public static function validateAuthAdmin($pass = "")
{
global $userdata, $locale;
if (iADMIN) {
// Validate existing admin cookie
if ($pass == "" && isset($_COOKIE[COOKIE_ADMIN]) && $_COOKIE[COOKIE_ADMIN] != "") {
$cookieDataArr = explode(".", $_COOKIE[COOKIE_ADMIN]);
if (count($cookieDataArr) == 3) {
list($userID, $cookieExpiration, $cookieHash) = $cookieDataArr;
if ($cookieExpiration > time() && $userID == $userdata['user_id']) {
$result = dbquery("SELECT user_admin_algo, user_admin_salt FROM " . DB_USERS . "\n\t\t\t\t\t\t\tWHERE user_id='" . (isnum($userID) ? $userID : 0) . "' AND user_level < -101 AND user_status='0' AND user_actiontime='0'\n\t\t\t\t\t\t\tLIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
$key = hash_hmac($user['user_admin_algo'], $userID . $cookieExpiration, $user['user_admin_salt']);
$hash = hash_hmac($user['user_admin_algo'], $userID . $cookieExpiration, $key);
if ($cookieHash == $hash) {
$error = FALSE;
/**
* New 2nd factor session authentication
*/
if (empty($_SESSION['aid'])) {
return FALSE;
} else {
$password_algo = fusion_get_settings("password_algorithm");
$token_data = explode(".", $_SESSION['aid']);
// check if the token has the correct format
if (count($token_data) == 3) {
list($tuser_id, $token_time, $hash) = $token_data;
$user_id = iMEMBER ? $userdata['user_id'] : 0;
$algo = $password_algo;
$key = $userdata['user_id'] . $token_time . iAUTH . SECRET_KEY;
$salt = md5($userdata['user_admin_salt'] . SECRET_KEY_SALT);
// check if the logged user has the same ID as the one in token
if ($tuser_id != $user_id) {
$error = $locale['token_error_4'];
// make sure the token datestamp is a number
} elseif (!isnum($token_time)) {
$error = $locale['token_error_5'];
// check if the hash is valid
} elseif ($hash != hash_hmac($algo, $key, $salt)) {
$error = $locale['token_error_7'];
// check if a post wasn't made too fast. Set $post_time to 0 for instant. Go for System Settings later.
}
} else {
// token format is incorrect
$error = $locale['token_error_8'];
}
// Check if any error was set
if ($error !== FALSE) {
\defender::stop();
addNotice("warning", $error);
return FALSE;
}
}
return TRUE;
}
}
}
}
// Validate a provided password
} elseif ($pass != "") {
$result = dbquery("SELECT user_admin_algo, user_admin_salt, user_admin_password FROM " . DB_USERS . "\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "' AND user_level < -101 AND user_status='0' AND user_actiontime='0'\n\t\t\t\t\tLIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
if ($user['user_admin_algo'] != "md5") {
$inputHash = hash_hmac($user['user_admin_algo'], $pass, $user['user_admin_salt']);
} else {
$inputHash = md5(md5($pass));
}
if ($inputHash == $user['user_admin_password']) {
return TRUE;
}
}
}
}
return FALSE;
}
