Misterzym
/
CodeIgniter-Aauth
mirror of https://github.com/misterzym/CodeIgniter-Aauth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #1 from emreakay/master 

pull to manebit 2.4.5
develop
David Meyer 10 years ago
parent
12d01e609f 349bcad1a6
commit
de99e5115e
9 changed files with 744 additions and 229 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      README.md
  2. 188
      application/config/aauth.php
  3. 208
      application/helpers/googleauthenticator_helper.php
  4. 5
      application/language/english/aauth_lang.php
  5. 56
      application/language/french/aauth_lang.php
  6. 56
      application/language/spanish/aauth_lang.php
  7. 287
      application/libraries/Aauth.php
  8. 13
      sql/Aauth_v2.sql

6
README.md
Unescape View File

@ -1,5 +1,8 @@
![CodeIgniter-Aauth-Logo](https://cloud.githubusercontent.com/assets/2417212/8925689/add409ea-34be-11e5-8e50-845da8f5b1b0.png)
*** ***
Aauth is a User Authorization Library for CodeIgniter 2.x, which aims to make easy some essential jobs such as login, permissions and access operations. Despite its ease of use, it has also very advanced features like private messages, groupping, access management, and public access. Aauth is a User Authorization Library for CodeIgniter 2.x and 3.x, which aims to make easy some essential jobs such as login, permissions and access operations. Despite its ease of use, it has also very advanced features like private messages, groupping, access management, and public access.
**This is Quick Start page. You can also take a look at the [detailed Documentation Wiki](https://github.com/emreakay/CodeIgniter-Aauth/wiki/_pages) to learn about other great Features** **This is Quick Start page. You can also take a look at the [detailed Documentation Wiki](https://github.com/emreakay/CodeIgniter-Aauth/wiki/_pages) to learn about other great Features**
@ -25,6 +28,7 @@ Aauth is a User Authorization Library for CodeIgniter 2.x, which aims to make ea
* Login DDoS Protection * Login DDoS Protection
* Updated functions (check documentation for details) * Updated functions (check documentation for details)
* Bugs fixes * Bugs fixes
* TOTP (Time-based One-time Password)
### Migration ### Migration
*** ***

188
application/config/aauth.php
Unescape View File

@ -1,79 +1,129 @@
<?php if (!defined('BASEPATH')) exit('No direct script access allowed'); <?php
defined('BASEPATH') OR exit('No direct script access allowed');
/* /*
| ------------------------------------------------------------------- | -------------------------------------------------------------------
| Aauth Config | Aauth Config
| ------------------------------------------------------------------- | -------------------------------------------------------------------
| A library Basic Authorization for CodeIgniter 2.x | A library Basic Authorization for CodeIgniter 2+
|
| -------------------------------------------------------------------
| EXPLANATION
| -------------------------------------------------------------------
|
| See http://codeigniter-aauth-test.readthedocs.org/en/latest/
| for more details and explainations
|
|
| ['no_permission'] If user don't have permisssion to see the page he will be redirected the page spesificed.
|
| ['admin_group'] Name of admin group
| ['default_group'] Name of default group, the new user is added in it
| ['public_group'] Public group , people who not logged in
|
| ['db_profile'] The configuration database profile (see config/database.php)
|
| ['users'] The table which contains users
| ['groups'] The table which contains groups
| ['user_to_group'] The table which contains join of users and groups
| ['perms'] The table which contains permissions
| ['perm_to_group'] The table which contains permissions for groups
| ['perm_to_user'] The table which contains permissions for users
| ['pms'] The table which contains private messages
| ['system_variables'] The table which contains Aauth system variables
| ['user_variables'] The table which contains users variables
|
| ['remember'] Remember time elapsed after connecting and automatic LogOut
|
| ['max'] Maximum char long for Password
| ['min'] Minimum char long for Password
|
| ['valid_chars'] Valid chars for username. Non alphanumeric characters that are allowed by default
|
| ['ddos_protection'] If it is true, the user will be banned temporary when he exceed the login 'try'
|
| ['recaptcha_active'] Enable reCAPTCHA (see www.google.com/recaptcha/admin)
| ['recaptcha_login_attempts'] :
| ['recaptcha_siteKey'] The reCAPTCHA siteKey
| ['recaptcha_secret'] The reCAPTCHA secretKey
|
| ['totp_active'] The Time-based One-time Password Algorithm
| ['totp_only_on_ip_change'] TOTP only on IP Change
| ['totp_reset_over_reset_password'] TOTP reset over reset Password
|
| ['max_login_attempt'] Login attempts time interval (default 20 times in one hour)
|
| ['login_with_name'] Login Identificator, if TRUE username needed to login else email address.
|
| ['use_cookies'] FALSE only on CI3
|
| ['email'] Sender email address, used for remind_password, send_verification and reset_password
| ['name'] Sender name, used for remind_password, send_verification and reset_password
|
| ['verification'] User Verification, if TRUE sends a verification email on account creation.
| ['verification_link'] Link for verification without site_url or base_url
| ['reset_password_link'] Link for reset_password without site_url or base_url
|
| ['hash'] Name of selected hashing algorithm (e.g. "md5", "sha256", "haval160,4", etc..)
| Please, run hash_algos() for know your all supported algorithms
|
*/ */
$config_aauth = array();
$config_aauth["default"] = array(
'no_permission' => FALSE,
'admin_group' => 'admin',
'default_group' => 'default',
'public_group' => 'public',
'db_profile' => 'default',
'users' => 'aauth_users',
'groups' => 'aauth_groups',
'user_to_group' => 'aauth_user_to_group',
'perms' => 'aauth_perms',
'perm_to_group' => 'aauth_perm_to_group',
'perm_to_user' => 'aauth_perm_to_user',
'pms' => 'aauth_pms',
'system_variables' => 'aauth_system_variables',
'user_variables' => 'aauth_user_variables',
'remember' => ' +3 days',
'max' => 13,
'min' => 5,
'valid_chars' => array(),
'ddos_protection' => true,
'recaptcha_active' => false,
'recaptcha_login_attempts' => 4,
'recaptcha_siteKey' => '',
'recaptcha_secret' => '',
'totp_active' => false,
'totp_only_on_ip_change' => false,
'totp_reset_over_reset_password' => false,
'max_login_attempt' => 10,
'login_with_name' => false,
'use_cookies' => true,
'email' => 'admin@admin.com',
'name' => 'Emre Akay',
'verification' => false,
'verification_link' => '/account/verification/',
'reset_password_link' => '/account/reset_password/',
'hash' => 'sha256'
);
// Config variables $config['aauth'] = $config_aauth['default'];
// if user don't have permisssion to see the page he will be
// redirected the page spesificed below
$config['aauth']['no_permission'] = '/';
//name of admin group
$config['aauth']['admin_group'] = 'admin';
//name of default group, the new user is added in it
$config['aauth']['default_group'] = 'default';
// public group , people who not logged in
$config['aauth']['public_group'] = 'public';
// The table which contains users
$config['aauth']['db_profile'] = 'default';
$config['aauth']['users'] = 'aauth_users';
// the group table
$config['aauth']['groups'] = 'aauth_groups';
//
$config['aauth']['user_to_group'] = 'aauth_user_to_group';
// permitions
$config['aauth']['perms'] = 'aauth_perms';
// perms to group
$config['aauth']['perm_to_group'] = 'aauth_perm_to_group';
// perms to group
$config['aauth']['perm_to_user'] = 'aauth_perm_to_user';
// pm table
$config['aauth']['pms'] = 'aauth_pms';
// system variables
$config['aauth']['system_variables'] = 'aauth_system_variables';
// user variables
$config['aauth']['user_variables'] = 'aauth_user_variables';
// remember time
$config['aauth']['remember'] = ' +3 days';
// pasword maximum char long (min is 4)
$config['aauth']['max'] = 13;
// non alphanumeric characters that are allowed in a name
$config['aauth']['valid_chars'] = array(' ', '\'');
// ddos protection,
//if it is true, the user will be banned temporary when he exceed the login 'try'
$config['aauth']['ddos_protection'] = true;
$config['aauth']['recaptcha_active'] = false;
$config['aauth']['recaptcha_login_attempts'] = 4;
$config['aauth']['recaptcha_siteKey'] = '';
$config['aauth']['recaptcha_secret'] = '';
// login attempts time interval
// default 20 times in one hour
$config['aauth']['max_login_attempt'] = 10;
// to register email verifitaion need? true / false
$config['aauth']['verification'] = false;
$config['aauth']['login_with_name'] = false;
// system email.
$config['aauth']['email'] = 'admin@admin.com';
$config['aauth']['name'] = 'Emre Akay';
// Link for verification without site_url or base_url
$config['aauth']['verification_link'] = '/account/verification/';
// Link for reset_password without site_url or base_url
$config['aauth']['reset_password_link'] = '/account/reset_password/';
/* End of file aauth.php */ /* End of file aauth.php */
/* Location: ./application/config/aauth.php */ /* Location: ./application/config/aauth.php */

