LEPTON CMS 7.2.0
feel free to keep it strictly simple...
Loading...
Searching...
No Matches
lepton_tfa.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
4
20class LEPTON_tfa
21{
22 public bool $key_new = false;
23 public string $pin = '-1';
24 public string $pin_encode = '-1';
25 public int $user_id = -99;
26
27 public object|null $oTwig = null;
28 public object|null $database = null;
29 public object|null $mailer = null;
30 public static $instance;
31
32// public static $instance;
33
38 public static function getInstance()
39 {
40 if (null === static::$instance)
41 {
42 static::$instance = new static();
43 static::$instance->initialize();
44 }
45 return static::$instance;
46 }
47
48 public function initialize( int $user_id = -99)
49 {
50 $this->database = LEPTON_database::getInstance();
51 $this->oTwig = lib_twig_box::getInstance();
52 $this->mailer = LEPTON_mailer::getInstance();
53
54 $temp_value = $this->database->get_one("SELECT pin FROM ".TABLE_PREFIX."users WHERE user_id = ".$user_id);
55
56 if($temp_value == -1)
57 {
58 $this->key_new = true;
59 }
60 else
61 {
62 $this->key_new = false;
63 }
64
65 $this->user_id = $user_id;
66 $createPin = random_int(100000, 999999);
67 $this->pin = "".$createPin."";
68 $this->pin_encode = password_hash($this->pin, PASSWORD_DEFAULT); // for use in TFA = mail only
69 }
70
71 public function set_fe_pin($id = '')
72 {
73 if ( $id == 'create')
74 {
75 if(isset($_SESSION['USER_ID']) && isset($_SESSION['LEPTOKENS']))
76 {
77 $token = $_SESSION['LEPTOKENS'][0];
78 $redirect = $_GET['redirect']?? LEPTON_URL;
79
80 $page_values = array(
81 'oTFA' => $this,
82 'ACTION_URL' => LEPTON_URL."/account/tfa.php",
83 'token' => $token,
84 'redirect' => $redirect,
85 'post_login' => $_POST,
86 'pin' => $this->pin,
87 'new' => $this->key_new,
88 );
89
90 $this->oTwig->registerPath( LEPTON_PATH."/account/templates/" );
91 echo $this->oTwig->render(
92 "tfa_form.lte",
93 $page_values
94 );
95
96 }
97 }
98
99 elseif ( $id == 'save')
100 {
101 if(isset($_POST['save']) && strlen($_POST['save']) == 6 )
102 {
103 $this->pin_encode = password_hash($_POST['save'], PASSWORD_DEFAULT); // for use in TFA = local
104
105 // save pin
106 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin` = '".$this->pin_encode."' WHERE user_id = ".$this->user_id);
107
108 // modify pin_set
109 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
110
111 header('Location: '.$_POST['redirect'].' ');
112 exit();
113
114 }
115 }
116 else
117 {
118 header('Location: '.LEPTON_URL.'/account/logout.php');
119 }
120 }
121
122 public function display_fe_pin( $id )
123 {
124 if ( $id == 'display' || $id == 'resend')
125 {
126 if(TFA == "mail")
127 {
128 // modify pin_set
129 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin` = '".$this->pin_encode."' WHERE user_id = ".$this->user_id);
130 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
131
132 self::send_mail($this->user_id);
133 }
134
135 $page_values = array(
136 'oTFA' => $this,
137 'ACTION_URL' => LEPTON_URL."/account/tfa.php",
138 'post_login' => $_POST,
139 'redirect' => $_POST['redirect'] ?? LEPTON_URL,
140 'TFA' => TFA,
141 'token' => $_SESSION['LEPTOKENS'][0],
142 'new' => false,
143 );
144
145 $this->oTwig->registerPath( LEPTON_PATH."/account/templates/" );
146 echo $this->oTwig->render(
147 "tfa_form.lte",
148 $page_values
149 );
150 }
151 elseif ( $id == 'forward')
152 {
153
154 if(isset($_POST['token']) && strlen($_POST['pin']) == 6 )
155 {
156
157 // get PIN from database
158 $dbKey = $this->database->get_one("SELECT pin FROM ".TABLE_PREFIX."users WHERE user_id = ".$this->user_id);
159 $postKey = $_POST['pin'];
160 $forward = strip_tags($_REQUEST['redirect'] ?? LEPTON_URL);
161
162 // validate PIN
163 if(password_verify ($postKey, $dbKey) === true)
164 {
165 // prevent logout
166 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 2 WHERE user_id = ".$this->user_id);
167
168 header('Location: '.$forward);
169 }
170 else
171 {
172 header('Location: '.LEPTON_URL.'/account/logout.php');
173 }
174 }
175 }
176 else
177 {
178 header('Location: '.LEPTON_URL.'/account/logout.php');
179 }
180 }
181
182 public function set_be_pin( $id )
183 {
184 if ( $id == 'create')
185 {
186 $page_values = array(
187 'oTFA' => $this,
188 'ACTION_URL' => ADMIN_URL."/login/tfa.php",
189 'token' => $_SESSION['LEPTOKENS'][0],
190 'post_login' => $_POST,
191 'pin' => $this->pin,
