gtoriadotnet
/
fobe-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TwoFactor impl update

This commit is contained in:
Astrologies 2021-12-22 05:45:24 -05:00
parent 65b9dd0f4b
commit 006d56fc8c
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
globals/Dependencies/Users/TwoFactor.php
View File

@ -4,9 +4,6 @@
Alphaland 2021 Alphaland 2021
*/ */
// Astro, please make public members start with capital letters
// Also where you aren't actually fetching data, please make it do a COUNT(*)
namespace Alphaland\Users { namespace Alphaland\Users {
use PDO; use PDO;
@ -18,10 +15,10 @@ namespace Alphaland\Users {
$secret = ""; $secret = "";
do { do {
$secret = $GLOBALS['authenticator']->createSecret(); $secret = $GLOBALS['authenticator']->createSecret();
$keycheck = $GLOBALS['pdo']->prepare("SELECT * FROM `twofactor` WHERE `secret` = :ac"); $keycheck = $GLOBALS['pdo']->prepare("SELECT COUNT(*) FROM `twofactor` WHERE `secret` = :ac");
$keycheck->bindParam(":ac", $secret, PDO::PARAM_STR); $keycheck->bindParam(":ac", $secret, PDO::PARAM_STR);
$keycheck->execute(); $keycheck->execute();
} while ($keycheck->rowCount() != 0); } while ($keycheck->fetchColumn() != 0);
return $secret; return $secret;
} }
@ -71,10 +68,10 @@ namespace Alphaland\Users {
public static function Is2FAInitialized(int $userid) public static function Is2FAInitialized(int $userid)
{ {
$isinit = $GLOBALS['pdo']->prepare("SELECT * FROM `twofactor` WHERE `validated` = 1 AND `userid` = :uid"); $isinit = $GLOBALS['pdo']->prepare("SELECT COUNT(*) FROM `twofactor` WHERE `validated` = 1 AND `userid` = :uid");
$isinit->bindParam(":uid", $userid, PDO::PARAM_INT); $isinit->bindParam(":uid", $userid, PDO::PARAM_INT);
$isinit->execute(); $isinit->execute();
if ($isinit->rowCount() > 0) { if ($isinit->fetchColumn() > 0) {
return true; return true;
} }
return false; return false;
@ -137,10 +134,10 @@ namespace Alphaland\Users {
{ {
$localuser = $GLOBALS['user']->id; $localuser = $GLOBALS['user']->id;
$session = $GLOBALS['user']->sessionCookieID; $session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("SELECT * FROM `sessions` WHERE `twoFactorUnlocked` = 1 AND `id` = :session"); $check = $GLOBALS['pdo']->prepare("SELECT COUNT(*) FROM `sessions` WHERE `twoFactorUnlocked` = 1 AND `id` = :session");
$check->bindParam(":session", $session, PDO::PARAM_INT); $check->bindParam(":session", $session, PDO::PARAM_INT);
$check->execute(); $check->execute();
if ($check->rowCount() > 0 || !TwoFactor::Is2FAInitialized($localuser)) { if ($check->fetchColumn() > 0 || !TwoFactor::Is2FAInitialized($localuser)) {
return true; return true;
} }
return false; return false;