temp_value = $this->database->get_one("SELECT pin FROM ".TABLE_PREFIX."users WHERE user_id = ".$user_id);
58
59 if($temp_value == -1)
60 {
61 $this->key_new = true;
62 }
63 else
64 {
65 $this->key_new = false;
66 }
67
68 // read code expires from ini_file
69 $ini_file_name = LEPTON_PATH."/config/lepton.ini.php";
70 $config = parse_ini_string(";" . file_get_contents($ini_file_name), true);
71 if ($config['custom_vars']['tfa_code_expires'] != '')
72 {
73 // override default text with value from ini file
74 $this->iCodeExpires = intval($config['custom_vars']['tfa_code_expires']);
75 }
76
77 $this->user_id = $user_id;
78 $createPin = random_int(100000, 999999);
79 $this->pin = "".$createPin."";
80 $this->pin_encode = password_hash($this->pin, PASSWORD_DEFAULT); // for use in TFA = mail only
81 }
82
83 public function set_fe_pin($id = '')
84 {
85 if ( $id == 'create')
86 {
87 if(isset($_SESSION['USER_ID']) && isset($_SESSION['LEPTOKENS']))
88 {
89 $token = $_SESSION['LEPTOKENS'][0];
90 $redirect = $_GET['redirect']?? LEPTON_URL;
91
92 $page_values = array(
93 'oTFA' => $this,
94 'ACTION_URL' => LEPTON_URL."/account/tfa.php",
95 'token' => $token,
96 'redirect' => $redirect,
97 'post_login' => $_POST,
98 'pin' => $this->pin,
99 'new' => $this->key_new,
100 );
101
102 echo $this->oTwig->render("tfa_form.lte",$page_values);
103 }
104 }
105
106 elseif ( $id == 'save')
107 {
108 if(isset($_POST['save']) && strlen($_POST['save']) == 6 )
109 {
110 $this->pin_encode = password_hash($_POST['save'], PASSWORD_DEFAULT); // for use in TFA = local
111
112 // save pin
113 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin` = '".$this->pin_encode."' WHERE user_id = ".$this->user_id);
114
115 // modify pin_set
116 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
117
118 // modify unix time
119 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `unix_time` = ".time()." WHERE user_id = ".$this->user_id);
120
121 header('Location: '.$_POST['redirect'].' ');
122 exit();
123
124 }
125 }
126 else
127 {
128 header('Location: '.LEPTON_URL.'/account/logout.php');
129 }
130 }
131
132 public function display_fe_pin( $id )
133 {
134 global $TEXT;
135
136 if ( $id == 'display' || $id == 'resend')
137 {
138 if(TFA == "mail")
139 {
140 // modify pin_set
141 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin` = '".$this->pin_encode."' WHERE user_id = ".$this->user_id);
142 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
143
144 // modify unix time
145 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `unix_time` = ".time()." WHERE user_id = ".$this->user_id);
146
147 self::send_mail($this->user_id);
148 }
149 $page_values = array(
150 'oTFA' => $this,
151 'ACTION_URL' => LEPTON_URL."/account/tfa.php",
152 'post_login' => $_POST,
153 'redirect' => $_POST['redirect'] ?? LEPTON_URL,
154 'TFA' => TFA,
155 'token' => $_SESSION['LEPTOKENS'][0],
156 'new' => false,
157 );
158
159 echo $this->oTwig->render("tfa_form.lte",$page_values);
160 }
161 elseif ( $id == 'forward')
162 {
163 if(isset($_POST['token']) && strlen($_POST['pin']) == 6 )
164 {
165 // check if code has expired
166 $unix = $this->database->get_one("SELECT unix_time FROM ".TABLE_PREFIX."users WHERE user_id = ".$this->user_id);
167 if($unix + $this->iCodeExpires < time())
168 {
169 LEPTON_frontend::displayFEMessage('error',$TEXT['TFA_EXPIRED'],$_POST['redirect'],-1);
170 exit();
171 }
172 else
173 {
174 // get PIN from database
175 $dbKey = $this->database->get_one("SELECT pin FROM ".TABLE_PREFIX."users WHERE user_id = ".$this->user_id);
176 $postKey = $_POST['pin'];
177 $forward = strip_tags($_REQUEST['redirect'] ?? LEPTON_URL);
178
179 // validate PIN
180 if(password_verify ($postKey, $dbKey) === true)
181 {
182 // prevent logout
183 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 2 WHERE user_id = ".$this->user_id);
184
185 header('Location: '.$forward);
186 }
187 else
188 {
189 header('Location: '.LEPTON_URL.'/account/logout.php');
190 }
191 }
192 }
193 else
194 {
195 header('Location: '.LEPTON_URL.'/account/logout.php');
196 }
197 }
198 else
199 {
200 header('Location: '.LEPTON_URL.'/account/logout.php');
201 }
202 }
203
