From e2331861d73d402bfb4a693c43189ad158dc54c1 Mon Sep 17 00:00:00 2001 From: Austin Date: Fri, 12 Nov 2021 14:12:52 -0500 Subject: [PATCH] 2step prep --- globals/config.php | 18 +++++++++++++--- globals/functions.php | 49 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 63 insertions(+), 4 deletions(-) diff --git a/globals/config.php b/globals/config.php index 81ec17b..3c2696e 100644 --- a/globals/config.php +++ b/globals/config.php @@ -92,7 +92,7 @@ try //authenticator $authenticator = new PHPGangsta_GoogleAuthenticator(); - + //mailer $mail = new PHPMailer\PHPMailer\PHPMailer(true); $mail->IsSMTP(); @@ -130,27 +130,39 @@ try $activated = $activated->isUserActivated($GLOBALS['user']->id); $maintenance = checkIfUnderMaintenance(); $banned = checkIfBanned($GLOBALS['user']->id); + $twofactor = isSession2FAUnlocked(); + + //step 1, check if under maintenance if ($maintenance) { //maintenance redirect if ($accesseddirectory != "/maintenance.php") { redirect($url . "/maintenance"); } } - if ($banned && !$maintenance) { //ban redirect + //step 2, check if user is banned + if ($GLOBALS['user']->logged_in && $banned) { //ban redirect if ($accesseddirectory != "/ban.php" && $accesseddirectory != "/logout.php") { redirect($url . "/ban"); } } - if ($GLOBALS['user']->logged_in && !$activated && !$banned && !$maintenance) { //activation redirect + //step 3, check if user is activated + if ($GLOBALS['user']->logged_in && !$activated) { //activation redirect if ($accesseddirectory != "/activate.php" && $accesseddirectory != "/logout.php") { redirect($url . "/activate"); } } + //step 4, check if 2fa is authenticated + if ($GLOBALS['user']->logged_in && !$twofactor) { //2fa redirect + if ($accesseddirectory != "/2fa.php") { + redirect($url . "/2fa"); + } + } + //pages accessible to users who aren't logged in if (!$GLOBALS['user']->logged_in) { //not logged in if ($accesseddomain == "www.".$domain) { //www diff --git a/globals/functions.php b/globals/functions.php index 436cd44..ffd8e04 100644 --- a/globals/functions.php +++ b/globals/functions.php @@ -5260,6 +5260,7 @@ function deleteUser2FA($userid) $del->bindParam(":uid", $userid, PDO::PARAM_INT); $del->execute(); if ($del->rowCount() > 0) { + deauth2FAUserSession(); return true; } return false; @@ -5293,6 +5294,7 @@ function activateUser2FA($userid, $code) //after initializing we make sure it wo $check = $GLOBALS['pdo']->prepare("UPDATE `google_2fa` SET `validated` = 1 WHERE `userid` = :uid"); $check->bindParam(":uid", $userid, PDO::PARAM_INT); if ($check->execute()) { + auth2FAUserSession(); return true; } } @@ -5339,9 +5341,54 @@ function getUser2FAQR($userid) } } +function isSession2FAUnlocked() +{ + $localuser = $GLOBALS['user']->id; + $session = $GLOBALS['user']->sessionCookieID; + $check = $GLOBALS['pdo']->prepare("SELECT * FROM `sessions` WHERE `twoFactorUnlocked` = 1 AND `id` = :session"); + $check->bindParam(":session", $session, PDO::PARAM_INT); + $check->execute(); + if ($check->rowCount() > 0 || !is2FAInitialized($localuser)) { + return true; + } + return false; +} + +function auth2FAUserSession() +{ + $session = $GLOBALS['user']->sessionCookieID; + + $check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 1 WHERE `id` = :session"); + $check->bindParam(":session", $session, PDO::PARAM_INT); + if ($check->execute()) { + return true; + } + return false; +} + +function deauth2FAUserSession() +{ + $session = $GLOBALS['user']->sessionCookieID; + + $check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 0 WHERE `id` = :session"); + $check->bindParam(":session", $session, PDO::PARAM_INT); + if ($check->execute()) { + return true; + } + return false; +} + +function attemptSession2FAUnlock($code) +{ + $localuser = $GLOBALS['user']->id; + if (!isSession2FAUnlocked()) { + if (verify2FACode($localuser, $code)) { + auth2FAUserSession(); + } + } +} - function setBlurb($newblurb) { $newblurb = cleanInput($newblurb);