gtoriadotnet
/
fobe-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update TwoFactor Dependencies 

~ Like the UMM, the members that are static, a new class does not need to be
instantiated.

~ Fixing casing on some of the names of members, if you want to clean up
my advise is that.

~ Added another comment to TwoFactor.php -> please use COUNT(*) when you
aren't actually reading any of the data
This commit is contained in:
Nikita Petko 2021-11-24 19:25:41 +00:00 committed by Github Enterprise
parent f164eccc22
commit c2d8d6878b
6 changed files with 44 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
globals/Dependencies/Users/TwoFactor.php
View File

@ -5,6 +5,7 @@
*/
// Astro, please make public members start with capital letters
// Also where you aren't actually fetching data, please make it do a COUNT(*)
namespace Alphaland\Users {
@ -12,7 +13,7 @@ namespace Alphaland\Users {
class TwoFactor
{
public static function safeGenerate2FASecret()
public static function SafeGenerate2FASecret()
{
$secret = "";
do {
@ -24,7 +25,7 @@ namespace Alphaland\Users {
return $secret;
}
public static function deauth2FAUserSession()
public static function Deauth2FAUserSession()
{
$session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 0 WHERE `id` = :session");
@ -35,19 +36,19 @@ namespace Alphaland\Users {
return false;
}
public static function deleteUser2FA($userid)
public static function DeleteUser2FA(int $userid)
{
$del = $GLOBALS['pdo']->prepare("DELETE FROM `google_2fa` WHERE `userid` = :uid");
$del->bindParam(":uid", $userid, PDO::PARAM_INT);
$del->execute();
if ($del->rowCount() > 0) {
TwoFactor::deauth2FAUserSession();
TwoFactor::Deauth2FAUserSession();
return true;
}
return false;
}
public static function getUser2FASecret($userid)
public static function GetUser2FASecret(int $userid)
{
$code = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `userid` = :uid");
$code->bindParam(":uid", $userid, PDO::PARAM_INT);
@ -57,9 +58,9 @@ namespace Alphaland\Users {
}
}
public static function verify2FACode($userid, $code)
public static function Verify2FACode(int $userid, string $code)
{
$secret = TwoFactor::getUser2FASecret($userid);
$secret = TwoFactor::GetUser2FASecret($userid);
if ($secret) {
if ($GLOBALS['authenticator']->verifyCode($secret, $code, 0)) {
return true;
@ -68,7 +69,7 @@ namespace Alphaland\Users {
return false;
}
public static function is2FAInitialized($userid)
public static function Is2FAInitialized(int $userid)
{
$isinit = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `validated` = 1 AND `userid` = :uid");
$isinit->bindParam(":uid", $userid, PDO::PARAM_INT);
@ -79,7 +80,7 @@ namespace Alphaland\Users {
return false;
}
public static function auth2FAUserSession()
public static function Auth2FAUserSession()
{
$session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 1 WHERE `id` = :session");
@ -90,21 +91,20 @@ namespace Alphaland\Users {
return false;
}
public static function activateUser2FA($userid, $code) //after initializing we make sure it works with a first time activation code
public static function ActivateUser2FA(int $userid, string $code) //after initializing we make sure it works with a first time activation code
{
if(!TwoFactor::is2FAInitialized($userid) &&
TwoFactor::verify2FACode($userid, $code)) {
if(!TwoFactor::Is2FAInitialized($userid) && TwoFactor::Verify2FACode($userid, $code)) {
$check = $GLOBALS['pdo']->prepare("UPDATE `google_2fa` SET `validated` = 1 WHERE `userid` = :uid");
$check->bindParam(":uid", $userid, PDO::PARAM_INT);
if ($check->execute()) {
TwoFactor::auth2FAUserSession();
TwoFactor::Auth2FAUserSession();
return true;
}
}
return false;
}
public static function initialize2FA($userid)
public static function Initialize2FA(int $userid)
{
$check = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `userid` = :uid");
$check->bindParam(":uid", $userid, PDO::PARAM_INT);
@ -112,7 +112,7 @@ namespace Alphaland\Users {
if ($check->rowCount() == 0) {
$username = getUsername($userid);
if ($username) {
$secret = TwoFactor::safeGenerate2FASecret();
$secret = TwoFactor::SafeGenerate2FASecret();
$qrcode = $GLOBALS['authenticator']->getQRCodeGoogleUrl($username, $secret, "Alphaland");
$new2fa = $GLOBALS['pdo']->prepare("INSERT INTO `google_2fa`(`userid`, `secret`, `qr`, `whenGenerated`) VALUES (:uid, :secret, :qr, UNIX_TIMESTAMP())");
$new2fa->bindParam(":uid", $userid, PDO::PARAM_INT);
@ -123,7 +123,7 @@ namespace Alphaland\Users {
}
}
public static function getUser2FAQR($userid)
public static function GetUser2FAQR(int $userid)
{
$qrcode = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `userid` = :uid");
$qrcode->bindParam(":uid", $userid, PDO::PARAM_INT);
@ -133,25 +133,25 @@ namespace Alphaland\Users {
}
}
public static function isSession2FAUnlocked()
public static function IsSession2FAUnlocked()
{
$localuser = $GLOBALS['user']->id;
$session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("SELECT * FROM `sessions` WHERE `twoFactorUnlocked` = 1 AND `id` = :session");
$check->bindParam(":session", $session, PDO::PARAM_INT);
$check->execute();
if ($check->rowCount() > 0 || !TwoFactor::is2FAInitialized($localuser)) {
if ($check->rowCount() > 0 || !TwoFactor::Is2FAInitialized($localuser)) {
return true;
}
return false;
}
public static function attemptSession2FAUnlock($code)
public static function AttemptSession2FAUnlock(string $code)
{
$localuser = $GLOBALS['user']->id;
if (!TwoFactor::isSession2FAUnlocked()) {
if (TwoFactor::verify2FACode($localuser, $code)) {
TwoFactor::auth2FAUserSession();
if (!TwoFactor::IsSession2FAUnlocked()) {
if (TwoFactor::Verify2FACode($localuser, $code)) {
TwoFactor::Auth2FAUserSession();
return true;
}
}

