mirror of https://github.com/Mowie/Mowie
Moved 2FA to new Library
This commit is contained in:
parent
d3bff8730e
commit
f5291de8c2
|
@ -43,13 +43,12 @@ if(isset($_POST['username']))
|
|||
exit;
|
||||
} else
|
||||
{
|
||||
require_once '../inc/libs/2fa.php';
|
||||
$authenticator = new php2FA();
|
||||
$auth = new \PragmaRX\Google2FA\Google2FA();
|
||||
|
||||
if ($authenticator->verifyCode($db->data[0]['secret'], $_POST['2fa'], 3))
|
||||
if($auth->verify($_POST['2fa'], $db->data[0]['secret']))
|
||||
{
|
||||
echo 'success';
|
||||
stream_message('{user} has logged in.', 4);
|
||||
stream_message('{user} has logged in.', 4, null, null, $db->data[0]['id']);
|
||||
} else
|
||||
{
|
||||
echo '2fafail';
|
||||
|
|
|
@ -131,8 +131,12 @@ if (hasPerm('manage_admins') || $uid == $_SESSION['userid'])
|
|||
elseif (isset($_GET['2fa']))
|
||||
{
|
||||
echo '<div class="main">';
|
||||
|
||||
require_once '../inc/libs/2fa.php';
|
||||
$authenticator = new php2FA();
|
||||
|
||||
$auth = new \PragmaRX\Google2FA\Google2FA();
|
||||
|
||||
$db->clear();
|
||||
$db->setCol('system_admins');
|
||||
$db->data['id'] = $_SESSION['userid'];
|
||||
|
@ -171,7 +175,7 @@ if (hasPerm('manage_admins') || $uid == $_SESSION['userid'])
|
|||
echo '<h2>' . $lang->get('user_settings_2fa_activate') . '</h2>';
|
||||
if (isset($_POST['smbt']))
|
||||
{
|
||||
if ($authenticator->verifyCode($_POST['secret'], $_POST['2fatest'], 3))
|
||||
if ($auth->verify($_POST['2fatest'], $_POST['secret']))
|
||||
{
|
||||
$db->clear();
|
||||
$db->setCol('system_admins');
|
||||
|
@ -184,197 +188,204 @@ if (hasPerm('manage_admins') || $uid == $_SESSION['userid'])
|
|||
echo msg('fail', $lang->get('user_settings_2fa_activate_fail') . ' {back}');
|
||||
}
|
||||
} else
|
||||
{
|
||||
echo msg('fail', $lang->get('user_settings_2fa_activate_wrong_code') . ' {back}');
|
||||
}
|
||||
} else
|
||||
{
|
||||
echo '<p>' . $lang->get('user_settings_2fa_activate_import_code') . '</p>';
|
||||
$secret = $authenticator->createSecret();
|
||||
echo '<p><b>' . $lang->get('user_settings_2fa_key') . ':</b> ' . $secret . '<br/><br/>';
|
||||
$website = $MCONF['title'] . ' - Admin';
|
||||
$title = $_SESSION['user'];
|
||||
$qrCodeUrl = $authenticator->getSecretUrl($title, $secret, $website);
|
||||
echo '<img src="https://api.qrserver.com/v1/create-qr-code/?size=200x200&format=svg&data=' . $qrCodeUrl . '" alt=""/></p>';
|
||||
?>
|
||||
<p><?php echo $lang->get('user_settings_2fa_confirm_code'); ?>:</p>
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI'] ?>" method="post">
|
||||
<p><input type="text" placeholder="<?php echo $lang->get('user_settings_2fa_enter_code'); ?>"
|
||||
name="2fatest" autocomplete="off"/>
|
||||
<input type="hidden" name="secret" value="<?php echo $secret; ?>"/>
|
||||
<input type="submit" name="smbt" value="<?php echo $lang->get('user_settings_2fa_test'); ?>"/>
|
||||
</p>
|
||||
</form>
|
||||
<?php
|
||||
echo msg('fail', $lang->get('user_settings_2fa_activate_wrong_code') . ' {back}');
|
||||
}
|
||||
}
|
||||
echo '</div>';
|
||||
} else
|
||||
{
|
||||
$db->setCol('system_admins');
|
||||
if (isset($_POST['smbt']))
|
||||
else
|
||||
{
|
||||
$db->data['username'] = $_POST['username'];
|
||||
$db->data['mail'] = $_POST['mail'];
|
||||
if ($db->update(['id' => $uid]))
|
||||
{
|
||||
echo msg('success', $lang->get('user_settings_settings_success') . ' {back}');
|
||||
stream_message('{user} changed it\'s username and/or email-adress.', 4);