204 public function set_be_pin( $id )
205 {
206 if ( $id == 'create')
207 {
208 $page_values = array(
209 'oTFA' => $this,
210 'ACTION_URL' => ADMIN_URL."/login/tfa.php",
211 'token' => $_SESSION['LEPTOKENS'][0],
212 'post_login' => $_POST,
213 'pin' => $this->pin,
214 'new' => $this->key_new,
215 );
216
217 echo $this->oTwig->render("@theme/tfa_form.lte",$page_values);
218 }
219
220 if ( $id == 'save')
221 {
222 if(isset($_POST['save']) && strlen($_POST['save']) == 6 )
223 {
224 $this->pin_encode = password_hash($_POST['save'], PASSWORD_DEFAULT); // for use in TFA = local
225
226 // save PIN
227 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin` = '".$this->pin_encode."' WHERE user_id = ".$this->user_id);
228
229 // modify pin_set
230 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
231
232 // modify unix time
233 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `unix_time` = ".time()." WHERE user_id = ".$this->user_id);
234
235 header('Location: '.ADMIN_URL.'/logout/index.php');
236 exit();
237 }
238 else
239 {
240 header('Location: '.ADMIN_URL.'/logout/index.php');
241 }
242 }
243 }
244
245 public function display_be_pin( $id )
246 {
247 global $TEXT;
248
249 if ( $id == 'display' || $id == 'resend')
250 {
251 if(TFA == "mail")
252 {
253 // modify pin_set
254 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin` = '".$this->pin_encode."' WHERE user_id = ".$this->user_id);
255 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
256
257 // modify unix time
258 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `unix_time` = ".time()." WHERE user_id = ".$this->user_id);
259
260 self::send_mail($this->user_id);
261 }
262
263 $page_values = array(
264 'oTFA' => $this,
265 'ACTION_URL' => ADMIN_URL."/login/tfa.php",
266 'token' => $_SESSION['LEPTOKENS'][0],
267 'TFA' => TFA,
268 'new' => false,
269 );
270
271 echo $this->oTwig->render("@theme/tfa_form.lte",$page_values);
272 }
273
274 elseif ( $id == 'forward')
275 {
276 if(isset($_POST['token']) && strlen($_POST['pin']) == 6 )
277 {
278 // get PIN from database
279 $dbKey = $this->database->get_one("SELECT pin FROM ".TABLE_PREFIX."users WHERE user_id = ".$this->user_id);
280 $postKey = $_POST['pin'];
281
282 // check if code has expired
283 $unix = $this->database->get_one("SELECT unix_time FROM ".TABLE_PREFIX."users WHERE user_id = ".$this->user_id);
284 if($unix + $this->iCodeExpires < time())
285 {
286 LEPTON_frontend::displayFEMessage('error',$TEXT['TFA_EXPIRED'],$_POST['redirect'],-1);
287 exit();
288 }
289 else
290 {
291 // validate PIN
292 if(password_verify ($postKey, $dbKey) === true)
293 {
294 // modify pin_set
295 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 2 WHERE user_id = ".$this->user_id);
296
297 header('Location: '.ADMIN_URL.'/start/index.php?leptoken='.$_POST['token']);
298 }
299 else
300 {
301 header('Location: '.ADMIN_URL.'/logout/index.php');
302 }
303 }
304 }
305 }
306 else
307 {
308 header('Location: '.ADMIN_URL.'/logout/index.php');
309 }
310 }
311
312
313 public function send_mail( $id = -99 )
314 {
315 global $TEXT;
316
317 $sFrom = SERVER_EMAIL;
318 $sSendTo = $this->database->get_one("SELECT email FROM ".TABLE_PREFIX."users WHERE user_id = ".$this->user_id);
319 $sSubject = $TEXT['TFA_SUBJECT'];
320
321 // data for twig template engine
322 $data = array(
323 'oTFA' => $this
324 );
325
326 // get the template-engine
327 $sMessage = $this->oTwig->render('tfa_mail.lte', $data);
328
329 if (!$this->mailer->sendmail( $sFrom, $sSendTo, $sSubject, $sMessage))
330 {
331 $message = "Failure send mail";
332 echo(LEPTON_tools::display($message,'pre','ui red message'));
333 }
334 }
335}
static getInstance(array &$settings=[])
static getInstance(&$settings=array())
int $iCodeExpires
string $pin_encode
set_be_pin( $id)
set_fe_pin($id='')
object null $oTwig
bool $key_new
display_be_pin( $id)
object null $oAC
display_fe_pin( $id)
send_mail( $id=-99)
object null $mailer
static getInstance()
static $instance
object null $database
initialize(int $user_id=-99)
string $pin
static display(mixed $something_to_display="", string $tag="pre", string|null $css_class=null, bool|null $useVarDump=null)