Rev 1282 | Rev 1293 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1282 | Rev 1283 | ||
---|---|---|---|
Line 63... | Line 63... | ||
63 | 63 | ||
64 | $starttime = time(); |
64 | $starttime = time(); |
65 | $random = mt_rand($min,$max); |
65 | $random = mt_rand($min,$max); |
66 | $ip_target = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; |
66 | $ip_target = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; |
67 | $challenge = sha3_512($starttime.'/'.$ip_target.'/'.$random); // $random is secret! |
67 | $challenge = sha3_512($starttime.'/'.$ip_target.'/'.$random); // $random is secret! |
68 | $challenge_integrity = OIDplus::authUtils()->makeAuthKey('797bfc34-f4fa-11ed-86ca-3c4a92df8582:'.$challenge); |
68 | $challenge_integrity = OIDplus::authUtils()->makeAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge]); |
69 | $send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity); |
69 | $send_to_client = array($starttime, $ip_target, $challenge, $min, $max, $challenge_integrity); |
70 | 70 | ||
71 | $open_trans_file = self::getOpenTransFileName($ip_target, $random); |
71 | $open_trans_file = self::getOpenTransFileName($ip_target, $random); |
72 | if (@file_put_contents($open_trans_file, '') === false) { |
72 | if (@file_put_contents($open_trans_file, '') === false) { |
73 | throw new OIDplusException(_L('Cannot write file %1', $open_trans_file)); |
73 | throw new OIDplusException(_L('Cannot write file %1', $open_trans_file)); |
Line 100... | Line 100... | ||
100 | if (!is_file($file)) continue; |
100 | if (!is_file($file)) continue; |
101 | if (filemtime($file) > $expire) continue; |
101 | if (filemtime($file) > $expire) continue; |
102 | @unlink($file); |
102 | @unlink($file); |
103 | } |
103 | } |
104 | 104 | ||
105 | return $dir.'/vts_client_challenge_'.OIDplus::authUtils()->makeSecret('461f4a9e-f4fa-11ed-86ca-3c4a92df8582:'.$ip_target.'/'.$random).'.tmp'; |
105 | return $dir.'/vts_client_challenge_'.OIDplus::authUtils()->makeSecret(['461f4a9e-f4fa-11ed-86ca-3c4a92df8582',$ip_target,$random]).'.tmp'; |
106 | } |
106 | } |
107 | 107 | ||
108 | /** |
108 | /** |
109 | * @param string|null $header_text |
109 | * @param string|null $header_text |
110 | * @param string|null $footer_text |
110 | * @param string|null $footer_text |
Line 147... | Line 147... | ||
147 | $open_trans_file = self::getOpenTransFileName($ip_target, $answer); |
147 | $open_trans_file = self::getOpenTransFileName($ip_target, $answer); |
148 | 148 | ||
149 | $current_ip = ($_SERVER['REMOTE_ADDR'] ?? 'unknown'); |
149 | $current_ip = ($_SERVER['REMOTE_ADDR'] ?? 'unknown'); |
150 | if ($ip_target != $current_ip) { |
150 | if ($ip_target != $current_ip) { |
151 | throw new OIDplusException(_L('IP address has changed. Please try again. (current IP %1, expected %2)', $current_ip, $ip_target)); |
151 | throw new OIDplusException(_L('IP address has changed. Please try again. (current IP %1, expected %2)', $current_ip, $ip_target)); |
152 | } else if (time()-$starttime > OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/)) { |
152 | //} else if (time()-$starttime > OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/)) { |
153 | throw new OIDplusException(_L('Challenge expired. Please try again.')); |
153 | // throw new OIDplusException(_L('Challenge expired. Please try again.')); |
154 | } else if (!OIDplus::authUtils()->validateAuthKey('797bfc34-f4fa-11ed-86ca-3c4a92df8582:'.$challenge, $challenge_integrity)) { |
154 | } else if (!OIDplus::authUtils()->validateAuthKey(['797bfc34-f4fa-11ed-86ca-3c4a92df8582',$challenge],$challenge_integrity,OIDplus::baseConfig()->getValue('VTS_CAPTCHA_MAXTIME', 10*60/*10 minutes*/))) { |
155 | throw new OIDplusException(_L('Challenge integrity failed')); |
155 | throw new OIDplusException(_L('Invalid or expired authentication key')); |
156 | } else if ($challenge !== sha3_512($starttime.'/'.$ip_target.'/'.$answer)) { |
156 | } else if ($challenge !== sha3_512($starttime.'/'.$ip_target.'/'.$answer)) { |
157 | throw new OIDplusException(_L('Wrong answer')); |
157 | throw new OIDplusException(_L('Wrong answer')); |
158 | } else if (!file_exists($open_trans_file)) { |
158 | } else if (!file_exists($open_trans_file)) { |
159 | throw new OIDplusException(_L('Challenge submitted twice or transaction missing')); |
159 | throw new OIDplusException(_L('Challenge submitted twice or transaction missing')); |
160 | } else { |
160 | } else { |