File modules/cms/action/user/UserInfoAction.class.php

Last commit: Wed Feb 23 00:38:24 2022 +0100	dankert	New: Enable HOTP with counter synchronization; New: TOTP of the last period are valid too.


     1 <?php
     2 namespace cms\action\user;
     3 use cms\action\Method;
     4 use cms\action\UserAction;
     5 use cms\base\Configuration;
     6 use cms\base\Startup;
     7 use cms\model\Group;
     8 use security\Base2n;
     9 use security\OTP;
    10 use security\Password;
    11 
    12 
    13 class UserInfoAction extends UserAction implements Method {
    14     public function view() {
    15 		$this->setTemplateVars( $this->user->getProperties() );
    16 
    17 		$gravatarConfig = Configuration::subset(['interface','gravatar'] );
    18 		
    19 
    20 		if	( $gravatarConfig->is('enabled',true) &&  $this->user->mail )
    21 		{
    22 			$url = 'http://www.gravatar.com/avatar/'.md5($this->user->mail).'?';
    23 
    24 			$url .= '&s='.$gravatarConfig->get('size'   ,80 );
    25 			$url .= '&d='.$gravatarConfig->get('default',404);
    26 			$url .= '&r='.$gravatarConfig->get('rating' ,'g');
    27 
    28 			$this->setTemplateVar( 'image', $url );
    29 		} else {
    30 			$this->setTemplateVar( 'image', 'about:blank' );
    31 		}
    32 
    33 
    34 
    35 		$this->setTemplateVar( 'groups', array_map( function( $groupid) {
    36 			$group = new Group( $groupid);
    37 			$group->load();
    38 			return $group->name;
    39 		},$this->user->getEffectiveGroups() ) );
    40 
    41 
    42 		$issuer  = urlencode(Configuration::subset('application')->get('operator',Startup::TITLE));
    43         $account = $this->user->name.'@'.$_SERVER['SERVER_NAME'];
    44 
    45         $base32 = new Base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE);
    46         $secret = $base32->encode(@hex2bin($this->user->otpSecret));
    47 
    48         $counter = $this->user->hotpCount;
    49 
    50         $this->setTemplateVar('totpSecretUrl',"otpauth://totp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}");
    51 		$this->setTemplateVar('hotpSecretUrl',"otpauth://hotp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}&counter={$counter}");
    52 		$this->setTemplateVar('totpToken'    , OTP::getTOTPCode($this->user->otpSecret));
    53     }
    54 
    55 
    56     public function post() {
    57     }
    58 }



Download modules/cms/action/user/UserInfoAction.class.php


History
Wed, 23 Feb 2022 00:38:24 +0100	dankert	New: Enable HOTP with counter synchronization; New: TOTP of the last period are valid too.
Mon, 4 Jan 2021 23:14:09 +0100	Jan Dankert	New: Groups may contain subgroups. Users within a group inherit the permissions of all parent groups.
Tue, 17 Nov 2020 23:51:00 +0100	Jan Dankert	Refactoring: Every Actionmethod has now its own class.