208
application/helpers/googleauthenticator_helper.php
Unescape View File

@ -0,0 +1,208 @@
<?php
/**
* PHP Class for handling Google Authenticator 2-factor authentication
*
* @author Michael Kliewe
* @copyright 2012 Michael Kliewe
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
* @link http://www.phpgangsta.de/
*/
class PHPGangsta_GoogleAuthenticator
{
protected $_codeLength = 6;
/**
* Create new secret.
* 16 characters, randomly chosen from the allowed base32 characters.
*
* @param int $secretLength
* @return string
*/
public function createSecret($secretLength = 16)
{
$validChars = $this->_getBase32LookupTable();
unset($validChars[32]);
$secret = '';
for ($i = 0; $i < $secretLength; $i++) {
$secret .= $validChars[array_rand($validChars)];
}
return $secret;
}
/**
* Calculate the code, with given secret and point in time
*
* @param string $secret
* @param int|null $timeSlice
* @return string
*/
public function getCode($secret, $timeSlice = null)
{
if ($timeSlice === null) {
$timeSlice = floor(time() / 30);
}
$secretkey = $this->_base32Decode($secret);
// Pack time into binary string
$time = chr(0).chr(0).chr(0).chr(0).pack('N*', $timeSlice);
// Hash it with users secret key
$hm = hash_hmac('SHA1', $time, $secretkey, true);
// Use last nipple of result as index/offset
$offset = ord(substr($hm, -1)) & 0x0F;
// grab 4 bytes of the result
$hashpart = substr($hm, $offset, 4);
// Unpak binary value
$value = unpack('N', $hashpart);
$value = $value[1];
// Only 32 bits
$value = $value & 0x7FFFFFFF;
$modulo = pow(10, $this->_codeLength);
return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
}
/**
* Get QR-Code URL for image, from google charts
*
* @param string $name
* @param string $secret
* @param string $title
* @return string
*/
public function getQRCodeGoogleUrl($name, $secret, $title = null) {
$urlencoded = urlencode('otpauth://totp/'.$name.'?secret='.$secret.'');
if(isset($title)) {
$urlencoded .= urlencode('&issuer='.urlencode($title));
}
return 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl='.$urlencoded.'';
}
/**
* Check if the code is correct. This will accept codes starting from $discrepancy*30sec ago to $discrepancy*30sec from now
*
* @param string $secret
* @param string $code
* @param int $discrepancy This is the allowed time drift in 30 second units (8 means 4 minutes before or after)
* @param int|null $currentTimeSlice time slice if we want use other that time()
* @return bool
*/
public function verifyCode($secret, $code, $discrepancy = 1, $currentTimeSlice = null)
{
if ($currentTimeSlice === null) {
$currentTimeSlice = floor(time() / 30);
}
for ($i = -$discrepancy; $i <= $discrepancy; $i++) {
$calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
if ($calculatedCode == $code ) {
return true;
}
}
return false;
}
/**
* Set the code length, should be >=6
*
* @param int $length
* @return PHPGangsta_GoogleAuthenticator
*/
public function setCodeLength($length)
{
$this->_codeLength = $length;
return $this;
}
/**
* Helper class to decode base32
*
* @param $secret
* @return bool|string
*/
protected function _base32Decode($secret)
{
if (empty($secret)) return '';
$base32chars = $this->_getBase32LookupTable();
$base32charsFlipped = array_flip($base32chars);
$paddingCharCount = substr_count($secret, $base32chars[32]);
$allowedValues = array(6, 4, 3, 1, 0);
if (!in_array($paddingCharCount, $allowedValues)) return false;
for ($i = 0; $i < 4; $i++){
if ($paddingCharCount == $allowedValues[$i] &&
substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) return false;
}
$secret = str_replace('=','', $secret);
$secret = str_split($secret);
$binaryString = "";
for ($i = 0; $i < count($secret); $i = $i+8) {
$x = "";
if (!in_array($secret[$i], $base32chars)) return false;
for ($j = 0; $j < 8; $j++) {
$x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
}
$eightBits = str_split($x, 8);
for ($z = 0; $z < count($eightBits); $z++) {
$binaryString .= ( ($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48 ) ? $y:"";
}
}
return $binaryString;
}
/**
* Helper class to encode base32
*
* @param string $secret
* @param bool $padding
* @return string
*/
protected function _base32Encode($secret, $padding = true)
{
if (empty($secret)) return '';
$base32chars = $this->_getBase32LookupTable();
$secret = str_split($secret);
$binaryString = "";
for ($i = 0; $i < count($secret); $i++) {
$binaryString .= str_pad(base_convert(ord($secret[$i]), 10, 2), 8, '0', STR_PAD_LEFT);
}
$fiveBitBinaryArray = str_split($binaryString, 5);
$base32 = "";
$i = 0;
while ($i < count($fiveBitBinaryArray)) {
$base32 .= $base32chars[base_convert(str_pad($fiveBitBinaryArray[$i], 5, '0'), 2, 10)];
$i++;
}
if ($padding && ($x = strlen($binaryString) % 40) != 0) {
if ($x == 8) $base32 .= str_repeat($base32chars[32], 6);
elseif ($x == 16) $base32 .= str_repeat($base32chars[32], 4);
elseif ($x == 24) $base32 .= str_repeat($base32chars[32], 3);
elseif ($x == 32) $base32 .= $base32chars[32];
}
return $base32;
}
/**
* Get array with all 32 characters for decoding from/encoding to base32
*
* @return array
*/
protected function _getBase32LookupTable()
{
return array(
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
'=' // padding char
);
}
}

