From 28ca65fa6d0af781f76a19555a2008cae43b7bcd Mon Sep 17 00:00:00 2001
From: Spitzer_Daniel <daniel.spitzer@inode.at>
Date: Mon, 28 Aug 2023 15:25:59 +0200
Subject: [PATCH] =?UTF-8?q?UserToken=20Methoden=20static=20hinzugef=C3=BCg?=
 =?UTF-8?q?t=20Bug=20bei=20Passwortl=C3=A4ngencheck=20gefixt=20JS=20Reques?=
 =?UTF-8?q?t=20URLs=20auf=20getUrl=20umgebaut=202FA=20Code=20wird=20bei=20?=
 =?UTF-8?q?eingabe=20nun=20=C3=BCngiltig?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Layout/default/UserProfile/Form.php             | 15 +++++----------
 Layout/default/UserProfile/Index.php            |  7 ++++---
 .../UserProfile/UserProfileController.php       | 17 ++++++++---------
 application/UserToken/UserToken.php             |  6 +++---
 application/UserTwofactor/UserTwofactor.php     | 11 +++++++++++
 lib/mvcfronk/mfLogin/mfLoginController.php      |  2 ++
 6 files changed, 33 insertions(+), 25 deletions(-)

diff --git a/Layout/default/UserProfile/Form.php b/Layout/default/UserProfile/Form.php
index 7fe877ee7..e97e0cca6 100644
--- a/Layout/default/UserProfile/Form.php
+++ b/Layout/default/UserProfile/Form.php
@@ -78,7 +78,8 @@ if ($twofa == 0) {
                                 <div class="form-group row">
                                     <label class="col-lg-2 col-form-label" for="olt">Mobiltelefon</label>
                                     <div class="col-lg-3">
-                                        <input placeholder="+4366411223344" type="text" class="form-control input-control"
+                                        <input placeholder="+4366411223344" type="text"
+                                               class="form-control input-control"
                                                name="mobile" id="mobile"
                                                value="<?= $userprofile->mobile ?>" <?php if ($twofa == 2) : ?> disabled="disabled" <?php endif; ?>/>
                                     </div>
@@ -125,10 +126,7 @@ if ($twofa == 0) {
 
     <script type="text/javascript">
         $(document).ready(function () {
-            var verficationtype;
-            $.getJSON("https://<?= $_SERVER['SERVER_NAME']; ?>/UserProfile/api?do=checkverfication", {}).done(function (data) {
-                verficationtype = data.data.verficationtype;
-            });
+            var verficationtype = <?= $twofa ?>;
             $('form').submit(function (e) {
                 var me = this;
                 if ($('#verification2fa').is(":hidden")) {
@@ -138,18 +136,15 @@ if ($twofa == 0) {
                         $('#verification2fa').show();
                         $('#code').attr("required", true);
 
-                        $.getJSON("https://<?= $_SERVER['SERVER_NAME']; ?>/UserProfile/api?do=sendcode&twofactor=" + verficationtype, {}).done(function (data) {
+                        $.getJSON("<?= self::getUrl("UserProfile", "api", ['do' => 'sendcode', 'twofactor' => $twofa]) ?>", {}).done(function (data) {
                         }).fail(function (jqxhr, textStatus, error) {
                             window.location.href = "/Dashboard";
                         });
-                    } else {
-
                     }
                 }
             });
             $("body").on("click", "#new-authcode", function (event) {
-
-                $.getJSON("https://<?= $_SERVER['SERVER_NAME']; ?>/UserProfile/api?do=sendcode&twofactor=" + $('#new-authcode').data('codetype'), {}).done(function (data) {
+                $.getJSON("<?= self::getUrl("UserProfile", "api", ['do' => 'sendcode', 'twofactor' => $twofa]) ?>", {}).done(function (data) {
                     $("#new-authcode").hide(0).delay(5000).show(0);
                 }).fail(function (jqxhr, textStatus, error) {
                     window.location.href = "/Dashboard";
diff --git a/Layout/default/UserProfile/Index.php b/Layout/default/UserProfile/Index.php
index d9c223785..023b03c28 100644
--- a/Layout/default/UserProfile/Index.php
+++ b/Layout/default/UserProfile/Index.php
@@ -188,13 +188,14 @@ if ($userprofile->twofactor == 0) {
         $(document).ready(function () {
             $("body").on("click", "#new-authcode", function (event) {
 