192 'new' => $this->key_new,
193 );
194
195 $this->oTwig->registerPath( THEME_PATH."theme","tfa" );
196 echo $this->oTwig->render(
197 "@theme/tfa_form.lte",
198 $page_values
199 );
200 }
201
202 if ( $id == 'save')
203 {
204 if(isset($_POST['save']) && strlen($_POST['save']) == 6 )
205 {
206 $this->pin_encode = password_hash($_POST['save'], PASSWORD_DEFAULT); // for use in TFA = local
207
208 // save PIN
209 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin` = '".$this->pin_encode."' WHERE user_id = ".$this->user_id);
210
211 // modify pin_set
212 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
213
214 header('Location: '.ADMIN_URL.'/logout/index.php');
215 exit();
216 }
217 else
218 {
219 header('Location: '.ADMIN_URL.'/logout/index.php');
220 }
221 }
222 }
223
224 public function display_be_pin( $id )
225 {
226 if ( $id == 'display' || $id == 'resend')
227 {
228 if(TFA == "mail")
229 {
230 // modify pin_set
231 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin` = '".$this->pin_encode."' WHERE user_id = ".$this->user_id);
232 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
233
234 self::send_mail($this->user_id);
235 }
236
237 $page_values = array(
238 'oTFA' => $this,
239 'ACTION_URL' => ADMIN_URL."/login/tfa.php",
240 'token' => $_SESSION['LEPTOKENS'][0],
241 'TFA' => TFA,
242 'new' => false,
243 );
244
245 $this->oTwig->registerPath( THEME_PATH."theme","tfa" );
246 echo $this->oTwig->render(
247 "@theme/tfa_form.lte",
248 $page_values
249 );
250 }
251
252 elseif ( $id == 'forward')
253 {
254 if(isset($_POST['token']) && strlen($_POST['pin']) == 6 )
255 {
256 // get PIN from database
257 $dbKey = $this->database->get_one("SELECT pin FROM ".TABLE_PREFIX."users WHERE user_id = ".$this->user_id);
258 $postKey = $_POST['pin'];
259
260 // validate PIN
261 if(password_verify ($postKey, $dbKey) === true)
262 {
263 // modify pin_set
264 $this->database->simple_query("UPDATE ".TABLE_PREFIX."users SET `pin_set` = 2 WHERE user_id = ".$this->user_id);
265
266 header('Location: '.ADMIN_URL.'/start/index.php?leptoken='.$_POST['token']);
267 }
268 else
269 {
270 header('Location: '.ADMIN_URL.'/logout/index.php');
271 }
272 }
273 }
274 else
275 {
276 header('Location: '.ADMIN_URL.'/logout/index.php');
277 }
278 }
279
280
281 public function send_mail( $id = -99 )
282 {
283 global $TEXT;
284
285 $sFrom = SERVER_EMAIL;
286 $sSendTo = $this->database->get_one("SELECT email FROM ".TABLE_PREFIX."users WHERE user_id = ".$this->user_id);
287 $sSubject = $TEXT['TFA_SUBJECT'];
288 $sMessage = "
289 <br />
290 ".$TEXT['TFA_NOTICE_I']."
291 <br />
292 ".LEPTON_tools::display($this->pin, 'pre','ui message')."
293 <br />
294 ";
295
296 if (!$this->mailer->sendmail( $sFrom, $sSendTo, $sSubject, $sMessage))
297 {
298 $message = "Failure send mail";
299 echo(LEPTON_tools::display($message,'pre','ui red message'));
300 }
301
302 }
303}
LEPTON_database\getInstance
static getInstance(array &$settings=[])
Definition lepton_database.php:75
LEPTON_mailer\getInstance
static getInstance(&$settings=array())
Definition lepton_mailer.php:35
LEPTON_tfa
Definition lepton_tfa.php:21
LEPTON_tfa\$pin_encode
string $pin_encode
Definition lepton_tfa.php:24
LEPTON_tfa\set_be_pin
set_be_pin( $id)
Definition lepton_tfa.php:182
LEPTON_tfa\set_fe_pin
set_fe_pin($id='')
Definition lepton_tfa.php:71
LEPTON_tfa\$oTwig
object null $oTwig
Definition lepton_tfa.php:27
LEPTON_tfa\$key_new
bool $key_new
Definition lepton_tfa.php:22
LEPTON_tfa\display_be_pin
display_be_pin( $id)
Definition lepton_tfa.php:224
LEPTON_tfa\display_fe_pin
display_fe_pin( $id)
Definition lepton_tfa.php:122
LEPTON_tfa\$user_id
int $user_id
Definition lepton_tfa.php:25
LEPTON_tfa\send_mail
send_mail( $id=-99)
Definition lepton_tfa.php:281
LEPTON_tfa\$mailer
object null $mailer
Definition lepton_tfa.php:29
LEPTON_tfa\getInstance
static getInstance()
Definition lepton_tfa.php:38
LEPTON_tfa\$instance
static $instance
Definition lepton_tfa.php:30
LEPTON_tfa\$database
object null $database
Definition lepton_tfa.php:28
LEPTON_tfa\initialize
initialize(int $user_id=-99)
Definition lepton_tfa.php:48
LEPTON_tfa\$pin
string $pin
Definition lepton_tfa.php:23
LEPTON_tools\display
static display(mixed $something_to_display="", string $tag="pre", string|null $css_class=null, bool|null $useVarDump=null)
Definition lepton_tools.php:65
THEME_PATH
const THEME_PATH
Definition constants.php:157