5
application/language/english/aauth_lang.php
Unescape View File

@ -25,6 +25,9 @@ $lang['aauth_error_email_invalid'] = 'Invalid e-mail address';
$lang['aauth_error_password_invalid'] = 'Invalid password'; $lang['aauth_error_password_invalid'] = 'Invalid password';
$lang['aauth_error_username_invalid'] = 'Invalid Username'; $lang['aauth_error_username_invalid'] = 'Invalid Username';
$lang['aauth_error_username_required'] = 'Username required'; $lang['aauth_error_username_required'] = 'Username required';
$lang['aauth_error_totp_code_required'] = 'TOTP Code required';
$lang['aauth_error_totp_code_invalid'] = 'Invalid TOTP Code';
// Account update errors // Account update errors
$lang['aauth_error_update_email_exists'] = 'Email address already exists on the system. Please enter a different email address.'; $lang['aauth_error_update_email_exists'] = 'Email address already exists on the system. Please enter a different email address.';
@ -35,10 +38,10 @@ $lang['aauth_error_update_username_exists'] = "Username already exists on the sy
$lang['aauth_error_no_access'] = 'Sorry, you do not have access to the resource you requested.'; $lang['aauth_error_no_access'] = 'Sorry, you do not have access to the resource you requested.';
$lang['aauth_error_login_failed_email'] = 'E-mail Address and Password do not match.'; $lang['aauth_error_login_failed_email'] = 'E-mail Address and Password do not match.';
$lang['aauth_error_login_failed_name'] = 'Username and Password do not match.'; $lang['aauth_error_login_failed_name'] = 'Username and Password do not match.';
$lang['aauth_error_login_failed_all'] = 'E-mail, Username or Password do not match.';
$lang['aauth_error_login_attempts_exceeded'] = 'You have exceeded your login attempts, your account has now been locked.'; $lang['aauth_error_login_attempts_exceeded'] = 'You have exceeded your login attempts, your account has now been locked.';
$lang['aauth_error_recaptcha_not_correct'] = 'Sorry, the reCAPTCHA text entered was incorrect.'; $lang['aauth_error_recaptcha_not_correct'] = 'Sorry, the reCAPTCHA text entered was incorrect.';
// Misc. errors // Misc. errors
$lang['aauth_error_no_user'] = 'User does not exist'; $lang['aauth_error_no_user'] = 'User does not exist';
$lang['aauth_error_account_not_verified'] = 'Your account has not been verified. Please check your e-mail and verify your account.'; $lang['aauth_error_account_not_verified'] = 'Your account has not been verified. Please check your e-mail and verify your account.';

56
application/language/french/aauth_lang.php
Unescape View File

@ -0,0 +1,56 @@
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/* E-mail Messages */
// Account verification
$lang['aauth_email_verification_subject'] = 'Vérification de Compte';
$lang['aauth_email_verification_code'] = 'Votre code de vérification est: ';
$lang['aauth_email_verification_text'] = " Vous pouvez également cliquer sur (ou copier coller) le lien suivant.\n\n";
// Password reset
$lang['aauth_email_reset_subject'] = 'Réinitialiser le mot de passe';
$lang['aauth_email_reset_text'] = "Pour réinitialiser votre mot de passe cliquez sur (ou copiez collez dans la barre d'adresse de votre navigateur) le lien ci-dessous:\n\n";
// Password reset success
$lang['aauth_email_reset_success_subject'] = "Réinitialisation de mot de passe réussie";
$lang['aauth_email_reset_success_new_password'] = "Votre mot de passe a été réinitialisé avec succès. Votre nouveau mot de passe est: ";
/* Error Messages */
// Account creation errors
$lang['aauth_error_email_exists'] = "Cette adresse email est déjà utilisée. Si vous avez oublié votre mot de passe cliquez sur le lien ci-dessous.";
$lang['aauth_error_username_exists'] = "Un compte avec ce nom d'utilisateur existe déjà. Merci de renseigner un nom d'utilisateur différent. Si vous avez oublié votre mot de passe cliquez sur le lien ci-dessous.";
$lang['aauth_error_email_invalid'] = "Adresse email invalide";
$lang['aauth_error_password_invalid'] = "Mot de passe invalide";
$lang['aauth_error_username_invalid'] = "Nom d'utilisateur invalide";
$lang['aauth_error_username_required'] = "Nom d'utilisateur requis";
$lang['aauth_error_totp_code_required'] = "Code TOTP requis";
$lang['aauth_error_totp_code_invalid'] = "Code TOTP invalide";
// Account update errors
$lang['aauth_error_update_email_exists'] = "Cette adresse email est déjà utilisée. Merci de renseigner une adresse email différente.";
$lang['aauth_error_update_username_exists'] = "Ce nom d'utilisateur est déjà utilisé. Merci de renseigner un nom d'utilisateur différent.";
// Access errors
$lang['aauth_error_no_access'] = "Désolé, vous n'avez pas accès à cette ressource.";
$lang['aauth_error_login_failed_email'] = "L'adresse email et le mot de passe ne correspondent pas.";
$lang['aauth_error_login_failed_name'] = "Le nom d'utilisateur et le mot de passe ne correspondent pas.";
$lang['aauth_error_login_failed_all'] = "L'adresse email, le nom d'utilisateur ou le mot de passe ne correspondent pas.";
$lang['aauth_error_login_attempts_exceeded'] = "Vous avez dépassé le nombre de tentatives de connexion autorisées, votre compte a été bloqué.";
$lang['aauth_error_recaptcha_not_correct'] = 'Désolé, le texte renseigné pour le reCAPTCHA est incorrect.';
// Misc. errors
$lang['aauth_error_no_user'] = "L'utilisateur n'existe pas.";
$lang['aauth_error_account_not_verified'] = "Votre compte n'a pas été confirmé. Merci de vérifier vos email et de confirmer votre compte.";
$lang['aauth_error_no_group'] = "Le groupe n'existe pas";
$lang['aauth_error_self_pm'] = "Il impossible de vous envoyer un message à vous-même.";
$lang['aauth_error_no_pm'] = "Message privé introuvable";
/* Info messages */
$lang['aauth_info_already_member'] = "L'utilisateur est déjà membre de ce groupe";
$lang['aauth_info_group_exists'] = "Ce nom de groupe existe déjà";
$lang['aauth_info_perm_exists'] = "Ce nom de permission existe déjà";

56
application/language/spanish/aauth_lang.php
Unescape View File

@ -0,0 +1,56 @@
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/* E-mail Messages */
// Account verification
$lang['aauth_email_verification_subject'] = 'Verificación de Cuenta';
$lang['aauth_email_verification_code'] = 'Tu código de verificación es: ';
$lang['aauth_email_verification_text'] = " También puedes hacer click (o copia y pega en tu navegador) en el siguiente link. \n\n";
// Password reset
$lang['aauth_email_reset_subject'] = 'Reiniciar contraseña';
$lang['aauth_email_reset_text'] = "Para reiniciar la contraseña click (o copia y pega en tu navegador) el siguiente link:\n\n";
// Password reset success
$lang['aauth_email_reset_success_subject'] = 'Constraseña reiniciada exitosamente';
$lang['aauth_email_reset_success_new_password'] = 'Tu contraseña ha sido correctamente reiniciada. Tu nueva contraseña es : ';
/* Error Messages */
// Account creation errors
$lang['aauth_error_email_exists'] = 'El correo electrónico ya existe. Si olvidaste tu contraseña, puedes hacer click en el siguiente link.';
$lang['aauth_error_username_exists'] = "Ya existe una cuenta con ese nombre de usuario. Por favor ingrese un nombre de usuario diferente, o si olvidaste tu contraseña puedes hacer click en el siguiente link.";
$lang['aauth_error_email_invalid'] = 'Correo electrónico inválido';
$lang['aauth_error_password_invalid'] = 'Contraseña invalida';
$lang['aauth_error_username_invalid'] = 'Nombre de usuario invalido';
$lang['aauth_error_username_required'] = 'Nombre de usuario obligatorio';
$lang['aauth_error_totp_code_required'] = 'El código TOTP es obligatorio';
$lang['aauth_error_totp_code_invalid'] = 'Código TOTP obligatorio';
// Account update errors
$lang['aauth_error_update_email_exists'] = 'El correo electrónico ya existe, por favor ingresa un correo electrónico diferente.';
$lang['aauth_error_update_username_exists'] = "El nombre de usuario ya existe, por favor ingresa un nombre de usuario diferente.";
// Access errors
$lang['aauth_error_no_access'] = 'Ups, lo siento, no tienes permiso para ver el recurso solicitado.';
$lang['aauth_error_login_failed_email'] = 'El Correo electrónico y contraseña no coinciden.';
$lang['aauth_error_login_failed_name'] = 'El Nombre de usuario y contraseña no coinciden.';
$lang['aauth_error_login_failed_all'] = 'El Correo electrónico, nombre de usuario y contraseña no coinciden.';
$lang['aauth_error_login_attempts_exceeded'] = 'Has excedido el número de intentos de inicio de sesión, tu cuenta ha sido bloqueada.';
$lang['aauth_error_recaptcha_not_correct'] = 'Ups, El texto ingresado es incorrecto.';
// Misc. errors
$lang['aauth_error_no_user'] = 'El usuario no existe.';
$lang['aauth_error_account_not_verified'] = 'Tu cuenta aún no ha sido verificada, por favor revisa tu correo electrónico y verifica tu cuenta.';
$lang['aauth_error_no_group'] = 'El grupo no existe';
$lang['aauth_error_self_pm'] = 'No es posible enviarte un mensaje a ti mismo.';
$lang['aauth_error_no_pm'] = 'Mensaje privado no encontrado';
/* Info messages */
$lang['aauth_info_already_member'] = 'El usuario ya esta miembro del grupo';
$lang['aauth_info_group_exists'] = 'El nombre del grupo ya existe';
$lang['aauth_info_perm_exists'] = 'El nombre del permiso ya existe';

