From f4c42a31208c8b4c093de3eb66cfbef87251b57f Mon Sep 17 00:00:00 2001
From: Raphael Jackstadt <info@rejack.de>
Date: Tue, 26 May 2015 20:32:15 +0200
Subject: [PATCH] added totp_only_on_ip_change

---
 application/config/aauth.php    |  2 +-
 application/libraries/Aauth.php | 28 +++++++++++++++++++++++++++-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/application/config/aauth.php b/application/config/aauth.php
index 0d24b8b..ddfeb7c 100644
--- a/application/config/aauth.php
+++ b/application/config/aauth.php
@@ -58,8 +58,8 @@ $config['aauth']['recaptcha_siteKey'] = '';
 $config['aauth']['recaptcha_secret'] = '';
 
 $config['aauth']['totp_active'] = false;
+$config['aauth']['totp_only_on_ip_change'] = false;
 $config['aauth']['totp_reset_over_reset_password'] = false;
-
 // login attempts time interval
 // default 20 times in one hour
 $config['aauth']['max_login_attempt'] = 10;
diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php
index 0c81f7d..7784ba6 100644
--- a/application/libraries/Aauth.php
+++ b/application/libraries/Aauth.php
@@ -236,7 +236,7 @@ class Aauth {
 			}
 		}
 	 	
-	 	if($this->config_vars['totp_active'] == TRUE){
+	 	if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == FALSE){
 			$query = null;
 			$query = $this->aauth_db->where($db_identifier, $identifier);
 			$query = $this->aauth_db->get($this->config_vars['users']);
@@ -255,6 +255,32 @@ class Aauth {
 				}
 			}
 	 	}
+	 	
+	 	if($this->config_vars['totp_active'] == TRUE AND $this->config_vars['totp_only_on_ip_change'] == TRUE){
+			$query = null;
+			$query = $this->aauth_db->where($db_identifier, $identifier);
+			$query = $this->aauth_db->get($this->config_vars['users']);
+			$totp_secret =  $query->row()->totp_secret;
+			$ip_address = $query->row()->ip_address;
+			$current_ip_address = $this->CI->input->ip_address();
+			if ($query->num_rows() > 0 AND !$totp_code) {
+				if($ip_address != $current_ip_address ){
+					$this->error($this->CI->lang->line('aauth_error_totp_code_required'));
+					return FALSE;
+				}
+			}else {
+				if(!empty($totp_secret)){
+					if($ip_address != $current_ip_address ){
+						$ga = new PHPGangsta_GoogleAuthenticator();
+						$checkResult = $ga->verifyCode($totp_secret, $totp_code, 0);
+						if (!$checkResult) {
+							$this->error($this->CI->lang->line('aauth_error_totp_code_invalid'));
+							return FALSE;
+						}
+					}
+				}
+			}
+	 	}
 		
 		// if email and pass matches and not banned
 		if ( $query->num_rows() > 0 ) {