|
||||
} else
|
||||
{
|
||||
echo msg('fail', $lang->get('user_settings_settings_fail') . ' {back}');
|
||||
}
|
||||
echo '<p>' . $lang->get('user_settings_2fa_activate_import_code') . '</p>';
|
||||
$secret = $auth->generateSecretKey();
|
||||
echo '<p><b>' . $lang->get('user_settings_2fa_key') . ':</b> ' . $secret . '<br/><br/>';
|
||||
$website = $MCONF['title'] . ' - Admin';
|
||||
$title = $_SESSION['user'];
|
||||
$qrCodeUrl = $authenticator->getSecretUrl($title, $secret, $website);
|
||||
|
||||
//Log-Level
|
||||
$loglevel = '';
|
||||
$loglevelA = [];
|
||||
if (isset($_POST['level_1']) && $_POST['level_1'] == 'true') $loglevelA[] = 1;
|
||||
if (isset($_POST['level_2']) && $_POST['level_2'] == 'true') $loglevelA[] = 2;
|
||||
if (isset($_POST['level_3']) && $_POST['level_3'] == 'true') $loglevelA[] = 3;
|
||||
if (isset($_POST['level_4']) && $_POST['level_4'] == 'true') $loglevelA[] = 4;
|
||||
$loglevel = json_encode($loglevelA);
|
||||
|
||||
//Get the current status
|
||||
$db->setCol('system_show_stream');
|
||||
$db->data['user'] = $_SESSION['userid'];
|
||||
$db->get();
|
||||
if (isset($db->data[0]))//If we already have stream settings saved, update them
|
||||
{
|
||||
$db->setCol('system_show_stream');
|
||||
$db->data['level'] = $loglevel;
|
||||
if ($db->update(['user' => $_SESSION['userid']]))
|
||||
{
|
||||
echo msg('success', $lang->get('user_settings_log_level_success') . ' {back}');
|
||||
} else
|
||||
{
|
||||
echo msg('fail', $lang->get('user_settings_log_level_fail') . ' {back}');
|
||||
}
|
||||
} else //Otherwise insert them
|
||||
{
|
||||
$db->setCol('system_show_stream');
|
||||
$db->data['user'] = $_SESSION['userid'];
|
||||
$db->data['level'] = $loglevel;
|
||||
if ($db->insert())
|
||||
{
|
||||
echo msg('success', $lang->get('user_settings_log_level_success'));
|
||||
} else
|
||||
{
|
||||
echo msg('fail', $lang->get('user_settings_log_level_fail'));
|
||||
}
|
||||
}
|
||||
} else
|
||||
{
|
||||
$db->data['id'] = $uid;
|
||||
$db->get();
|
||||
//print_r($db->data);
|
||||
if ($db->data[0]['username'] !== '')
|
||||
{
|
||||
?>
|
||||
<div class="main">
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI'] ?>" class="form" method="post">
|
||||
<input type="hidden" name="askPW" value="askPW">
|
||||
<p><span><?php echo $lang->get('username'); ?>:</span><input name="username"
|
||||
value="<?php echo $db->data[0]['username'] ?>"/>
|
||||
</p>
|
||||
<p><span><?php echo $lang->get('admins_mail'); ?>:</span><input name="mail"
|
||||
value="<?php echo $db->data[0]['mail'] ?>"/>
|
||||
</p>
|
||||
<p><span><?php echo $lang->get('password'); ?>:</span><a
|
||||
href="user_settings.php?uid=<?php echo $db->data[0]['id'];
|
||||
if ($db->data[0]['id'] == $_SESSION['userid'])
|
||||
{
|
||||
echo '&pw_u';
|
||||
} else
|
||||
{
|
||||
echo '&pw_new';
|
||||
}
|
||||
?>"><?php echo $lang->get('user_settings_settings_pass'); ?></a></p>
|
||||
<p><span><?php echo $lang->get('admins_roles_group'); ?>:</span><?php
|
||||
$lvl = $db->data[0]['lvl'];
|
||||
$db->setCol('system_roles');
|
||||
$db->data['id'] = $lvl;
|
||||
$db->get();
|
||||
if (isset($db->data[0]['name']))
|
||||
{
|
||||
echo $db->data[0]['name'];
|
||||
}
|
||||
else
|
||||
{
|
||||
echo '<i>'.sprintf($lang->get('user_settings_none'), $MCONF['web_uri']. 'admin/roles.php').'</i>';
|
||||
} ?></p>
|
||||
<p><span><?php echo $lang->get('user_settings_last_login'); ?>:</span><?php