287
application/libraries/Aauth.php
Unescape View File

@ -13,7 +13,7 @@
* *
* @copyright 2014-2015 Emre Akay * @copyright 2014-2015 Emre Akay
* *
* @version 2.0 * @version 2.4.5
* *
* @license LGPL * @license LGPL
* @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License * @license http://opensource.org/licenses/LGPL-3.0 Lesser GNU Public License
@ -22,7 +22,6 @@
* https://github.com/emreakay/CodeIgniter-Aauth * https://github.com/emreakay/CodeIgniter-Aauth
* *
* @todo separate (on some level) the unvalidated users from the "banned" users * @todo separate (on some level) the unvalidated users from the "banned" users
* @todo add configuration to not use cookies if sessions are enabled.
*/ */
class Aauth { class Aauth {
@ -102,6 +101,7 @@ class Aauth {
$this->CI->load->helper('email'); $this->CI->load->helper('email');
$this->CI->load->helper('language'); $this->CI->load->helper('language');
$this->CI->load->helper('recaptchalib'); $this->CI->load->helper('recaptchalib');
$this->CI->load->helper('googleauthenticator_helper');
$this->CI->lang->load('aauth'); $this->CI->lang->load('aauth');
// config/aauth.php // config/aauth.php
@ -111,8 +111,8 @@ class Aauth {
$this->aauth_db = $this->CI->load->database($this->config_vars['db_profile'], TRUE); $this->aauth_db = $this->CI->load->database($this->config_vars['db_profile'], TRUE);
// load error and info messages from flashdata (but don't store back in flashdata) // load error and info messages from flashdata (but don't store back in flashdata)
$this->errors = $this->CI->session->flashdata('errors'); $this->errors = $this->CI->session->flashdata('errors') ?: array();
$this->infos = $this->CI->session->flashdata('infos'); $this->infos = $this->CI->session->flashdata('infos') ?: array();
} }
@ -129,27 +129,30 @@ class Aauth {
* @param bool $remember * @param bool $remember
* @return bool Indicates successful login. * @return bool Indicates successful login.
*/ */
public function login($identifier, $pass, $remember = FALSE) { public function login($identifier, $pass, $remember = FALSE, $totp_code = NULL) {
if($this->config_vars['use_cookies'] == TRUE){
// Remove cookies first // Remove cookies first
$cookie = array( $cookie = array(
'name' => 'user', 'name' => 'user',
'value' => '', 'value' => '',
'expire' => time()-3600, 'expire' => -3600,
'path' => '/', 'path' => '/',
); );
$this->CI->input->set_cookie($cookie); $this->CI->input->set_cookie($cookie);
}
if( $this->config_vars['login_with_name'] == TRUE){ if( $this->config_vars['login_with_name'] == TRUE){
if( !$identifier OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] )
if( !$identifier OR strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] )
{ {
$this->error($this->CI->lang->line('aauth_error_login_failed_name')); $this->error($this->CI->lang->line('aauth_error_login_failed_name'));
return FALSE; return FALSE;
} }
$db_identifier = 'name'; $db_identifier = 'name';
}else{ }else{
if( !valid_email($identifier) OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ) if( !valid_email($identifier) OR strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] )
{ {
$this->error($this->CI->lang->line('aauth_error_login_failed_email')); $this->error($this->CI->lang->line('aauth_error_login_failed_email'));
return FALSE; return FALSE;
@ -183,13 +186,17 @@ class Aauth {
$query = $this->aauth_db->get($this->config_vars['users']); $query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row(); $row = $query->row();
if($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $row->login_attempts >= $this->config_vars['recaptcha_login_attempts']){ if($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $row->login_attempts >= $this->config_vars['recaptcha_login_attempts']){
if($this->config_vars['use_cookies'] == TRUE){
$reCAPTCHA_cookie = array( $reCAPTCHA_cookie = array(
'name' => 'reCAPTCHA', 'name' => 'reCAPTCHA',
'value' => 'true', 'value' => 'true',
'expire' => time()+7200, 'expire' => 7200,
'path' => '/', 'path' => '/',
); );
$this->CI->input->set_cookie($reCAPTCHA_cookie); $this->CI->input->set_cookie($reCAPTCHA_cookie);
}else{
$this->CI->session->set_tempdata('reCAPTCHA', 'true', 7200);
}
} }
// if user is not verified // if user is not verified
@ -209,11 +216,68 @@ class Aauth {
$query = $this->aauth_db->get($this->config_vars['users']); $query = $this->aauth_db->get($this->config_vars['users']);
if($query->num_rows() == 0){ if($query->num_rows() == 0){
$this->error($this->CI->lang->line('aauth_error_login_failed')); $this->error($this->CI->lang->line('aauth_error_no_user'));
return FALSE; return FALSE;
} }
$user_id = $query->row()->id; $user_id = $query->row()->id;
if($this->config_vars['recaptcha_active']){
if( ($this->config_vars['use_cookies'] == TRUE && $this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') || ($this->config_vars['use_cookies'] == FALSE && $this->CI->session->tempdata('reCAPTCHA') == 'true') ){
$reCaptcha = new ReCaptcha( $this->config_vars['recaptcha_secret']);
$resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") );
if(!$resp->success){
$this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct'));
return FALSE;
}
}
}
if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == FALSE){
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
$totp_secret = $query->row()->totp_secret;
if ($query->num_rows() > 0 AND !$totp_code) {
$this->error($this->CI->lang->line('aauth_error_totp_code_required'));
return FALSE;
}else {
if(!empty($totp_secret)){
$ga = new PHPGangsta_GoogleAuthenticator();
$checkResult = $ga->verifyCode($totp_secret, $totp_code, 0);
if (!$checkResult) {
$this->error($this->CI->lang->line('aauth_error_totp_code_invalid'));
return FALSE;
}
}
}
}
if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == TRUE){
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
$totp_secret = $query->row()->totp_secret;
$ip_address = $query->row()->ip_address;
$current_ip_address = $this->CI->input->ip_address();
if ($query->num_rows() > 0 AND !$totp_code) {
if($ip_address != $current_ip_address ){
$this->error($this->CI->lang->line('aauth_error_totp_code_required'));
return FALSE;
}
}else {
if(!empty($totp_secret)){
if($ip_address != $current_ip_address ){
$ga = new PHPGangsta_GoogleAuthenticator();
$checkResult = $ga->verifyCode($totp_secret, $totp_code, 0);
if (!$checkResult) {
$this->error($this->CI->lang->line('aauth_error_totp_code_invalid'));
return FALSE;
}
}
}
}
}
$query = null; $query = null;
$query = $this->aauth_db->where($db_identifier, $identifier); $query = $this->aauth_db->where($db_identifier, $identifier);
@ -225,18 +289,9 @@ class Aauth {
$query = $this->aauth_db->get($this->config_vars['users']); $query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row(); $row = $query->row();
if($this->CI->input->cookie('reCAPTCHA', TRUE) == 'true'){
$reCaptcha = new ReCaptcha( $this->config_vars['recaptcha_secret']);
$resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") );
if(!$resp->success){
$this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct'));
return FALSE;
}
}
// if email and pass matches and not banned // if email and pass matches and not banned
if ( $query->num_rows() > 0 ) { if ( $query->num_rows() != 0 ) {
// If email and pass matches // If email and pass matches
// create session // create session
@ -257,24 +312,32 @@ class Aauth {
$random_string = random_string('alnum', 16); $random_string = random_string('alnum', 16);
$this->update_remember($row->id, $random_string, $remember_date ); $this->update_remember($row->id, $random_string, $remember_date );
if($this->config_vars['use_cookies'] == TRUE){
$cookie = array( $cookie = array(
'name' => 'user', 'name' => 'user',
'value' => $row->id . "-" . $random_string, 'value' => $row->id . "-" . $random_string,
'expire' => time() + 99*999*999, 'expire' => 99*999*999,
'path' => '/', 'path' => '/',
); );
$this->CI->input->set_cookie($cookie); $this->CI->input->set_cookie($cookie);
}else{
$this->CI->session->set_userdata('remember', $row->id . "-" . $random_string);
}
} }
if($this->config_vars['recaptcha_active']){ if($this->config_vars['recaptcha_active']){
if($this->config_vars['use_cookies'] == TRUE){
$reCAPTCHA_cookie = array( $reCAPTCHA_cookie = array(
'name' => 'reCAPTCHA', 'name' => 'reCAPTCHA',
'value' => 'false', 'value' => 'false',
'expire' => time()-3600, 'expire' => -3600,
'path' => '/', 'path' => '/',
