#3 - Check for 2FA upon "Forgotten Password" request

Not functional yet!
e107inc · Jan 27, 2021 · c3e8058 · c3e8058
1 parent 6bfa19b
commit c3e8058
Show file tree

Hide file tree

Showing 3 changed files with 103 additions and 14 deletions.
diff --git a/e_event.php b/e_event.php
@@ -20,12 +20,18 @@ function config()
 
  $event = array();
 
- // User
+ // User login
  $event[] = array(
  'name' => "user_validlogin", 
  'function' => "init_tfa",
  );
 
+ // User has submitted Forgotten Password form
+ $event[] = array(
+ 'name' => "user_fpw_request", 
+ 'function' => "init_tfa",
+ );
+
  return $event;
 
  }
@@ -37,7 +43,7 @@ function init_tfa($data, $eventname)
  if(e107::getPlugPref('twofactorauth', 'tfa_active'))
  {
  $tfa = new tfa_class();
- $tfa->init($data);
+ $tfa->init($data, $eventname);
  }
  }
 

diff --git a/twofactorauth_class.php b/twofactorauth_class.php
@@ -24,8 +24,22 @@ public function __construct()
  }
  }
 
- public function init($user_id)
+ public function init($data, $eventname)
  {
+ // Login
+ if($eventname == 'user_validlogin')
+ {
+ $user_id = $data; 
+ }
+ // FPW
+ else
+ {
+ // error_log($eventname);
+ // error_log(print_r($data, true));
+ // return false;
+ $user_id = $data["user_id"];
+ }
+
  // Check if 2FA is activated
  if($this->tfaActivated($user_id) == false)
  {
@@ -79,6 +93,10 @@ public function showTotpInputForm($action = 'login', $secret = '')
  $action = 'submit';
  $button_name = "enter-totp-login";
  break;
+ case 'fpw':
+ $action = 'submit';
+ $button_name = "enter-totp-fpw";
+ break;
  case 'enable':
  $action = 'submit';
  $button_name = "enter-totp-enable";
@@ -115,7 +133,7 @@ public function showTotpInputForm($action = 'login', $secret = '')
  return $text; 
  }
 
- public function processLogin($user_id = USERID, $totp)
+ private function verifyTotp($user_id = USERID, $totp)
  {
  $tfa_library = new TwoFactorAuth();
 
@@ -139,15 +157,29 @@ public function processLogin($user_id = USERID, $totp)
  e107::getAdminLog()->addDebug(__LINE__." ".__METHOD__.": The TOTP code that was entered, is correct");
  e107::getAdminLog()->toFile('twofactorauth', 'TwoFactorAuth Debug Information', true);
  }
+ return true;
+ }
+ else
+ {
+ if($this->tfa_debug)
+ {
+ e107::getAdminLog()->addDebug(__LINE__." ".__METHOD__.": The TOTP code that was entered, is INCORRECT");
+ e107::getAdminLog()->toFile('twofactorauth', 'TwoFactorAuth Debug Information', true);
+ }
+ return false; 
+ }
 
+ }
+
+ public function processLogin($user_id = USERID, $totp)
+ {
+ if($this->verifyTotp($user_id, $totp))
+ {
  // Continue processing login 
  $user = e107::user($user_id);
  $ulogin = new userlogin();
  $ulogin->validLogin($user);
 
- //e107::getUser()->validLogin($user);
- //e107::getUserSession()->makeUserCookie($user);
-
  // Get previous page the user was on before logging in. 
  $redirect_to = e107::getSession('2fa')->get('previous_page');
 
@@ -174,15 +206,23 @@ public function processLogin($user_id = USERID, $totp)
  // The entered TOTP is INCORRECT
  else
  {
- if($this->tfa_debug)
- {
- e107::getAdminLog()->addDebug(__LINE__." ".__METHOD__.": The TOTP code that was entered, is INCORRECT");
- e107::getAdminLog()->toFile('twofactorauth', 'TwoFactorAuth Debug Information', true);
- }
  return false; 
  }
  }
 
+ public function processFpw($user_id = USERID, $totp)
+ {
+ if($this->verifyTotp($user_id, $totp))
+ {
+ return true; 
+ }
+ // The entered TOTP is INCORRECT
+ else
+ {
+ return LAN_2FA_INCORRECT_TOTP; 
+ }
+ }
+
  public function processEnable($user_id = USERID, $secret_key, $totp)
  {
  $tfa_library = new TwoFactorAuth();

diff --git a/verify.php b/verify.php
@@ -20,7 +20,8 @@
  exit;
 }
 
-$session_user_id = e107::getSession('2fa')->get('user_id');
+$session_user_id = e107::getSession('2fa')->get('user_id');
+$session_previous_page = e107::getSession('2fa')->get('previous_page');
 
 // No need to access this file directly or when already logged in. 
 if(empty($session_user_id) || USER)
@@ -41,6 +42,16 @@
  exit;
 }
 
+// Check action
+if(strpos($session_previous_page, 'fpw.php') !== false) // PHP 8 - str_contains()
+{
+ $action = 'fpw';
+}
+else
+{
+ $action = 'login';
+}
+
 // Load required files (TwoFactorAuth Library and twofactorauth class)
 // e107_require_once(e_PLUGIN.'twofactorauth/vendor/autoload.php');
 // use \RobThree\Auth\TwoFactorAuth;
@@ -73,14 +84,46 @@
  }
 }
 
+// Process TOTP code and verify against secret key
+if(isset($_POST))
+{
+ // Retrieve user ID from session 
+ $user_id = e107::getSession('2fa')->get('user_id');
+
+ // Set $totp, entered by user
+ $totp = intval($_POST['totp']);
+ $totp = (string) $totp;
+
+ if(isset($_POST['enter-totp-login']))
+ {
+ if(!$tfa_class->processLogin($user_id, $totp))
+ {
+ e107::getMessage()->addError(LAN_2FA_INCORRECT_TOTP); 
+ }
+ }
+
+ if(isset($_POST['enter-totp-fpw']))
+ {
+ if(!$tfa_class->processFpw($user_id, $totp))
+ {
+ e107::getMessage()->addError(LAN_2FA_INCORRECT_TOTP); 
+ }
+ else
+ {
+ return true; 
+ }
+ }
+
+}
+
 // TEMP FOR DEV PURPOSES
 // $secret = e107::getDB()->retrieve('twofactorauth', 'secret_key', "user_id='1'");
 // $correct_totp = $tfa_library->getCode($secret);
 // $text .= $correct_totp; 
 
 // Display form to enter TOTP 
 e107::getMessage()->addInfo(e107::getParser()->toHTML(LAN_2FA_VERIFY_INSTRUCTIONS, true));
-$text .= $tfa_class->showTotpInputForm(); 
+$text .= $tfa_class->showTotpInputForm($action); 
 $text .= '<p class="font-italic">'.LAN_2FA_FALLBACK_INSTRUCTIONS.'</p>';
 
 // Let's render and show it all!