|
||||
$db->setCol('system_loggedin');
|
||||
$db->data['user'] = $uid;
|
||||
$db->get();
|
||||
if (isset($db->data[0]['time']))
|
||||
{
|
||||
echo date('d.m.Y H:i:s', $db->data[0]['time']);
|
||||
} else
|
||||
{
|
||||
$last_login = '<i>' . $lang->get('never') . '</i>';
|
||||
foreach ($db->data as $data)
|
||||
{
|
||||
$last_login = date('d.m.Y H:i:s', $data['time']);
|
||||
}
|
||||
echo $last_login;
|
||||
}
|
||||
|
||||
if ($uid == $_SESSION['userid'])
|
||||
{
|
||||
echo ' <a href="user_settings.php?sessions">' . $lang->get('user_settings_show_current_sessions') . '</a>';
|
||||
?></p>
|
||||
<p><span><?php echo $lang->get('user_settings_2fa'); ?>:</span><?php
|
||||
$db->clear();
|
||||
$db->setCol('system_admins');
|
||||
$db->data['id'] = $_SESSION['userid'];
|
||||
$db->get();
|
||||
if (isset($db->data[0]['secret']) && $db->data[0]['secret'] != '')
|
||||
{
|
||||
echo $lang->get('general_active') . '. <a href="?2fa">' . $lang->get('general_deactivate') . '</a>';
|
||||
} else
|
||||
{
|
||||
echo $lang->get('general_inactive') . '. <a href="?2fa">' . $lang->get('general_activate') . '</a>';
|
||||
}
|
||||
}
|
||||
?><br/></p>
|
||||
<p><span><?php echo $lang->get('user_settings_log_level'); ?>:</span>
|
||||
<?php
|
||||
$db->setCol('system_show_stream');
|
||||
$db->data['user'] = $_SESSION['userid'];
|
||||
$db->get();
|
||||
$loglevel = [];
|
||||
if (isset($db->data[0]))
|
||||
{
|
||||
$loglevel = json_decode($db->data[0]['level']);
|
||||
}
|
||||
?>
|
||||
<input type="checkbox" name="level_1"
|
||||
id="level_1"<?php if (in_array(1, $loglevel)) echo ' checked="checked"'; ?>/>
|
||||
<label for="level_1"><i></i> <?php echo $lang->get('user_settings_log_level_1'); ?></label>
|
||||
<div style="clear: both;"></div>
|
||||
<span> </span>
|
||||
<input type="checkbox" name="level_2"
|
||||
id="level_2"<?php if (in_array(2, $loglevel)) echo ' checked="checked"'; ?>/>
|
||||
<label for="level_2"><i></i> <?php echo $lang->get('user_settings_log_level_2'); ?></label>
|
||||
<div style="clear: both;"></div>
|
||||
<span> </span>
|
||||
<input type="checkbox" name="level_3"
|
||||
id="level_3"<?php if (in_array(3, $loglevel)) echo ' checked="checked"'; ?>/>
|
||||
<label for="level_3"><i></i> <?php echo $lang->get('user_settings_log_level_3'); ?></label>
|
||||
<div style="clear: both;"></div>
|
||||
<span> </span>
|
||||
<input type="checkbox" name="level_4"
|
||||
id="level_4"<?php if (in_array(4, $loglevel)) echo ' checked="checked"'; ?>/>
|
||||
<label for="level_4"><i></i> <?php echo $lang->get('user_settings_log_level_4'); ?></label>
|
||||
</p>
|
||||
<p><input type="submit" name="smbt" value="<?php echo $lang->get('general_save_changes'); ?>"/>
|
||||
</p>
|
||||
</form>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
$qrcode = $auth->getQRCodeInline(
|
||||
$MCONF['title'],
|
||||
$_SESSION['user'],
|
||||
$secret,
|
||||
250
|
||||
);
|
||||
echo '<img src="' . $qrcode . '" alt=""/></p>';
|
||||
?>
|
||||
<p><?php echo $lang->get('user_settings_2fa_confirm_code'); ?>:</p>
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI'] ?>" method="post">
|
||||
<p><input type="text" placeholder="<?php echo $lang->get('user_settings_2fa_enter_code'); ?>"
|
||||
name="2fatest" autocomplete="off"/>
|
||||
<input type="hidden" name="secret" value="<?php echo $secret; ?>"/>
|
||||
<input type="submit" name="smbt" value="<?php echo $lang->get('user_settings_2fa_test'); ?>"/>