); );
$this->CI->input->set_cookie($reCAPTCHA_cookie); $this->CI->input->set_cookie($reCAPTCHA_cookie);
}else{
$this->CI->session->unset_tempdata('reCAPTCHA');
}
} }
// update last login // update last login
@ -287,7 +350,7 @@ class Aauth {
// if not matches // if not matches
else { else {
$this->error($this->CI->lang->line('aauth_error_login_failed')); $this->error($this->CI->lang->line('aauth_error_login_failed_all'));
return FALSE; return FALSE;
} }
} }
@ -305,6 +368,7 @@ class Aauth {
// cookie control // cookie control
else { else {
if($this->config_vars['use_cookies'] == TRUE){
if( ! $this->CI->input->cookie('user', TRUE) ){ if( ! $this->CI->input->cookie('user', TRUE) ){
return FALSE; return FALSE;
} else { } else {
@ -332,10 +396,39 @@ class Aauth {
} }
} }
} }
}
}else{
if(!isset($_SESSION['remember'])){
return FALSE;
}else{
$session = explode('-', $this->CI->session->userdata('remember'));
if(!is_numeric( $session[0] ) OR strlen($session[1]) < 13 ){return FALSE;}
else{
$query = $this->aauth_db->where('id', $session[0]);
$query = $this->aauth_db->where('remember_exp', $session[1]);
$query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row();
if ($query->num_rows() < 1) {
$this->update_remember($session[0]);
return FALSE;
}else{
if(strtotime($row->remember_time) > strtotime("now") ){
$this->login_fast($session[0]);
return TRUE;
}
// if time is expired
else {
return FALSE;
}
}
} }
} }
}
}
return FALSE; return FALSE;
} }
@ -375,14 +468,15 @@ class Aauth {
*/ */
public function logout() { public function logout() {
if($this->config_vars['use_cookies'] == TRUE){
$cookie = array( $cookie = array(
'name' => 'user', 'name' => 'user',
'value' => '', 'value' => '',
'expire' => time()-3600, 'expire' => -3600,
'path' => '/', 'path' => '/',
); );
$this->CI->input->set_cookie($cookie); $this->CI->input->set_cookie($cookie);
}
return $this->CI->session->sess_destroy(); return $this->CI->session->sess_destroy();
} }
@ -486,6 +580,10 @@ class Aauth {
'pass' => $this->hash_password($pass, $user_id) 'pass' => $this->hash_password($pass, $user_id)
); );
if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_reset_over_reset_password'] == TRUE){
$data['totp_secret'] = NULL;
}
$row = $query->row(); $row = $query->row();
$email = $row->email; $email = $row->email;
@ -615,11 +713,12 @@ class Aauth {
$this->error($this->CI->lang->line('aauth_error_email_exists')); $this->error($this->CI->lang->line('aauth_error_email_exists'));
$valid = FALSE; $valid = FALSE;
} }
if (!valid_email($email)){ $valid_email = (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
if (!$valid_email){
$this->error($this->CI->lang->line('aauth_error_email_invalid')); $this->error($this->CI->lang->line('aauth_error_email_invalid'));
$valid = FALSE; $valid = FALSE;
} }
if ( strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ){ if ( strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] ){
$this->error($this->CI->lang->line('aauth_error_password_invalid')); $this->error($this->CI->lang->line('aauth_error_password_invalid'));
$valid = FALSE; $valid = FALSE;
} }
@ -689,7 +788,8 @@ class Aauth {
$this->error($this->CI->lang->line('aauth_error_update_email_exists')); $this->error($this->CI->lang->line('aauth_error_update_email_exists'));
$valid = FALSE; $valid = FALSE;
} }
if (!valid_email($email)){ $valid_email = (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
if (!$valid_email){
$this->error($this->CI->lang->line('aauth_error_email_invalid')); $this->error($this->CI->lang->line('aauth_error_email_invalid'));
$valid = FALSE; $valid = FALSE;
} }
@ -697,7 +797,7 @@ class Aauth {
} }
if ($pass != FALSE) { if ($pass != FALSE) {
if ( strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ){ if ( strlen($pass) < $this->config_vars['min'] OR strlen($pass) > $this->config_vars['max'] ){
$this->error($this->CI->lang->line('aauth_error_password_invalid')); $this->error($this->CI->lang->line('aauth_error_password_invalid'));
$valid = FALSE; $valid = FALSE;
} }
@ -856,12 +956,10 @@ class Aauth {
* Delete user * Delete user
* Delete a user from database. WARNING Can't be undone * Delete a user from database. WARNING Can't be undone
* @param int $user_id User id to delete * @param int $user_id User id to delete
* @return bool Delete fails/succeeds
*/ */
public function delete_user($user_id) { public function delete_user($user_id) {
$this->aauth_db->where('id', $user_id);
$this->aauth_db->delete($this->config_vars['users']);
// delete from perm_to_user // delete from perm_to_user
$this->aauth_db->where('user_id', $user_id); $this->aauth_db->where('user_id', $user_id);
$this->aauth_db->delete($this->config_vars['perm_to_user']); $this->aauth_db->delete($this->config_vars['perm_to_user']);
@ -873,6 +971,11 @@ class Aauth {
// delete user vars // delete user vars
$this->aauth_db->where('user_id', $user_id); $this->aauth_db->where('user_id', $user_id);
$this->aauth_db->delete($this->config_vars['user_variables']); $this->aauth_db->delete($this->config_vars['user_variables']);
// delete user
$this->aauth_db->where('id', $user_id);
return $this->aauth_db->delete($this->config_vars['users']);
} }
//tested //tested
@ -1042,7 +1145,7 @@ class Aauth {
function hash_password($pass, $userid) { function hash_password($pass, $userid) {
$salt = md5($userid); $salt = md5($userid);
return hash('sha256', $salt.$pass); return hash($this->config_vars['hash'], $salt.$pass);
} }
######################## ########################
@ -1054,9 +1157,10 @@ class Aauth {
* Create group * Create group
* Creates a new group * Creates a new group
* @param string $group_name New group name * @param string $group_name New group name
* @param string $definition Description of the group
* @return int|bool Group id or FALSE on fail * @return int|bool Group id or FALSE on fail
*/ */
public function create_group($group_name, $definition) { public function create_group($group_name, $definition = '') {
$query = $this->aauth_db->get_where($this->config_vars['groups'], array('name' => $group_name)); $query = $this->aauth_db->get_where($this->config_vars['groups'], array('name' => $group_name));
@ -1121,6 +1225,9 @@ class Aauth {
$this->aauth_db->where('group_id', $group_id); $this->aauth_db->where('group_id', $group_id);
$this->aauth_db->delete($this->config_vars['user_to_group']); $this->aauth_db->delete($this->config_vars['user_to_group']);
$this->aauth_db->where('group_id', $group_id);
$this->aauth_db->delete($this->config_vars['perm_to_group']);
$this->aauth_db->where('id', $group_id); $this->aauth_db->where('id', $group_id);
return $this->aauth_db->delete($this->config_vars['groups']); return $this->aauth_db->delete($this->config_vars['groups']);
} }
@ -1339,7 +1446,7 @@ class Aauth {
// deletes from perm_to_user table // deletes from perm_to_user table
$this->aauth_db->where('perm_id', $perm_id); $this->aauth_db->where('perm_id', $perm_id);
$this->aauth_db->delete($this->config_vars['perm_to_group']); $this->aauth_db->delete($this->config_vars['perm_to_user']);
// deletes from permission table // deletes from permission table
$this->aauth_db->where('id', $perm_id); $this->aauth_db->where('id', $perm_id);
@ -1356,24 +1463,36 @@ class Aauth {
*/ */
public function is_allowed($perm_par, $user_id=FALSE){ public function is_allowed($perm_par, $user_id=FALSE){
$perm_id = $this->get_perm_id($perm_par);
if( $user_id == FALSE){ if( $user_id == FALSE){
$user_id = $this->CI->session->userdata('id'); $user_id = $this->CI->session->userdata('id');
} }
if($this->is_admin($user_id))
{
return true;
}
$perm_id = $this->get_perm_id($perm_par);
$query = $this->aauth_db->where('perm_id', $perm_id); $query = $this->aauth_db->where('perm_id', $perm_id);
$query = $this->aauth_db->where('user_id', $user_id); $query = $this->aauth_db->where('user_id', $user_id);
$query = $this->aauth_db->get( $this->config_vars['perm_to_user'] ); $query = $this->aauth_db->get( $this->config_vars['perm_to_user'] );
if( $query->num_rows() > 0){ if( $query->num_rows() > 0){
return TRUE; return TRUE;
} elseif ($this->is_group_allowed($perm_id)) {
return TRUE;
} else { } else {
return FALSE; if( $user_id===FALSE){
return $this->is_group_allowed($perm_id);
} else {
$g_allowed=FALSE;
foreach( $this->get_user_groups($user_id) as $group ){
if ( $this->is_group_allowed($perm_id, $group->id) ){
$g_allowed=TRUE;
}
}
return $g_allowed;
