gtoriadotnet
/
fobe-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cleanup twofactor

This commit is contained in:
Austin 2021-11-22 06:18:05 -05:00
parent cbc7186d17
commit ee9631a82d
8 changed files with 177 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
globals/Dependencies/Users/TwoFactor.php Normal file
View File

@ -0,0 +1,159 @@
<?php
/*
Alphaland 2021
*/
namespace Alphaland\Users {
use PDO;
class TwoFactor
{
public static function safeGenerate2FASecret()
{
$secret = "";
do {
$secret = $GLOBALS['authenticator']->createSecret();
$keycheck = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `secret` = :ac");
$keycheck->bindParam(":ac", $secret, PDO::PARAM_STR);
$keycheck->execute();
} while ($keycheck->rowCount() != 0);
return $secret;
}
public static function deauth2FAUserSession()
{
$session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 0 WHERE `id` = :session");
$check->bindParam(":session", $session, PDO::PARAM_INT);
if ($check->execute()) {
return true;
}
return false;
}
public static function deleteUser2FA($userid)
{
$del = $GLOBALS['pdo']->prepare("DELETE FROM `google_2fa` WHERE `userid` = :uid");
$del->bindParam(":uid", $userid, PDO::PARAM_INT);
$del->execute();
if ($del->rowCount() > 0) {
TwoFactor::deauth2FAUserSession();
return true;
}
return false;
}
public static function getUser2FASecret($userid)
{
$code = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `userid` = :uid");
$code->bindParam(":uid", $userid, PDO::PARAM_INT);
$code->execute();
if ($code->rowCount() > 0) {
return $code->fetch(PDO::FETCH_OBJ)->secret;
}
}
public static function verify2FACode($userid, $code)
{
$secret = TwoFactor::getUser2FASecret($userid);
if ($secret) {
if ($GLOBALS['authenticator']->verifyCode($secret, $code, 0)) {
return true;
}
}
return false;
}
public static function is2FAInitialized($userid)
{
$isinit = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `validated` = 1 AND `userid` = :uid");
$isinit->bindParam(":uid", $userid, PDO::PARAM_INT);
$isinit->execute();
if ($isinit->rowCount() > 0) {
return true;
}
return false;
}
public static function auth2FAUserSession()
{
$session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 1 WHERE `id` = :session");
$check->bindParam(":session", $session, PDO::PARAM_INT);
if ($check->execute()) {
return true;
}
return false;
}
public static function activateUser2FA($userid, $code) //after initializing we make sure it works with a first time activation code
{
if(!TwoFactor::is2FAInitialized($userid) &&
TwoFactor::verify2FACode($userid, $code)) {
$check = $GLOBALS['pdo']->prepare("UPDATE `google_2fa` SET `validated` = 1 WHERE `userid` = :uid");
$check->bindParam(":uid", $userid, PDO::PARAM_INT);
if ($check->execute()) {
TwoFactor::auth2FAUserSession();
return true;
}
}
return false;
}
public static function initialize2FA($userid)
{
$check = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `userid` = :uid");
$check->bindParam(":uid", $userid, PDO::PARAM_INT);
$check->execute();
if ($check->rowCount() == 0) {
$username = getUsername($userid);
if ($username) {
$secret = TwoFactor::safeGenerate2FASecret();
$qrcode = $GLOBALS['authenticator']->getQRCodeGoogleUrl($username, $secret, "Alphaland");
$new2fa = $GLOBALS['pdo']->prepare("INSERT INTO `google_2fa`(`userid`, `secret`, `qr`, `whenGenerated`) VALUES (:uid, :secret, :qr, UNIX_TIMESTAMP())");
$new2fa->bindParam(":uid", $userid, PDO::PARAM_INT);
$new2fa->bindParam(":secret", $secret, PDO::PARAM_STR);
$new2fa->bindParam(":qr", $qrcode, PDO::PARAM_STR);
$new2fa->execute();
}
}
}
public static function getUser2FAQR($userid)
{
$qrcode = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `userid` = :uid");
$qrcode->bindParam(":uid", $userid, PDO::PARAM_INT);
$qrcode->execute();
if ($qrcode->rowCount() > 0) {
return $qrcode->fetch(PDO::FETCH_OBJ)->qr;
}
}
public static function isSession2FAUnlocked()
{
$localuser = $GLOBALS['user']->id;
$session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("SELECT * FROM `sessions` WHERE `twoFactorUnlocked` = 1 AND `id` = :session");
$check->bindParam(":session", $session, PDO::PARAM_INT);
$check->execute();
if ($check->rowCount() > 0 || !TwoFactor::is2FAInitialized($localuser)) {
return true;
}
return false;
}
public static function attemptSession2FAUnlock($code)
{
$localuser = $GLOBALS['user']->id;
if (!TwoFactor::isSession2FAUnlocked()) {
if (TwoFactor::verify2FACode($localuser, $code)) {
TwoFactor::auth2FAUserSession();
return true;
}
}
return false;
}
}
}