|
||||
</p>
|
||||
</form>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
echo '</div>';
|
||||
} else
|
||||
{
|
||||
$db->setCol('system_admins');
|
||||
if (isset($_POST['smbt']))
|
||||
{
|
||||
$db->data['username'] = $_POST['username'];
|
||||
$db->data['mail'] = $_POST['mail'];
|
||||
if ($db->update(['id' => $uid]))
|
||||
{
|
||||
echo msg('success', $lang->get('user_settings_settings_success') . ' {back}');
|
||||
stream_message('{user} changed it\'s username and/or email-adress.', 4);
|
||||
} else
|
||||
{
|
||||
echo msg('fail', $lang->get('user_settings_settings_fail') . ' {back}');
|
||||
}
|
||||
|
||||
//Log-Level
|
||||
$loglevel = '';
|
||||
$loglevelA = [];
|
||||
if (isset($_POST['level_1']) && $_POST['level_1'] == 'true') $loglevelA[] = 1;
|
||||
if (isset($_POST['level_2']) && $_POST['level_2'] == 'true') $loglevelA[] = 2;
|
||||
if (isset($_POST['level_3']) && $_POST['level_3'] == 'true') $loglevelA[] = 3;
|
||||
if (isset($_POST['level_4']) && $_POST['level_4'] == 'true') $loglevelA[] = 4;
|
||||
$loglevel = json_encode($loglevelA);
|
||||
|
||||
//Get the current status
|
||||
$db->setCol('system_show_stream');
|
||||
$db->data['user'] = $_SESSION['userid'];
|
||||
$db->get();
|
||||
if (isset($db->data[0]))//If we already have stream settings saved, update them
|
||||
{
|
||||
$db->setCol('system_show_stream');
|
||||
$db->data['level'] = $loglevel;
|
||||
if ($db->update(['user' => $_SESSION['userid']]))
|
||||
{
|
||||
echo msg('success', $lang->get('user_settings_log_level_success') . ' {back}');
|
||||
} else
|
||||
{
|
||||
echo msg('fail', $lang->get('user_settings_log_level_fail') . ' {back}');
|
||||
}
|
||||
} else //Otherwise insert them
|
||||
{
|
||||
$db->setCol('system_show_stream');
|
||||
$db->data['user'] = $_SESSION['userid'];
|
||||
$db->data['level'] = $loglevel;
|
||||
if ($db->insert())
|
||||
{
|
||||
echo msg('success', $lang->get('user_settings_log_level_success'));
|
||||
} else
|
||||
{
|
||||
echo msg('fail', $lang->get('user_settings_log_level_fail'));
|
||||
}
|
||||
}
|
||||
} else
|
||||
{
|
||||
$db->data['id'] = $uid;
|
||||
$db->get();
|
||||
//print_r($db->data);
|
||||
if ($db->data[0]['username'] !== '')
|
||||
{
|
||||
?>
|
||||
<div class="main">
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI'] ?>" class="form" method="post">
|
||||
<input type="hidden" name="askPW" value="askPW">
|
||||
<p><span><?php echo $lang->get('username'); ?>:</span><input name="username"
|
||||
value="<?php echo $db->data[0]['username'] ?>"/>
|
||||
</p>
|
||||
<p><span><?php echo $lang->get('admins_mail'); ?>:</span><input name="mail"
|
||||
value="<?php echo $db->data[0]['mail'] ?>"/>
|
||||
</p>
|
||||
<p><span><?php echo $lang->get('password'); ?>:</span><a
|
||||
href="user_settings.php?uid=<?php echo $db->data[0]['id'];
|
||||
if ($db->data[0]['id'] == $_SESSION['userid'])
|
||||
{
|
||||
echo '&pw_u';
|
||||
} else
|
||||
{
|
||||
echo '&pw_new';
|
||||
}
|
||||
?>"><?php echo $lang->get('user_settings_settings_pass'); ?></a></p>
|
||||
<p><span><?php echo $lang->get('admins_roles_group'); ?>:</span><?php
|
||||
$lvl = $db->data[0]['lvl'];
|
||||
$db->setCol('system_roles');
|
||||
$db->data['id'] = $lvl;
|
||||
$db->get();
|
||||
if (isset($db->data[0]['name']))
|
||||
{
|
||||
echo $db->data[0]['name'];
|
||||
} else
|
||||
{
|
||||
echo '<i>' . sprintf($lang->get('user_settings_none'), $MCONF['web_uri'] . 'admin/roles.php') . '</i>';