}
} }
} }
/** /**
@ -1547,7 +1666,7 @@ class Aauth {
$query = $this->aauth_db->get($this->config_vars['perms']); $query = $this->aauth_db->get($this->config_vars['perms']);
if ($query->num_rows() == 0) if ($query->num_rows() == 0)
return NULL; return FALSE;
$row = $query->row(); $row = $query->row();
return $row->id; return $row->id;
@ -1602,7 +1721,7 @@ class Aauth {
'receiver_id' => $receiver_id, 'receiver_id' => $receiver_id,
'title' => $title, 'title' => $title,
'message' => $message, 'message' => $message,
'date' => date('Y-m-d H:i:s') 'date_sent' => date('Y-m-d H:i:s')
); );
return $query = $this->aauth_db->insert( $this->config_vars['pms'], $data ); return $query = $this->aauth_db->insert( $this->config_vars['pms'], $data );
@ -1650,11 +1769,12 @@ class Aauth {
if ($query->num_rows() < 1) { if ($query->num_rows() < 1) {
$this->error( $this->CI->lang->line('aauth_error_no_pm') ); $this->error( $this->CI->lang->line('aauth_error_no_pm') );
return FALSE;
} }
if ($set_as_read) $this->set_as_read_pm($pm_id); if ($set_as_read) $this->set_as_read_pm($pm_id);
return $query->result(); return $query->row();
} }
//tested //tested
@ -1683,7 +1803,7 @@ class Aauth {
} }
$query = $this->aauth_db->where('receiver_id', $receiver_id); $query = $this->aauth_db->where('receiver_id', $receiver_id);
$query = $this->aauth_db->where('read', 0); $query = $this->aauth_db->where('date_read', NULL);
$query = $this->aauth_db->get( $this->config_vars['pms'] ); $query = $this->aauth_db->get( $this->config_vars['pms'] );
return $query->num_rows(); return $query->num_rows();
@ -1698,7 +1818,7 @@ class Aauth {
public function set_as_read_pm($pm_id){ public function set_as_read_pm($pm_id){
$data = array( $data = array(
'read' => 1, 'date_read' => date('Y-m-d H:i:s')
); );
$this->aauth_db->update( $this->config_vars['pms'], $data, "id = $pm_id"); $this->aauth_db->update( $this->config_vars['pms'], $data, "id = $pm_id");
@ -1753,17 +1873,9 @@ class Aauth {
* @return array Array of messages, empty array if no errors * @return array Array of messages, empty array if no errors
*/ */
public function get_errors_array() public function get_errors_array()
{
if (!count($this->errors)==0)
{ {
return $this->errors; return $this->errors;
} }
else
{
return array();
}
}
/** /**
* Print Errors * Print Errors
@ -1848,16 +1960,9 @@ class Aauth {
* @return array Array of messages, empty array if no errors * @return array Array of messages, empty array if no errors
*/ */
public function get_infos_array() public function get_infos_array()
{
if (!count($this->infos)==0)
{ {
return $this->infos; return $this->infos;
} }
else
{
return array();
}
}
/** /**
@ -1926,7 +2031,7 @@ class Aauth {
if ($this->get_user_var($key,$user_id) ===FALSE) { if ($this->get_user_var($key,$user_id) ===FALSE) {
$data = array( $data = array(
'key' => $key, 'data_key' => $key,
'value' => $value, 'value' => $value,
'user_id' => $user_id 'user_id' => $user_id
); );
@ -1937,12 +2042,12 @@ class Aauth {
else { else {
$data = array( $data = array(
'key' => $key, 'data_key' => $key,
'value' => $value, 'value' => $value,
'user_id' => $user_id 'user_id' => $user_id
); );
$this->aauth_db->where( 'key', $key ); $this->aauth_db->where( 'data_key', $key );
$this->aauth_db->where( 'user_id', $user_id); $this->aauth_db->where( 'user_id', $user_id);
return $this->aauth_db->update( $this->config_vars['user_variables'], $data); return $this->aauth_db->update( $this->config_vars['user_variables'], $data);
@ -1967,7 +2072,7 @@ class Aauth {
return FALSE; return FALSE;
} }
$this->aauth_db->where('key', $key); $this->aauth_db->where('data_key', $key);
$this->aauth_db->where('user_id', $user_id); $this->aauth_db->where('user_id', $user_id);
return $this->aauth_db->delete( $this->config_vars['user_variables'] ); return $this->aauth_db->delete( $this->config_vars['user_variables'] );
@ -1993,7 +2098,7 @@ class Aauth {
} }
$query = $this->aauth_db->where('user_id', $user_id); $query = $this->aauth_db->where('user_id', $user_id);
$query = $this->aauth_db->where('key', $key); $query = $this->aauth_db->where('data_key', $key);
$query = $this->aauth_db->get( $this->config_vars['user_variables'] ); $query = $this->aauth_db->get( $this->config_vars['user_variables'] );
@ -2025,7 +2130,7 @@ class Aauth {
if ( ! $this->get_user($user_id)){ if ( ! $this->get_user($user_id)){
return FALSE; return FALSE;
} }
$query = $this->aauth_db->select('key'); $query = $this->aauth_db->select('data_key');
$query = $this->aauth_db->where('user_id', $user_id); $query = $this->aauth_db->where('user_id', $user_id);
@ -2057,7 +2162,7 @@ class Aauth {
if ($this->get_system_var($key) === FALSE) { if ($this->get_system_var($key) === FALSE) {
$data = array( $data = array(
'key' => $key, 'data_key' => $key,
'value' => $value, 'value' => $value,
); );
@ -2068,11 +2173,11 @@ class Aauth {
else { else {
$data = array( $data = array(
'key' => $key, 'data_key' => $key,
'value' => $value, 'value' => $value,
); );
$this->aauth_db->where( 'key', $key ); $this->aauth_db->where( 'data_key', $key );
return $this->aauth_db->update( $this->config_vars['system_variables'], $data); return $this->aauth_db->update( $this->config_vars['system_variables'], $data);
} }
@ -2086,7 +2191,7 @@ class Aauth {
*/ */
public function unset_system_var( $key ) { public function unset_system_var( $key ) {
$this->aauth_db->where('key', $key); $this->aauth_db->where('data_key', $key);
return $this->aauth_db->delete( $this->config_vars['system_variables'] ); return $this->aauth_db->delete( $this->config_vars['system_variables'] );
} }
@ -2100,7 +2205,7 @@ class Aauth {
*/ */
public function get_system_var( $key ){ public function get_system_var( $key ){
$query = $this->aauth_db->where('key', $key); $query = $this->aauth_db->where('data_key', $key);
$query = $this->aauth_db->get( $this->config_vars['system_variables'] ); $query = $this->aauth_db->get( $this->config_vars['system_variables'] );
@ -2121,7 +2226,7 @@ class Aauth {
*/ */
public function list_system_var_keys(){ public function list_system_var_keys(){
$query = $this->aauth_db->select('key'); $query = $this->aauth_db->select('data_key');
$query = $this->aauth_db->get( $this->config_vars['system_variables'] ); $query = $this->aauth_db->get( $this->config_vars['system_variables'] );
// if variable not set // if variable not set
if ($query->num_rows() < 1) { return FALSE;} if ($query->num_rows() < 1) { return FALSE;}
@ -2132,14 +2237,46 @@ class Aauth {
public function generate_recaptcha_field(){ public function generate_recaptcha_field(){
$content = ''; $content = '';
if($this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $this->CI->input->cookie('reCAPTCHA', TRUE) == 'true'){ if($this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active']){
if( ($this->config_vars['use_cookies'] == TRUE && $this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') || ($this->config_vars['use_cookies'] == FALSE && $this->CI->session->tempdata('reCAPTCHA') == 'true') ){
$content .= "<script type='text/javascript' src='https://www.google.com/recaptcha/api.js'></script>"; $content .= "<script type='text/javascript' src='https://www.google.com/recaptcha/api.js'></script>";
$siteKey = $this->config_vars['recaptcha_siteKey']; $siteKey = $this->config_vars['recaptcha_siteKey'];
$content .= "<div class='g-recaptcha' data-sitekey='{$siteKey}'></div>"; $content .= "<div class='g-recaptcha' data-sitekey='{$siteKey}'></div>";
} }
}
return $content; return $content;
} }
public function update_user_totp_secret($user_id = FALSE, $secret) {
if ($user_id == FALSE)
$user_id = $this->CI->session->userdata('id');
$data['totp_secret'] = $secret;
$this->aauth_db->where('id', $user_id);
return $this->aauth_db->update($this->config_vars['users'], $data);
}
public function generate_unique_totp_secret(){
$ga = new PHPGangsta_GoogleAuthenticator();
$stop = false;
while (!$stop) {
$secret = $ga->createSecret();
$query = $this->aauth_db->where('totp_secret', $secret);
$query = $this->aauth_db->get($this->config_vars['users']);
if ($query->num_rows() == 0) {
return $secret;
$stop = true;
}
}
}
public function generate_totp_qrcode($secret){
$ga = new PHPGangsta_GoogleAuthenticator();
return $ga->getQRCodeGoogleUrl($this->config_vars['name'], $secret);
}
} // end class } // end class
// $this->CI->session->userdata('id') // $this->CI->session->userdata('id')

