%PDF- %PDF- 403WebShell
403Webshell
Server IP : 37.220.80.31  /  Your IP : 3.147.195.136
Web Server : Apache/2.4.52 (Ubuntu)
System : Linux 3051455-guretool.twc1.net 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64
User : www-root ( 1010)
PHP Version : 7.4.33
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/www-root/data/www/dev.artlot24.ru/bitrix/modules/security/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/www-root/data/www/dev.artlot24.ru/bitrix/modules/security/admin/security_otp_recovery_codes.php
<?php
use Bitrix\Main\Config\Option;
use Bitrix\Security\Mfa\Otp;
use Bitrix\Security\Mfa\RecoveryCodesTable;

require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_before.php");

/**
 * @global CMain $APPLICATION
 * @global CUser $USER
 */

IncludeModuleLangFile(__FILE__);
$request = Bitrix\Main\Context::getCurrent()->getRequest();
$userId = (int) ($request['user']?: $USER->getId());
$userOtp = Otp::getByUser($userId);

if (!CModule::includeModule('security'))
	ShowError('Security module not installed');

if (!$userOtp->isActivated())
	ShowError('OTP inactive');

if (!Otp::isRecoveryCodesEnabled())
	ShowError('OTP Recovery codes are disabled');

if (
	!$userId
	|| ($userId != $USER->getId() && !$USER->CanDoOperation('security_edit_user_otp'))
)
{
	ShowError('Not enough permissions');
}

if (isset($request['action']) && $request['action'] === 'download')
{
	$codes = getRecoveryCodes($userId);
	$response = '';
	$counter = 0;
	foreach ($codes as $code)
	{
		$counter++;
		$response .= sprintf("%d. %s\r\n", $counter, $code);
	}

	header('Content-Type: text/plain', true);
	header('Content-Disposition: attachment; filename="recovery_codes.txt"');
	header('Content-Transfer-Encoding: binary');
	header(sprintf('Content-Length: %d', mb_strlen($response)));
	echo $response;
	die;
}

function getRecoveryCodes($userId)
{
	$codes = RecoveryCodesTable::getList(array(
		'select' => array('CODE'),
		'filter' => array('=USER_ID' => $userId, '=USED' => 'N')
	));

	$normalizedCodes = array();
	while (($code = $codes->fetch()))
	{
		$normalizedCodes[] = $code['CODE'];
	}

	return $normalizedCodes;
}

$codes = getRecoveryCodes($userId);
$issuer = $userOtp->getIssuer();
$label = $userOtp->getLabel();

$createdDate = CUserOptions::GetOption('security', 'recovery_codes_generated', null);
if ($createdDate)
	$createdDate = FormatDate('FULL', $createdDate);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
	<title><?=getMessage('SEC_OTP_RECOVERY_TITLE')?></title>
	<meta http-equiv="Content-Type" content="text/html; charset=<?=LANG_CHARSET?>">
	<script type="application/javascript">
		var __readyHandler = null;

		/* ready */
		if (document.addEventListener)
		{
			__readyHandler = function()
			{
				document.removeEventListener('DOMContentLoaded', __readyHandler, false);
				onReady();
			}
		}
		else if (document.attachEvent)
		{
			__readyHandler = function()
			{
				if (document.readyState === 'complete')
				{
					document.detachEvent('onreadystatechange', __readyHandler);
					onReady();
				}
			}
		}

		function bindReady()
		{
			if (document.readyState === 'complete')
			{
				return onReady();
			}

			if (document.addEventListener)
			{
				document.addEventListener('DOMContentLoaded', __readyHandler, false);
			}
			else if (document.attachEvent) // IE
			{
				document.attachEvent('onreadystatechange', __readyHandler);
			}
		}

		function onReady()
		{
			setTimeout(window.print, 100);
			setTimeout(window.close, 1000);
		}

		bindReady();
	</script>
</head>
<body>
	<h3>
		<?=getMessage('SEC_OTP_RECOVERY_TITLE')?>
	</h3>
	<p>
		<?=getMessage('SEC_OTP_RECOVERY_ISSUER', array(
			'#ISSUER#' => htmlspecialcharsbx($issuer)
		))?>
		<br />
		<?=getMessage('SEC_OTP_RECOVERY_LOGIN', array(
			'#LOGIN#' => htmlspecialcharsbx($label)
		))?>
		<?if ($createdDate):?>
			<br />
			<?=getMessage('SEC_OTP_RECOVERY_CREATED', array(
				'#DATE#' => htmlspecialcharsbx($createdDate)
			))?>
		<?endif?>
	<ol>
		<?foreach ($codes as $code):?>
			<li style="clear: both;"><?=htmlspecialcharsbx($code)?></li>
		<?endforeach;?>
	</ol>
	<p>
		<?=getMessage('SEC_OTP_RECOVERY_NOTE')?>
	</p>
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit