diff options
| author | Andrew Dolgov <[email protected]> | 2021-02-26 19:16:17 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-02-26 19:16:17 +0300 |
| commit | 3fd785654372d493c031d9b541ab33a881023a32 (patch) | |
| tree | 0a76cb410217074378de3d7012b95754cd3c7e6f /classes/userhelper.php | |
| parent | bc4475b6698f5a74e475674aa7af43253c459892 (diff) | |
* switch to composer for qrcode and otp dependencies
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
Diffstat (limited to 'classes/userhelper.php')
| -rw-r--r-- | classes/userhelper.php | 79 |
1 files changed, 76 insertions, 3 deletions
diff --git a/classes/userhelper.php b/classes/userhelper.php index ca673cf58..f366682ef 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -1,4 +1,6 @@ <?php +use OTPHP\TOTP; + class UserHelper { static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) { @@ -141,14 +143,29 @@ class UserHelper { } - static function get_user_ip() { + static function get_user_ip() : string { foreach (["HTTP_X_REAL_IP", "REMOTE_ADDR"] as $hdr) { if (isset($_SERVER[$hdr])) return $_SERVER[$hdr]; } + + return null; + } + + static function get_login_by_id(int $id) : string { + $pdo = Db::pdo(); + + $sth = $pdo->prepare("SELECT login FROM ttrss_users WHERE id = ?"); + $sth->execute([$id]); + + if ($row = $sth->fetch()) { + return $row["login"]; + } + + return null; } - static function find_user_by_login(string $login) { + static function find_user_by_login(string $login) : int { $pdo = Db::pdo(); $sth = $pdo->prepare("SELECT id FROM ttrss_users WHERE @@ -159,7 +176,7 @@ class UserHelper { return $row["id"]; } - return false; + return null; } static function logout() { @@ -203,4 +220,60 @@ class UserHelper { } } + + static function check_otp(int $owner_uid, int $otp_check) : bool { + $otp = TOTP::create(self::get_otp_secret($owner_uid, true)); + + return $otp->now() == $otp_check; + } + + static function disable_otp(int $owner_uid) : bool { + $sth = Db::pdo()->prepare("UPDATE ttrss_users SET otp_enabled = false WHERE id = ?"); + $sth->execute([$owner_uid]); + + return true; + } + + static function enable_otp(int $owner_uid, int $otp_check) : bool { + $secret = self::get_otp_secret($owner_uid); + + if ($secret) { + $otp = TOTP::create($secret); + + if ($otp->now() == $otp_check) { + $sth = Db::pdo()->prepare("UPDATE ttrss_users + SET otp_enabled = true WHERE id = ?"); + + $sth->execute([$owner_uid]); + + return true; + } + } + return false; + } + + + static function is_otp_enabled(int $owner_uid) : bool { + $sth = Db::pdo()->prepare("SELECT otp_enabled FROM ttrss_users WHERE id = ?"); + $sth->execute([$owner_uid]); + + if ($row = $sth->fetch()) { + return sql_bool_to_bool($row["otp_enabled"]); + } + + return false; + } + + static function get_otp_secret(int $owner_uid, bool $show_if_enabled = false) : string { + $sth = Db::pdo()->prepare("SELECT salt, otp_enabled FROM ttrss_users WHERE id = ?"); + $sth->execute([$owner_uid]); + + if ($row = $sth->fetch()) { + if (!sql_bool_to_bool($row["otp_enabled"]) || $show_if_enabled) { + return \ParagonIE\ConstantTime\Base32::encodeUpperUnpadded(mb_substr(sha1($row["salt"]), 0, 12)); + } + } + + return null; + } } |