6
globals/config.php
View File

@ -91,6 +91,7 @@ try
//alphaland specfic dependencies
include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Users/Activation.php";
include "C:/Webserver/nginx/Alphaland/globals/Dependencies/Users/TwoFactor.php";
//authenticator
$authenticator = new PHPGangsta_GoogleAuthenticator();
@ -130,9 +131,12 @@ try
$activated = new Alphaland\Users\Activation();
$activated = $activated::isUserActivated($GLOBALS['user']->id);
$twofactor = new Alphaland\Users\TwoFactor();
$twofactor = $twofactor::isSession2FAUnlocked();
$maintenance = checkIfUnderMaintenance();
$banned = checkIfBanned($GLOBALS['user']->id);
$twofactor = isSession2FAUnlocked();
//step 1, check if under maintenance
if ($maintenance) { //maintenance redirect

151
globals/functions.php
View File

@ -5236,157 +5236,6 @@ function getBC($id) {
//settings portion {
function safeGenerate2FASecret()
{
$secret = "";
while (true) {
$secret = $GLOBALS['authenticator']->createSecret();
$keycheck = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `secret` = :ac");
$keycheck->bindParam(":ac", $secret, PDO::PARAM_STR);
$keycheck->execute();
if ($keycheck->rowCount() == 0) {
break;
}
}
return $secret;
}
function deleteUser2FA($userid)
{
$del = $GLOBALS['pdo']->prepare("DELETE FROM `google_2fa` WHERE `userid` = :uid");
$del->bindParam(":uid", $userid, PDO::PARAM_INT);
$del->execute();
if ($del->rowCount() > 0) {
deauth2FAUserSession();
return true;
}
return false;
}
function getUser2FASecret($userid)
{
$code = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `userid` = :uid");
$code->bindParam(":uid", $userid, PDO::PARAM_INT);
$code->execute();
if ($code->rowCount() > 0) {
return $code->fetch(PDO::FETCH_OBJ)->secret;
}
}
function verify2FACode($userid, $code)
{
$secret = getUser2FASecret($userid);
if ($secret) {
if ($GLOBALS['authenticator']->verifyCode($secret, $code, 0)) {
return true;
}
}
return false;
}
function activateUser2FA($userid, $code) //after initializing we make sure it works with a first time activation code
{
if(!is2FAInitialized($userid) &&
verify2FACode($userid, $code)) {
$check = $GLOBALS['pdo']->prepare("UPDATE `google_2fa` SET `validated` = 1 WHERE `userid` = :uid");
$check->bindParam(":uid", $userid, PDO::PARAM_INT);
if ($check->execute()) {
auth2FAUserSession();
return true;
}
}
return false;
}
function is2FAInitialized($userid)
{
$isinit = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `validated` = 1 AND `userid` = :uid");
$isinit->bindParam(":uid", $userid, PDO::PARAM_INT);
$isinit->execute();
if ($isinit->rowCount() > 0) {
return true;
}
return false;
}
function initialize2FA($userid)
{
$check = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `userid` = :uid");
$check->bindParam(":uid", $userid, PDO::PARAM_INT);
$check->execute();
if ($check->rowCount() == 0) {
$username = getUsername($userid);
if ($username) {
$secret = safeGenerate2FASecret();
$qrcode = $GLOBALS['authenticator']->getQRCodeGoogleUrl($username, $secret, "Alphaland");
$new2fa = $GLOBALS['pdo']->prepare("INSERT INTO `google_2fa`(`userid`, `secret`, `qr`, `whenGenerated`) VALUES (:uid, :secret, :qr, UNIX_TIMESTAMP())");
$new2fa->bindParam(":uid", $userid, PDO::PARAM_INT);
$new2fa->bindParam(":secret", $secret, PDO::PARAM_STR);
$new2fa->bindParam(":qr", $qrcode, PDO::PARAM_STR);
$new2fa->execute();
}
}
}
function getUser2FAQR($userid)
{
$qrcode = $GLOBALS['pdo']->prepare("SELECT * FROM `google_2fa` WHERE `userid` = :uid");
$qrcode->bindParam(":uid", $userid, PDO::PARAM_INT);
$qrcode->execute();
if ($qrcode->rowCount() > 0) {
return $qrcode->fetch(PDO::FETCH_OBJ)->qr;
}
}
function isSession2FAUnlocked()
{
$localuser = $GLOBALS['user']->id;
$session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("SELECT * FROM `sessions` WHERE `twoFactorUnlocked` = 1 AND `id` = :session");
$check->bindParam(":session", $session, PDO::PARAM_INT);
$check->execute();
if ($check->rowCount() > 0 || !is2FAInitialized($localuser)) {
return true;
}
return false;
}
function auth2FAUserSession()
{
$session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 1 WHERE `id` = :session");
$check->bindParam(":session", $session, PDO::PARAM_INT);
if ($check->execute()) {
return true;
}
return false;
}
function deauth2FAUserSession()
{
$session = $GLOBALS['user']->sessionCookieID;
$check = $GLOBALS['pdo']->prepare("UPDATE `sessions` SET `twoFactorUnlocked` = 0 WHERE `id` = :session");
$check->bindParam(":session", $session, PDO::PARAM_INT);
if ($check->execute()) {
return true;
}
return false;
}
function attemptSession2FAUnlock($code)
{
$localuser = $GLOBALS['user']->id;
if (!isSession2FAUnlocked()) {
if (verify2FACode($localuser, $code)) {
auth2FAUserSession();
}
}
}
function setBlurb($newblurb)
{
$newblurb = cleanInput($newblurb);

