This repository has been archived by the owner on Oct 12, 2021. It is now read-only.
forked from nilsteampassnet/TeamPass
-
Notifications
You must be signed in to change notification settings - Fork 0
/
duo.load.php
75 lines (68 loc) · 2.5 KB
/
duo.load.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
/**
*
* @package duo.load.php
* @author Nils Laumaillé <nils@teampass.net>
* @version 2.1.27
* @copyright 2009-2019 Nils Laumaillé
* @license GNU GPL-3.0
* @link https://www.teampass.net
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
require_once('./sources/SecureHandler.php');
session_start();
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
die('Hacking attempt...');
}
// Load config
if (file_exists('../includes/config/tp.config.php')) {
include_once '../includes/config/tp.config.php';
} elseif (file_exists('./includes/config/tp.config.php')) {
include_once './includes/config/tp.config.php';
} else {
throw new Exception("Error file '/includes/config/tp.config.php' not exists", 1);
}
include $SETTINGS['cpassman_dir'].'/includes/config/settings.php';
/*
** This page contains the javascript call for DUOSecurity api
** It loads the expected iFrame where user gives his DUO credentials
** It sends the request to the DUO server
*/
?>
<script type="text/javascript">
//<![CDATA[
$(function() {
$.getScript("./includes/libraries/Authentication/DuoSecurity/Duo-Web-v2.min.js");
$.post(
"sources/identify.php",
{
type : "identify_duo_user",
login: sanitizeString($("#login").val()),
},
function(data) {
var ret = data[0].sig_request.split('|');
if (ret[0] === "ERR") {
$("#div_duo").html("ERROR " + ret[1]);
} else {
// preparing the DUO iframe
var cssLink = $("<link rel='stylesheet' type='text/css' href='./includes/libraries/Authentication/DuoSecurity/Duo-Frame.css'>");
$("head").append(cssLink);
$("#div_duo").html('<iframe id="duo_iframe" frameborder="0" data-host="<?php echo HOST; ?>" data-sig-request="'+data[0].sig_request+'"></iframe>');
// loading the DUO iframe
Duo.init({
'host': '<?php echo HOST; ?>',
'sig_request': data[0].sig_request,
'post_action': "index.php?type=duo_check&"+data[0].csrfp_token+"="+data[0].csrfp_key+"&post_type=duo"
});
$("#duo_login").val($("#login").val());
$("#duo_pwd").val($("#pw").val());
}
},
"json"
);
});
//]]>
</script>