-                $.getJSON("https://<?= $_SERVER['SERVER_NAME']; ?>/UserProfile/api?do=sendcode&twofactor=" + $('#new-authcode').data('codetype'), {}).done(function (data) {
+                $.getJSON("<?= self::getUrl("UserProfile", "api", ['do' => 'sendcode', 'twofactor' => $verification]) ?>", {}).done(function (data) {
                     $("#new-authcode").hide(0).delay(5000).show(0);
                 }).fail(function (jqxhr, textStatus, error) {
-                    window.location.href = "/Dashboard";
+                    window.location.href = "<?= self::getUrl("Dashboard") ?>";
                 });
             });
-        });
+        })
+        ;
     </script>
 
 
diff --git a/application/UserProfile/UserProfileController.php b/application/UserProfile/UserProfileController.php
index e6aa66338..60f1b693e 100644
--- a/application/UserProfile/UserProfileController.php
+++ b/application/UserProfile/UserProfileController.php
@@ -18,14 +18,8 @@ class UserProfileController extends mfBaseController
 
     protected function indexAction()
     {
-
         $this->layout()->setTemplate("UserProfile/Index");
         $this->layout()->set("userprofile", $this->me);
-//        $email = new Emailnotification();
-//        $email->setSubject('testemail');
-//        $email->setBody('Testemail');
-//        $email->setTo('daniel.spitzer@inode.at');
-//        $email->send();
     }
 
     protected function addAction()
@@ -115,6 +109,7 @@ class UserProfileController extends mfBaseController
         $r = $this->request;
         $id = $this->me->id;
         $User = new User($id);
+        $data = [];
         if ($User->twofactor != 0) {
             $requestcode2fa = $r->code;
             $userCode2fa = $User->twofactorcode;
@@ -125,10 +120,11 @@ class UserProfileController extends mfBaseController
                 $this->layout()->setFlash("Verifizierungscode ungültig", "error");
                 $this->redirect("UserProfile/edit");
             }
-
+            $data['twofactorcode'] = NULL;
+            $data['twofactortimestamp'] = NULL;
         }
 
-        $data = [];
+
         $data['name'] = trim($r->name);
         if ($User->twofactor != 1) {
             $data['email'] = trim($r->email);
@@ -184,7 +180,7 @@ class UserProfileController extends mfBaseController
             $this->layout()->setFlash("altes Passwort falsch", "error");
             $this->redirect("UserProfile");
         }
-        if (strlen($newpwd < 8)) {
+        if (strlen($newpwd) < 8) {
             $this->layout()->setFlash("neues Passwort muss min. 8 Zeichen haben", "error");
             $this->redirect("UserProfile");
         }
@@ -253,6 +249,9 @@ class UserProfileController extends mfBaseController
             $id = $this->me->id;
             $User = new User($id);
             $data['twofactor'] = $r->twofactor;
+            $data['twofactorcode'] = NULL;
+            $data['twofactortimestamp'] = NULL;
+
             $User->update($data);
             $User->save();
             $this->layout()->setFlash("Zwei-Faktor-Authentifizierung aktiv", "success");
diff --git a/application/UserToken/UserToken.php b/application/UserToken/UserToken.php
index 96ba02713..57866cbd8 100644
--- a/application/UserToken/UserToken.php
+++ b/application/UserToken/UserToken.php
@@ -3,7 +3,7 @@
 class UserToken extends mfBaseController
 {
 
-    public function checkToken()
+    public static function checkToken()
     {
         if (isset($_COOKIE[MFAPPNAME . '_remembertoken'])) {
             $cookie = explode(':', $_COOKIE[MFAPPNAME . '_remembertoken']);
@@ -36,7 +36,7 @@ class UserToken extends mfBaseController
         }
     }
 
-    public function generateToken($userId)
+    public static function generateToken($userId)
     {
         $db = new FronkDB();
         $tokenExpireTime = time() + 2592000;
@@ -52,7 +52,7 @@ class UserToken extends mfBaseController
         setcookie(MFAPPNAME . '_remembertoken', $selector . ':' . $token, $tokenExpireTime, "/");
     }
 
-    public function deleteToken()
+    public static function deleteToken()
     {
         $db = new FronkDB();
         $cookie = explode(':', $_COOKIE[MFAPPNAME . '_remembertoken']);
diff --git a/application/UserTwofactor/UserTwofactor.php b/application/UserTwofactor/UserTwofactor.php
index 97a95b95e..2fcc30821 100644
--- a/application/UserTwofactor/UserTwofactor.php
+++ b/application/UserTwofactor/UserTwofactor.php
@@ -85,4 +85,15 @@ class UserTwofactor
         }
 
     }
+
+    public function removeCode()
+    {
+        $id = $this->UserId;
+        $User = new User($id);
+        $data = [];
+        $data['twofactorcode']=NULL;
+        $data['twofactortimestamp']=NULL;
+        $User->update($data);
+        $User->save();
+    }
 }
\ No newline at end of file
diff --git a/lib/mvcfronk/mfLogin/mfLoginController.php b/lib/mvcfronk/mfLogin/mfLoginController.php
index 254b9b93a..a04184faf 100644
--- a/lib/mvcfronk/mfLogin/mfLoginController.php
+++ b/lib/mvcfronk/mfLogin/mfLoginController.php
@@ -209,6 +209,8 @@ class mfLoginController extends mfBaseController
                     #Token generieren in DB und Cookie schreiben
                     UserToken::generateToken($userid);
                 }
+                $twoFactor = new UserTwofactor($userid);
+                $twoFactor->removeCode();
             }
             //session_name(MFAPPNAME."_session");
             //session_start();