6
html/2fa.php
View File

@ -1,12 +1,14 @@
<?php
if (isSession2FAUnlocked()){
$twofactor = new Alphaland\Users\TwoFactor();
if ($twofactor::isSession2FAUnlocked()){
redirect("/");
}
if(isset($_POST['submit_2fa']))
{
attemptSession2FAUnlock($_POST['2fa_code']);
$twofactor::attemptSession2FAUnlock($_POST['2fa_code']);
redirect("/");
}

5
html_api/settings/index.php
View File

@ -10,6 +10,7 @@ header("Access-Control-Allow-Origin: https://www.alphaland.cc");
header("access-control-allow-credentials: true");
header('Content-Type: application/json');
$twofactor = new Alphaland\Users\TwoFactor();
$userid = $user->id;
//user info
@ -27,7 +28,7 @@ $tradepref = null;
$theme = $userquery->theme;
//initialize 2FA in the database if it hasnt been already
initialize2FA($userid);
$twofactor::initialize2FA($userid);
$userInfo = array (
"userid" => $userid,
@ -35,7 +36,7 @@ $userInfo = array (
"email" => $email,
"verified" => $verified,
"blurb" => $blurb,
"twofactorenabled" => is2FAInitialized($userid),
"twofactorenabled" => $twofactor::is2FAInitialized($userid),
"referralprogram" => inReferralProgram($userid),
"joinpref" => $joinpref,
"tradepref" => $tradepref,

3
html_api/settings/twofactor/activate.php
View File

@ -8,6 +8,7 @@ Alphaland 2021
header("Access-Control-Allow-Origin: https://www.alphaland.cc");
header("access-control-allow-credentials: true");
$twofactor = new Alphaland\Users\TwoFactor();
$userid = $user->id;
$data = json_decode(file_get_contents('php://input'));
@ -20,5 +21,5 @@ else
{
$code = $data->code;
header('Content-Type: application/json');
echo json_encode(array("success" => activateUser2FA($userid, $code)));
echo json_encode(array("success" => $twofactor::activateUser2FA($userid, $code)));
}

3
html_api/settings/twofactor/disable.php
View File

@ -9,6 +9,7 @@ header("Access-Control-Allow-Origin: https://www.alphaland.cc");
header("access-control-allow-credentials: true");
header('Content-Type: application/json');
$twofactor = new Alphaland\Users\TwoFactor();
$userid = $user->id;
echo json_encode(array("success" => deleteUser2FA($userid)));
echo json_encode(array("success" => $twofactor::deleteUser2FA($userid)));

3
html_api/settings/twofactor/settings.php
View File

@ -10,6 +10,7 @@ header("Access-Control-Allow-Origin: https://www.alphaland.cc");
header("access-control-allow-credentials: true");
header('Content-Type: application/json');
$twofactor = new Alphaland\Users\TwoFactor();
$userid = $user->id;
die(json_encode(["qr"=>getUser2FAQR($userid),"secret"=>getUser2FASecret($userid)]));
die(json_encode(["qr"=>$twofactor::getUser2FAQR($userid),"secret"=>$twofactor::getUser2FASecret($userid)]));