mirror of
https://github.com/Znote/ZnoteAAC.git
synced 2025-04-30 19:29:22 +02:00
c3c236e13e
RFC6238 Implementation of the OTP algorythm, tested with the app "Authy" from the iOS iPhone app store.
117 lines
4.3 KiB
PHP
117 lines
4.3 KiB
PHP
<?php
|
|
require_once 'engine/init.php';
|
|
logged_in_redirect();
|
|
include 'layout/overall/header.php';
|
|
|
|
if (empty($_POST) === false) {
|
|
|
|
if ($config['log_ip']) {
|
|
znote_visitor_insert_detailed_data(5);
|
|
}
|
|
|
|
$username = $_POST['username'];
|
|
$password = $_POST['password'];
|
|
|
|
if (empty($username) || empty($password)) {
|
|
$errors[] = 'You need to enter a username and password.';
|
|
} else if (strlen($username) > 32 || strlen($password) > 64) {
|
|
$errors[] = 'Username or password is too long.';
|
|
} else if (user_exist($username) === false) {
|
|
$errors[] = 'Failed to authorize your account, are the details correct, have you <a href=\'register.php\'>register</a>ed?';
|
|
} /*else if (user_activated($username) === false) {
|
|
$errors[] = 'You havent activated your account! Please check your email. <br>Note it may appear in your junk/spam box.';
|
|
} */else if (!Token::isValid($_POST['token'])) {
|
|
Token::debug($_POST['token']);
|
|
$errors[] = 'Token is invalid.';
|
|
} else {
|
|
|
|
// Starting loging
|
|
if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') $login = user_login($username, $password);
|
|
else if ($config['TFSVersion'] == 'TFS_03') $login = user_login_03($username, $password);
|
|
else $login = false;
|
|
if ($login === false) {
|
|
$errors[] = 'Username and password combination is wrong.';
|
|
} else {
|
|
// Check if user have access to login
|
|
$status = false;
|
|
if ($config['mailserver']['register']) {
|
|
$authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$login' AND `active`='1' LIMIT 1;");
|
|
if ($authenticate !== false) {
|
|
$status = true;
|
|
} else {
|
|
$errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account.";
|
|
}
|
|
} else $status = true;
|
|
|
|
if ($status) {
|
|
// Regular login success, now lets check authentication token code
|
|
if ($config['TFSVersion'] == 'TFS_10' && $config['twoFactorAuthenticator']) {
|
|
require_once("engine/function/rfc6238.php");
|
|
|
|
// Two factor authentication code / token
|
|
$authcode = (isset($_POST['authcode'])) ? getValue($_POST['authcode']) : false;
|
|
|
|
// Load secret values from db
|
|
$query = mysql_select_single("SELECT `a`.`secret` AS `secret`, `za`.`secret` AS `znote_secret` FROM `accounts` AS `a` INNER JOIN `znote_accounts` AS `za` ON `a`.`id` = `za`.`account_id` WHERE `a`.`id`='".(int)$login."' LIMIT 1;");
|
|
|
|
// If account table HAS a secret, we need to validate it
|
|
if ($query['secret'] !== NULL) {
|
|
|
|
// Validate the secret first to make sure all is good.
|
|
if (TokenAuth6238::verify($query['znote_secret'], $authcode) !== true) {
|
|
$errors[] = "Submitted Two-Factor Authentication token is wrong.";
|
|
$errors[] = "Make sure to type the correct token from your mobile authenticator.";
|
|
$status = false;
|
|
}
|
|
|
|
} else {
|
|
|
|
// secret from accounts table is null/not set. Perhaps we can activate it:
|
|
if ($query['znote_secret'] !== NULL && $authcode !== false && !empty($authcode)) {
|
|
|
|
// Validate the secret first to make sure all is good.
|
|
if (TokenAuth6238::verify($query['znote_secret'], $authcode)) {
|
|
// Success, enable the 2FA system
|
|
mysql_update("UPDATE `accounts` SET `secret`= '$authcode' WHERE `id`='$login';");
|
|
} else {
|
|
$errors[] = "Activating Two-Factor authentication failed.";
|
|
$errors[] = "Try to login without token and configure your app properly.";
|
|
$errors[] = "Submitted Two-Factor Authentication token is wrong.";
|
|
$errors[] = "Make sure to type the correct token from your mobile authenticator.";
|
|
$status = false;
|
|
}
|
|
}
|
|
}
|
|
} // End tfs 1.0+ with 2FA auth
|
|
|
|
if ($status) {
|
|
setSession('user_id', $login);
|
|
|
|
// if IP is not set (etc acc created before Znote AAC was in use)
|
|
$znote_data = user_znote_account_data($login);
|
|
if ($znote_data['ip'] == 0) {
|
|
$update_data = array(
|
|
'ip' => getIPLong(),
|
|
);
|
|
user_update_znote_account($update_data);
|
|
}
|
|
|
|
// Send them to myaccount.php
|
|
header('Location: myaccount.php');
|
|
exit();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
header('Location: index.php');
|
|
}
|
|
|
|
if (empty($errors) === false) {
|
|
?>
|
|
<h2>We tried to log you in, but...</h2>
|
|
<?php
|
|
echo output_errors($errors);
|
|
}
|
|
|
|
include 'layout/overall/footer.php'; ?>
|