2step prep
This commit is contained in:
Austin
parent
af3035900a
commit
e2331861d7
|
|
@ -92,7 +92,7 @@ try
|
||||||
|
|
||||||
//authenticator
|
//authenticator
|
||||||
$authenticator = new PHPGangsta_GoogleAuthenticator();
|
$authenticator = new PHPGangsta_GoogleAuthenticator();
|
||||||
|
|
||||||
//mailer
|
//mailer
|
||||||
$mail = new PHPMailer\PHPMailer\PHPMailer(true);
|
$mail = new PHPMailer\PHPMailer\PHPMailer(true);
|
||||||
$mail->IsSMTP();
|
$mail->IsSMTP();
|
||||||
|
|
@ -130,27 +130,39 @@ try
|
||||||
$activated = $activated->isUserActivated($GLOBALS['user']->id);
|
$activated = $activated->isUserActivated($GLOBALS['user']->id);
|
||||||
$maintenance = checkIfUnderMaintenance();
|
$maintenance = checkIfUnderMaintenance();
|
||||||
$banned = checkIfBanned($GLOBALS['user']->id);
|
$banned = checkIfBanned($GLOBALS['user']->id);
|
||||||
|
$twofactor = isSession2FAUnlocked();
|
||||||
|
|
||||||
|
|
||||||
|
//step 1, check if under maintenance
|
||||||
if ($maintenance) { //maintenance redirect
|
if ($maintenance) { //maintenance redirect
|
||||||
if ($accesseddirectory != "/maintenance.php") {
|
if ($accesseddirectory != "/maintenance.php") {
|
||||||
redirect($url . "/maintenance");
|
redirect($url . "/maintenance");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($banned && !$maintenance) { //ban redirect
|
//step 2, check if user is banned
|
||||||
|
if ($GLOBALS['user']->logged_in && $banned) { //ban redirect
|
||||||
if ($accesseddirectory != "/ban.php" &&
|
if ($accesseddirectory != "/ban.php" &&
|
||||||
$accesseddirectory != "/logout.php") {
|
$accesseddirectory != "/logout.php") {
|
||||||
redirect($url . "/ban");
|
redirect($url . "/ban");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($GLOBALS['user']->logged_in && !$activated && !$banned && !$maintenance) { //activation redirect
|
//step 3, check if user is activated
|
||||||
|
if ($GLOBALS['user']->logged_in && !$activated) { //activation redirect
|
||||||
if ($accesseddirectory != "/activate.php" &&
|
if ($accesseddirectory != "/activate.php" &&
|
||||||
$accesseddirectory != "/logout.php") {
|
$accesseddirectory != "/logout.php") {
|
||||||
redirect($url . "/activate");
|
redirect($url . "/activate");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//step 4, check if 2fa is authenticated
|
||||||
|
if ($GLOBALS['user']->logged_in && !$twofactor) { //2fa redirect
|
||||||
|
if ($accesseddirectory != "/2fa.php") {
|
||||||
|
redirect($url . "/2fa");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
//pages accessible to users who aren't logged in
|
//pages accessible to users who aren't logged in
|
||||||
if (!$GLOBALS['user']->logged_in) { //not logged in
|
if (!$GLOBALS['user']->logged_in) { //not logged in
|
||||||
if ($accesseddomain == "www.".$domain) { //www
|
if ($accesseddomain == "www.".$domain) { //www
|
||||||
|
|
|
||||||
|
|
@ -5260,6 +5260,7 @@ function deleteUser2FA($userid)
|
||||||
$del->bindParam(":uid", $userid, PDO::PARAM_INT);
|
$del->bindParam(":uid", $userid, PDO::PARAM_INT);
|
||||||
$del->execute();
|
$del->execute();
|
||||||
if ($del->rowCount() > 0) {
|
if ($del->rowCount() > 0) {
|
||||||
|
deauth2FAUserSession();
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
|
|
@ -5293,6 +5294,7 @@ function activateUser2FA($userid, $code) //after initializing we make sure it wo
|
||||||
$check = $GLOBALS['pdo']->prepare("UPDATE `google_2fa` SET `validated` = 1 WHERE `userid` = :uid");
|
$check = $GLOBALS['pdo']->prepare("UPDATE `google_2fa` SET `validated` = 1 WHERE `userid` = :uid");
|
||||||
$check->bindParam(":uid", $userid, PDO::PARAM_INT);
|
$check->bindParam(":uid", $userid, PDO::PARAM_INT);
|
||||||
if ($check->execute()) {
|
if ($check->execute()) {
|
||||||
|
auth2FAUserSession();
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -5339,9 +5341,54 @@ function getUser2FAQR($userid)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function isSession2FAUnlocked()
|
||||||
|
{
|
||||||
|
$localuser = $GLOBALS['user']->id;
|
||||||
|
$session = $GLOBALS['user']->sessionCookieID;
|
||||||
|
|
||||||
|
$check = $GLOBALS['pdo']->prepare("SELECT * FROM `sessions` WHERE `twoFactorUnlocked` = 1 AND `id` = :session");
|
||||||
|
$check->bindParam(":session", $session, PDO::PARAM_INT);
|
||||||
|
$check->execute();
|
||||||
|
if ($check->rowCount() > 0 || !is2FAInitialized($localuser)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function auth2FAUserSession()
|
||||||
|
{
|
||||||
|
$session = $GLOBALS['user']->sessionCookieID;
|
||||||
|
|
||||||
|
$check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 1 WHERE `id` = :session");
|
||||||
|
$check->bindParam(":session", $session, PDO::PARAM_INT);
|
||||||
|
if ($check->execute()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function deauth2FAUserSession()
|
||||||
|
{
|
||||||
|
$session = $GLOBALS['user']->sessionCookieID;
|
||||||
|
|
||||||
|
$check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 0 WHERE `id` = :session");
|
||||||
|
$check->bindParam(":session", $session, PDO::PARAM_INT);
|
||||||
|
if ($check->execute()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function attemptSession2FAUnlock($code)
|
||||||
|
{
|
||||||
|
$localuser = $GLOBALS['user']->id;
|
||||||
|
if (!isSession2FAUnlocked()) {
|
||||||
|
if (verify2FACode($localuser, $code)) {
|
||||||
|
auth2FAUserSession();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
function setBlurb($newblurb)
|
function setBlurb($newblurb)
|
||||||
{
|
{
|
||||||
$newblurb = cleanInput($newblurb);
|
$newblurb = cleanInput($newblurb);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue