/* the code above is auto generated do not remove the tag below */
###END_AUTOCODE
+
+ static $authUser = false;
+
function owner()
{
// h embeds images here..
$body = $mime->get();
$headers = $mime->headers($headers);
-
}
-
-
return array(
'recipients' => $recipents,
'headers' => $headers,
'body' => $body
);
-
-
}
*/
function sendTemplate($templateFile, $args)
{
-
$ar = $this->buildMail($templateFile, $args);
-
//print_r($recipents);exit;
$mailOptions = PEAR::getStaticProperty('Mail','options');
$mail = Mail::factory("SMTP",$mailOptions);
error_reporting($oe);
return $ret;
-
}
$sesPrefix = $this->sesPrefix();
+ self::$authUser = false;
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
return false;
$sesPrefix = $this->sesPrefix();
+ if (self::$authUser) {
+ return self::$authUser;
+ }
+
+
if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
// in session...
$a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-
$u = DB_DataObject::factory($this->tableName());
+ $u->autoJoin();
if ($a->id && $u->get($a->id)) { //&& strlen($u->passwd)) {
-
- return $u->verifyAuth(); // got authentication...
-
-
+ if ($u->verifyAuth()) {
+ self::$authUser = $u;
+ return true;
+ }
}
-
unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
setcookie('Pman.timeout', -1, time() + (30*60), '/');
-
+ return false;
}
// http basic auth..
&&
$u->checkPassword($_SERVER['PHP_AUTH_PW'])
) {
+ // logged in via http auth
+
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($u);
+ self::$authUser = $u;
return true;
}
//die("test init");
}
- // local auth -
- $default_admin = false;
- if (!empty($ff->Pman['local_autoauth']) &&
- ($ff->Pman['local_autoauth'] === true) &&
- (!empty($_SERVER['SERVER_ADDR'])) &&
- (
+ $auto_auth_allow = false;
+ if (!empty($ff->Pman['local_autoauth']) && $ff->Pman['local_autoauth'] === true) {
+ $auto_auth_allow = true;
+ }
+ if (
+ (!empty($_SERVER['SERVER_ADDR'])) &&
(
$_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
$_SERVER['REMOTE_ADDR'] == '127.0.0.1'
$_SERVER['SERVER_ADDR'] == '::1' &&
$_SERVER['REMOTE_ADDR'] == '::1'
)
- )
- ) {
+
+ ){
+ $auto_auth_allow = true;
+ }
+
+
+ if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login') {
+ $auto_auth_allow = false;
+ }
+ //var_dump($auto_auth_allow);
+ // local auth -
+ $default_admin = false;
+ if ($auto_auth_allow) {
$group = DB_DataObject::factory('core_group');
$group->get('name', 'Administrators');
$u = DB_DataObject::factory($this->tableName());
$ff = HTML_FlexyFramework::get();
- if (!empty($ff->Pman['local_autoauth']) &&
- (!empty($_SERVER['SERVER_ADDR'])) &&
- (
- (
- $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
- $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
- )
- ||
- (
- $_SERVER['SERVER_ADDR'] == '::1' &&
- $_SERVER['REMOTE_ADDR'] == '::1'
- )
- ) &&
+ if ($auto_auth_allow &&
($default_admin || $u->get('email', $ff->Pman['local_autoauth']))
) {
$user = $default_admin ? $default_admin->toArray() : $u->toArray();
- $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user);
+ // if we request other URLS.. then we get auto logged in..
+ self::$authUser = $u;
+ //$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user);
return true;
}
}
}
if (!$n){ // authenticated as there are no users in the system...
- return true;
+ return true;
}
-
- return false;
+ return false;
}
//var_dump(array(get_class($this),$sesPrefix .'-auth'));
- if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
- $a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-
- $u = DB_DataObject::factory($this->tableName()); // allow extending this ...
- $u->autoJoin();
- if ($u->get($a->id)) { /// && strlen($u->passwd)) { // should work out the pid .. really..
-
+ if (self::$authUser) {
+
+ if (isset($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
$_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = time() + (30*60); // eg. 30 minutes
setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
-
- $user = clone ($u);
- return clone($user);
-
}
- unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
- unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
- setcookie('Pman.timeout', -1, time() + (30*60), '/');
+
+ return = clone (self::$authUser);
+
}
}
- if (isset( $_SESSION[get_class($this)][$sesPrefix .'-empty'] ) && $_SESSION[get_class($this)][$sesPrefix .'-empty'] < 1) {
+ if (
+ isset( $_SESSION[get_class($this)][$sesPrefix .'-empty'] ) &&
+ $_SESSION[get_class($this)][$sesPrefix .'-empty'] < 1
+ ) {
// fake person - open system..
//$ce = DB_DataObject::factory('core_enum');
//var_dump(array(get_class($this),$sesPrefix .'-auth'));
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$d);
+
+ self::$authUser = $p;
// ensure it's written so that ajax calls can fetch it..
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
+ self::$authUser = false;
+
}
function genPassKey ($t)
{
function checkTwoFactorAuthentication($val)
{
+
+
+ // also used in login
require_once 'System.php';
+ if(
+ empty($this->id) ||
+ empty($this->oath_key)
+ ) {
+ return false;
+ }
+
$oathtool = System::which('oathtool');
if (!$oathtool) {
return false;
}
- $cmd = "{$oathtool} --totp --base32 {$this->oath_key}";
+ $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
$password = exec($cmd);
$aur['dailykey'] = '';
$aur['oath_key'] = '';
+ $aur['oath_key_enable'] = !empty($this->oath_key);
+ $aur['require_oath'] = 1;
+
+ $s = DB_DataObject::Factory('core_setting');
+ $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+ $aur['require_oath'] = $oath_require ? $oath_require->val : 0;
return $aur;
}
function applyFilters($q, $au, $roo)
{
//DB_DataObject::DebugLevel(1);
+ if(!empty($q['_to_qr_code'])){
+ $person = DB_DataObject::factory('Core_person');
+ $person->id = $q['id'];
+
+ if(!$person->find(true)) {
+ $roo->jerr('_invalid_person');
+ }
+
+ $hash = $this->generateOathKey();
+
+ $_SESSION[__CLASS__] =
+ isset($_SESSION[__CLASS__]) ?
+ $_SESSION[__CLASS__] : array();
+ $_SESSION[__CLASS__]['oath'] =
+ isset($_SESSION[__CLASS__]['oath']) ?
+ $_SESSION[__CLASS__]['oath'] : array();
+
+ $_SESSION[__CLASS__]['oath'][$person->id] = $hash;
+
+ $qrcode = $person->generateQRCode($hash);
+
+ if(empty($qrcode)){
+ $roo->jerr('Fail to generate QR Code');
+ }
+
+ $roo->jok($qrcode);
+ }
+
+ if(!empty($q['two_factor_auth_code'])) {
+ $person = DB_DataObject::factory('core_person');
+ $person->get($q['id']);
+ $o = clone($person);
+ $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
+
+ if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
+ $person->update($o);
+ unset($_SESSION[__CLASS__]['oath'][$person->id]);
+ $roo->jok('DONE');
+ }
+
+ $roo->jerr('_invalid_auth_code');
+ }
+
+ if(!empty($q['oath_key_disable'])) {
+ $person = DB_DataObject::factory('core_person');
+ $person->get($q['id']);
+
+ $o = clone($person);
+
+ $person->oath_key = '';
+ $person->update($o);
+
+ $roo->jok('DONE');
+ }
if (!empty($q['query']['is_owner'])) {
$this->whereAdd(" join_company_id_id.comptype = 'OWNER'");
// list all staff who are not in a group.
$this->whereAdd("{$this->tableName()}.id NOT IN (
SELECT distinct(user_id) FROM $tn_gm LEFT JOIN
- $tn_g ON $tn_g.id = $tn_gm.group_id
- WHERE $tn_g.type = ".$q['query']['type']."
- )");
-
+ $tn_g ON $tn_g.id = $tn_gm.group_id)");
} else {
");
}
- $cgm = DB_DataObject::Factory('core_group_member')->tableName();
-
- $this->selectAdd("
- (
- SELECT GROUP_CONCAT({$cgm}.group_id)
- FROM
- {$cgm}
- WHERE
- {$cgm}.user_id = {$this->tableName()}.id
- ) AS membership_list
-
- ");
-
}
$this->setFrom($ar);
if(!empty($ar['_enable_oath_key'])){
- $this->generateOathKey();
+ $oath_key = $this->generateOathKey();
}
if (!empty($ar['passwd1'])) {
}
$c->find(true);
$this->company_id = $c->id;
+ $this->email = trim($this->email);
}
return $sesPrefix;
}
- function loginPublic()
+ function loginPublic() // used where???
{
$this->isAuth(); // force session start..
function beforeUpdate($old, $q, $roo)
{
-
-
- if(!empty($q['_generate_oath_key'])){
- $o = clone($this);
- $this->generateOathKey();
- $this->update($o);
- $roo->jok('OK');
- }
-
- if(!empty($q['_to_qr_code'])){
- $qrcode = $this->generateQRCode();
-
- if(empty($qrcode)){
- $roo->jerr('Fail to generate QR Code');
- }
-
- $roo->jok($qrcode);
- }
-
- if(!empty($q['membership_list'])){
-
-
- if ($roo->authUser->id == $old->id) {
- // you are editing yourself...
-
- // if was admin before....
- // -if new membership does not icnlude admin id
- // -- then show error
-
-
- }
-
-
-
-
-
- $x = PDO_DataObject::factory('core_group_member');
- $x->select('group_id');
- $x->user_id = $q['id'];
-
- $ar = $x->fetchAll('group_id');
-
- $group_id_arr = explode(",", $q['membership_list']);
-
- $result_del = array_diff($ar, $group_id_arr);
-
- // check if id needs to be deleted
- if(!empty($result_del)){
- /*
- $x = PDO_DataObject::factory('core_group_member');
- $x->user_id = $q['id'];
- $x->whereAddIn('group_id', $result_del, 'int');
- foreach($x->fetchAll() as $cgm) {
- $cgm->delete();
- }
-
-
- */
- foreach($result_del as $group_id){
- $x = PDO_DataObject::factory('core_group_member');
- $x->user_id = $q['id'];
- $x->group_id = $group_id;
- $x->find(true);
- $x->delete();
- }
- }
-
- $result_add = array_diff($group_id_arr, $ar);
-
-
- // insert data into core_person_member...
- //PDO_DataObject::Factory('coremytable_group_member')->set([ 'group_id' => 'test', 'user_id' => "{$this->tableName()}.id"])->insert();
- if(!empty($result_add)){
- foreach($result_add as $gid){
- PDO_DataObject::Factory('core_group_member')->set(array(
- 'group_id'=> $gid,
- 'user_id' => $q['id']
- ))->insert();
- }
- }
- }
+ $this->email = trim($this->email);
}
function generateOathKey()
{
- $hex = bin2hex(openssl_random_pseudo_bytes(10));
-
require 'Base32.php';
$base32 = new Base32();
- $this->oath_key = $base32->base32_encode($hex);
-
- return $this->oath_key;
-
+ return $base32->base32_encode(bin2hex(openssl_random_pseudo_bytes(10)));
}
- function generateQRCode()
+ function generateQRCode($hash)
{
- if(empty($this->oath_key)){
+ if(
+ empty($this->email) &&
+ empty($hash)
+ ){
return false;
}
- $issuer = (empty($this->name)) ? rawurlencode('ROOJS') : rawurlencode($this->name);
+ $issuer = (empty($this->name)) ?
+ rawurlencode('ROOJS') : rawurlencode($this->name);
- $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$this->oath_key}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
+ $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$hash}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
require_once 'Image/QRCode.php';
projects / Pman.Core / blobdiff