2025-10-08 14:23:07 +03:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Core;
|
|
|
|
|
|
|
|
|
|
class Auth
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Check if user is authenticated
|
|
|
|
|
*/
|
|
|
|
|
public static function check(): bool
|
|
|
|
|
{
|
Add two-factor authentication (2FA) support
Introduces two-factor authentication (2FA) with TOTP, backup codes, and email codes. Adds controllers, services, views, and migration for 2FA setup, verification, and management. Updates user and settings models, email helper, and relevant controllers to support 2FA policy enforcement, configuration, and user flows. Enhances security by allowing admins to require or disable 2FA, and provides backup code generation and management for account recovery.
2025-10-16 17:25:06 +03:00
|
|
|
return isset($_SESSION['user_id']) && !isset($_SESSION['2fa_required']);
|
2025-10-08 14:23:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get current user ID
|
|
|
|
|
*/
|
|
|
|
|
public static function id(): ?int
|
|
|
|
|
{
|
|
|
|
|
return $_SESSION['user_id'] ?? null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get current username
|
|
|
|
|
*/
|
|
|
|
|
public static function username(): ?string
|
|
|
|
|
{
|
|
|
|
|
return $_SESSION['username'] ?? null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get current user's full name
|
|
|
|
|
*/
|
|
|
|
|
public static function fullName(): ?string
|
|
|
|
|
{
|
|
|
|
|
return $_SESSION['full_name'] ?? null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Require authentication (redirect to login if not authenticated)
|
|
|
|
|
*/
|
|
|
|
|
public static function require(): void
|
|
|
|
|
{
|
|
|
|
|
// Get current path
|
|
|
|
|
$currentPath = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH);
|
|
|
|
|
|
Upgraded to 1.1.0
1.1.0 (2025-10-09)
- **User Notifications System** - In-app notification center with 7 notification types, filtering, pagination
- **Advanced Session Management** - Database-backed sessions with geolocation (country, city, ISP)
- **Remote Session Control** - Terminate any device instantly with immediate logout validation
- **Enhanced Profile Page** - Sidebar navigation with 4 tabs, hash-based routing (#profile, #security, #sessions)
- **MVC Architecture Refactoring** - 3 new Helpers (Layout, Domain, Session), ~265 lines cleaned from views
- **Geolocation Tracking** - IP-based location detection using ip-api.com, country flags with flag-icons
- **Device Detection** - Browser & device type parsing (Chrome/Firefox/Safari, Desktop/Mobile/Tablet)
- **Auto-Detected Cron Paths** - Settings show actual installation paths (thanks @jadeops)
- **Welcome Notifications** - Sent to new users on registration or fresh install
- **Upgrade Notifications** - Admins notified on system updates with version & migration count
- **Web-Based Installer** - Replaces CLI, auto-generates encryption key, one-time password display
- **Web-Based Updater** - `/install/update` for running new migrations with smart detection
- **User Registration** - Full signup flow with email verification, password reset, resend verification
- **User Management** - CRUD for users with filtering, sorting, pagination (admin-only)
- **Remember Me** - 30-day secure tokens linked to sessions, cascade deletion on logout
- **Session Validator** - Middleware validates sessions on every request for instant remote logout
- **Consistent UI/UX** - Unified filtering, sorting, pagination across Domains, Users, Notifications, TLD Registry
- **Smart Migrations** - Consolidated schema for fresh installs, incremental for upgrades
- **XSS Protection** - htmlspecialchars() applied across all user-facing data (thanks @jadeops)
2025-10-09 18:02:46 +03:00
|
|
|
// Public paths that don't require authentication
|
|
|
|
|
$publicPaths = [
|
|
|
|
|
'/login',
|
|
|
|
|
'/logout',
|
|
|
|
|
'/register',
|
|
|
|
|
'/forgot-password',
|
|
|
|
|
'/reset-password',
|
|
|
|
|
'/verify-email',
|
|
|
|
|
'/resend-verification',
|
Add two-factor authentication (2FA) support
Introduces two-factor authentication (2FA) with TOTP, backup codes, and email codes. Adds controllers, services, views, and migration for 2FA setup, verification, and management. Updates user and settings models, email helper, and relevant controllers to support 2FA policy enforcement, configuration, and user flows. Enhances security by allowing admins to require or disable 2FA, and provides backup code generation and management for account recovery.