5
globals/config.php
View File

@ -10,6 +10,8 @@
my balls yo jaws
*/
use Alphaland\Users\TwoFactor;
try
{
//php config
@ -133,8 +135,7 @@ try
$activated = new Alphaland\Users\Activation();
$activated = $activated::isUserActivated($GLOBALS['user']->id);
$twofactor = new Alphaland\Users\TwoFactor();
$twofactor = $twofactor::isSession2FAUnlocked();
$twofactor = TwoFactor::IsSession2FAUnlocked();
$maintenance = checkIfUnderMaintenance();
$banned = checkIfBanned($GLOBALS['user']->id);

6
html/2fa.php
View File

@ -1,14 +1,14 @@
<?php
$twofactor = new Alphaland\Users\TwoFactor();
use Alphaland\Users\TwoFactor;
if ($twofactor::isSession2FAUnlocked()){
if (TwoFactor::IsSession2FAUnlocked()){
redirect("/");
}
if(isset($_POST['submit_2fa']))
{
$twofactor::attemptSession2FAUnlock($_POST['2fa_code']);
TwoFactor::AttemptSession2FAUnlock($_POST['2fa_code']);
redirect("/");
}

8
html_api/settings/index.php
View File

@ -6,11 +6,13 @@ Alphaland 2021
*/
//headers
use Alphaland\Users\TwoFactor;
header("Access-Control-Allow-Origin: https://www.alphaland.cc");
header("access-control-allow-credentials: true");
header('Content-Type: application/json');
$twofactor = new Alphaland\Users\TwoFactor();
$userid = $user->id;
//user info
@ -28,7 +30,7 @@ $tradepref = null;
$theme = $userquery->theme;
//initialize 2FA in the database if it hasnt been already
$twofactor::initialize2FA($userid);
TwoFactor::Initialize2FA($userid);
$userInfo = array (
"userid" => $userid,
@ -36,7 +38,7 @@ $userInfo = array (
"email" => $email,
"verified" => $verified,
"blurb" => $blurb,
"twofactorenabled" => $twofactor::is2FAInitialized($userid),
"twofactorenabled" => TwoFactor::Is2FAInitialized($userid),
"referralprogram" => inReferralProgram($userid),
"joinpref" => $joinpref,
"tradepref" => $tradepref,

6
html_api/settings/twofactor/activate.php
View File

@ -5,10 +5,12 @@ Alphaland 2021
*/
//headers
use Alphaland\Users\TwoFactor;
header("Access-Control-Allow-Origin: https://www.alphaland.cc");
header("access-control-allow-credentials: true");
$twofactor = new Alphaland\Users\TwoFactor();
$userid = $user->id;
$data = json_decode(file_get_contents('php://input'));
@ -21,5 +23,5 @@ else
{
$code = $data->code;
header('Content-Type: application/json');
echo json_encode(array("success" => $twofactor::activateUser2FA($userid, $code)));
echo json_encode(array("success" => TwoFactor::ActivateUser2FA($userid, $code)));
}

9
html_api/settings/twofactor/settings.php
View File

@ -6,11 +6,16 @@ Alphaland 2021
*/
//headers
use Alphaland\Users\TwoFactor;
header("Access-Control-Allow-Origin: https://www.alphaland.cc");
header("access-control-allow-credentials: true");
header('Content-Type: application/json');
$twofactor = new Alphaland\Users\TwoFactor();
$userid = $user->id;
die(json_encode(["qr"=>$twofactor::getUser2FAQR($userid),"secret"=>$twofactor::getUser2FASecret($userid)]));
die(json_encode([
"qr" => TwoFactor::getUser2FAQR($userid),
"secret" => TwoFactor::GetUser2FASecret($userid)
]));