|
||||
} ?></p>
|
||||
<p><span><?php echo $lang->get('user_settings_last_login'); ?>:</span><?php
|
||||
$db->setCol('system_loggedin');
|
||||
$db->data['user'] = $uid;
|
||||
$db->get();
|
||||
if (isset($db->data[0]['time']))
|
||||
{
|
||||
echo date('d.m.Y H:i:s', $db->data[0]['time']);
|
||||
} else
|
||||
{
|
||||
$last_login = '<i>' . $lang->get('never') . '</i>';
|
||||
foreach ($db->data as $data)
|
||||
{
|
||||
$last_login = date('d.m.Y H:i:s', $data['time']);
|
||||
}
|
||||
echo $last_login;
|
||||
}
|
||||
|
||||
if ($uid == $_SESSION['userid'])
|
||||
{
|
||||
echo ' <a href="user_settings.php?sessions">' . $lang->get('user_settings_show_current_sessions') . '</a>';
|
||||
?></p>
|
||||
<p><span><?php echo $lang->get('user_settings_2fa'); ?>:</span><?php
|
||||
$db->clear();
|
||||
$db->setCol('system_admins');
|
||||
$db->data['id'] = $_SESSION['userid'];
|
||||
$db->get();
|
||||
if (isset($db->data[0]['secret']) && $db->data[0]['secret'] != '')
|
||||
{
|
||||
echo $lang->get('general_active') . '. <a href="?2fa">' . $lang->get('general_deactivate') . '</a>';
|
||||
} else
|
||||
{
|
||||
echo $lang->get('general_inactive') . '. <a href="?2fa">' . $lang->get('general_activate') . '</a>';
|
||||
}
|
||||
}
|
||||
?><br/></p>
|
||||
<p><span><?php echo $lang->get('user_settings_log_level'); ?>:</span>
|
||||
<?php
|
||||
$db->setCol('system_show_stream');
|
||||
$db->data['user'] = $_SESSION['userid'];
|
||||
$db->get();
|
||||
$loglevel = [];
|
||||
if (isset($db->data[0]))
|
||||
{
|
||||
$loglevel = json_decode($db->data[0]['level']);
|
||||
}
|
||||
?>
|
||||
<input type="checkbox" name="level_1"
|
||||
id="level_1"<?php if (in_array(1, $loglevel)) echo ' checked="checked"'; ?>/>
|
||||
<label for="level_1"><i></i> <?php echo $lang->get('user_settings_log_level_1'); ?></label>
|
||||
<div style="clear: both;"></div>
|
||||
<span> </span>
|
||||
<input type="checkbox" name="level_2"
|
||||
id="level_2"<?php if (in_array(2, $loglevel)) echo ' checked="checked"'; ?>/>
|
||||
<label for="level_2"><i></i> <?php echo $lang->get('user_settings_log_level_2'); ?></label>
|
||||
<div style="clear: both;"></div>
|
||||
<span> </span>
|
||||
<input type="checkbox" name="level_3"
|
||||
id="level_3"<?php if (in_array(3, $loglevel)) echo ' checked="checked"'; ?>/>
|
||||
<label for="level_3"><i></i> <?php echo $lang->get('user_settings_log_level_3'); ?></label>
|
||||
<div style="clear: both;"></div>
|
||||
<span> </span>
|
||||
<input type="checkbox" name="level_4"
|
||||
id="level_4"<?php if (in_array(4, $loglevel)) echo ' checked="checked"'; ?>/>
|
||||
<label for="level_4"><i></i> <?php echo $lang->get('user_settings_log_level_4'); ?></label>
|
||||
</p>
|
||||
<p><input type="submit" name="smbt" value="<?php echo $lang->get('general_save_changes'); ?>"/>
|
||||
</p>
|
||||
</form>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
}
|
||||
}
|
||||
} else
|
||||
{
|
||||
echo msg('info', $lang->get('missing_permission'));
|
||||
|
|
|
@ -764,7 +764,7 @@ function remote_file_exists($url)
|
|||
function stream_message($msg, $lvl, $extra = '', $time = null, $user = null)
|
||||
{
|
||||
if (!isset($time)) $time = time();
|
||||
if (!isset($user)) $user = $_SESSION['userid'];
|
||||
if(isset($_SESSION['userid']) && !isset($user)) $user = $_SESSION['userid'];
|
||||
|
||||
global $db;
|
||||
$db->setCol('system_stream');
|
||||
|
|
Loading…
Reference in New Issue