2025-10-16 17:25:06 +03:00
|
|
|
'/install',
|
|
|
|
|
'/2fa/verify',
|
|
|
|
|
'/2fa/send-email-code'
|
Upgraded to 1.1.0
1.1.0 (2025-10-09)
- **User Notifications System** - In-app notification center with 7 notification types, filtering, pagination
- **Advanced Session Management** - Database-backed sessions with geolocation (country, city, ISP)
- **Remote Session Control** - Terminate any device instantly with immediate logout validation
- **Enhanced Profile Page** - Sidebar navigation with 4 tabs, hash-based routing (#profile, #security, #sessions)
- **MVC Architecture Refactoring** - 3 new Helpers (Layout, Domain, Session), ~265 lines cleaned from views
- **Geolocation Tracking** - IP-based location detection using ip-api.com, country flags with flag-icons
- **Device Detection** - Browser & device type parsing (Chrome/Firefox/Safari, Desktop/Mobile/Tablet)
- **Auto-Detected Cron Paths** - Settings show actual installation paths (thanks @jadeops)
- **Welcome Notifications** - Sent to new users on registration or fresh install
- **Upgrade Notifications** - Admins notified on system updates with version & migration count
- **Web-Based Installer** - Replaces CLI, auto-generates encryption key, one-time password display
- **Web-Based Updater** - `/install/update` for running new migrations with smart detection
- **User Registration** - Full signup flow with email verification, password reset, resend verification
- **User Management** - CRUD for users with filtering, sorting, pagination (admin-only)
- **Remember Me** - 30-day secure tokens linked to sessions, cascade deletion on logout
- **Session Validator** - Middleware validates sessions on every request for instant remote logout
- **Consistent UI/UX** - Unified filtering, sorting, pagination across Domains, Users, Notifications, TLD Registry
- **Smart Migrations** - Consolidated schema for fresh installs, incremental for upgrades
- **XSS Protection** - htmlspecialchars() applied across all user-facing data (thanks @jadeops)
2025-10-09 18:02:46 +03:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
// Don't redirect if on a public path
|
|
|
|
|
foreach ($publicPaths as $path) {
|
|
|
|
|
if (strpos($currentPath, $path) === 0) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2025-10-08 14:23:07 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!self::check()) {
|
Add two-factor authentication (2FA) support
Introduces two-factor authentication (2FA) with TOTP, backup codes, and email codes. Adds controllers, services, views, and migration for 2FA setup, verification, and management. Updates user and settings models, email helper, and relevant controllers to support 2FA policy enforcement, configuration, and user flows. Enhances security by allowing admins to require or disable 2FA, and provides backup code generation and management for account recovery.
2025-10-16 17:25:06 +03:00
|
|
|
if (isset($_SESSION['user_id']) && self::requiresTwoFactor()) {
|
|
|
|
|
$_SESSION['error'] = 'Please complete two-factor authentication';
|
|
|
|
|
header('Location: /2fa/verify');
|
|
|
|
|
} else {
|
|
|
|
|
$_SESSION['error'] = 'Please login to continue';
|
|
|
|
|
header('Location: /login');
|
|
|
|
|
}
|
2025-10-08 14:23:07 +03:00
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
2025-10-10 14:01:19 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Require admin role (redirect with error if not admin)
|
|
|
|
|
*/
|
|
|
|
|
public static function requireAdmin(): void
|
|
|
|
|
{
|
|
|
|
|
// First ensure user is authenticated
|
|
|
|
|
self::require();
|
|
|
|
|
|
|
|
|
|
// Then check for admin role
|
|
|
|
|
if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') {
|
|
|
|
|
$_SESSION['error'] = 'Access denied. Admin privileges required.';
|
|
|
|
|
header('Location: /');
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if current user is admin
|
|
|
|
|
*/
|
|
|
|
|
public static function isAdmin(): bool
|
|
|
|
|
{
|
|
|
|
|
return isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get current user's role
|
|
|
|
|
*/
|
|
|
|
|
public static function role(): ?string
|
|
|
|
|
{
|
|
|
|
|
return $_SESSION['role'] ?? null;
|
|
|
|
|
}
|
Add two-factor authentication (2FA) support
Introduces two-factor authentication (2FA) with TOTP, backup codes, and email codes. Adds controllers, services, views, and migration for 2FA setup, verification, and management. Updates user and settings models, email helper, and relevant controllers to support 2FA policy enforcement, configuration, and user flows. Enhances security by allowing admins to require or disable 2FA, and provides backup code generation and management for account recovery.
2025-10-16 17:25:06 +03:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if 2FA verification is required
|
|
|
|
|
*/
|
|
|
|
|
public static function requiresTwoFactor(): bool
|
|
|
|
|
{
|
|
|
|
|
return isset($_SESSION['2fa_required']) && $_SESSION['2fa_required'];
|
|
|
|
|
}
|
2025-10-08 14:23:07 +03:00
|
|
|
}
|
|
|
|
|
|