13
sql/Aauth_v2.sql
Unescape View File

@ -75,10 +75,10 @@ CREATE TABLE `aauth_pms` (
`receiver_id` int(11) unsigned NOT NULL, `receiver_id` int(11) unsigned NOT NULL,
`title` varchar(255) NOT NULL, `title` varchar(255) NOT NULL,
`message` text, `message` text,
`date` datetime DEFAULT NULL, `date_sent` datetime DEFAULT NULL,
`read` tinyint(1) DEFAULT '0', `date_read` datetime DEFAULT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `full_index` (`id`,`sender_id`,`receiver_id`,`read`) KEY `full_index` (`id`,`sender_id`,`receiver_id`,`date_read`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8; ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ---------------------------- -- ----------------------------
@ -91,7 +91,7 @@ CREATE TABLE `aauth_pms` (
DROP TABLE IF EXISTS `aauth_system_variables`; DROP TABLE IF EXISTS `aauth_system_variables`;
CREATE TABLE `aauth_system_variables` ( CREATE TABLE `aauth_system_variables` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`key` varchar(100) NOT NULL, `data_key` varchar(100) NOT NULL,
`value` text, `value` text,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8; ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@ -117,6 +117,7 @@ CREATE TABLE `aauth_users` (
`remember_time` datetime DEFAULT NULL, `remember_time` datetime DEFAULT NULL,
`remember_exp` text COLLATE utf8_general_ci, `remember_exp` text COLLATE utf8_general_ci,
`verification_code` text COLLATE utf8_general_ci, `verification_code` text COLLATE utf8_general_ci,
`totp_secret` varchar(16) COLLATE utf8_general_ci DEFAULT NULL,
`ip_address` text COLLATE utf8_general_ci, `ip_address` text COLLATE utf8_general_ci,
`login_attempts` int(11) DEFAULT '0', `login_attempts` int(11) DEFAULT '0',
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
@ -125,7 +126,7 @@ CREATE TABLE `aauth_users` (
-- ---------------------------- -- ----------------------------
-- Records of aauth_users -- Records of aauth_users
-- ---------------------------- -- ----------------------------
INSERT INTO `aauth_users` VALUES ('1', 'admin@example.com', 'dd5073c93fb477a167fd69072e95455834acd93df8fed41a2c468c45b394bfe3', 'Admin', '0', null, null, null, null, null, null, null, null, '0'); INSERT INTO `aauth_users` VALUES ('1', 'admin@example.com', 'dd5073c93fb477a167fd69072e95455834acd93df8fed41a2c468c45b394bfe3', 'Admin', '0', null, null, null, null, null, null, null, null, null, '0');
-- ---------------------------- -- ----------------------------
-- Table structure for `aauth_user_to_group` -- Table structure for `aauth_user_to_group`
@ -150,7 +151,7 @@ DROP TABLE IF EXISTS `aauth_user_variables`;
CREATE TABLE `aauth_user_variables` ( CREATE TABLE `aauth_user_variables` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`user_id` int(11) unsigned NOT NULL, `user_id` int(11) unsigned NOT NULL,
`key` varchar(100) NOT NULL, `data_key` varchar(100) NOT NULL,
`value` text, `value` text,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `user_id_index` (`user_id`) KEY `user_id_index` (`user_id`)

Write Preview
Loading…
Cancel
Save