New release 5.9.5.7

FIX: Weekly anonymized stats date was not always updated
FIX: Adding -tokenslist command in CLI mode (mas missing)
FIX: Remove a debug line displaying sometimes "COMMDN:$command\n";
FIX: Some minor PHP notice corrections
ENH: Adding on-premises smsgateway (https://github.com/multiOTP/SMSGateway) as a new SMS provider
ENH: Better warning messages when CheckUserLdapPassword failed
ENH: Embedded documentation enhanced
ENH: Template updated to display correct information for WITHOUT2FA tokens

Dockerfile

@@ -15,8 +15,8 @@
 # Please check https://www\.multiOTP.net/ and you will find the magic button ;-)
 #
 # @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
-# @version   5.9.5.5
-# @date      2023-01-19
+# @version   5.9.5.7
+# @date      2023-05-04
 # @since     2013-11-29
 # @copyright (c) 2013-2023 SysCo systemes de communication sa
 # @copyright GNU Lesser General Public License
@@ -46,7 +46,7 @@ MAINTAINER Andre Liechti <andre.liechti@multiotp.net>
 LABEL Description="multiOTP open source, running on Debian ${DEBIAN} with PHP${PHPVERSION}." \
       License="LGPL-3.0" \
       Usage="docker run -v [PATH/TO/MULTIOTP/DATA/VOLUME]:/etc/multiotp -v [PATH/TO/FREERADIUS/CONFIG/VOLUME]:/etc/freeradius -v [PATH/TO/MULTIOTP/LOG/VOLUME]:/var/log/multiotp -v [PATH/TO/FREERADIUS/LOG/VOLUME]:/var/log/freeradius -p [HOST WWW PORT NUMBER]:80 -p [HOST SSL PORT NUMBER]:443 -p [HOST RADIUS-AUTH PORT NUMBER]:1812/udp -p [HOST RADIUS-ACCNT PORT NUMBER]:1813/udp -d multiotp-open-source" \
-      Version="5.9.5.5"
+      Version="5.9.5.7"
 
 ARG DEBIAN_FRONTEND=noninteractive
 

README.md

@@ -6,7 +6,7 @@ multiOTP open source is OATH certified for HOTP/TOTP
 (c) 2010-2023 SysCo systemes de communication sa  
 https://www.multiotp.net/
 
-Current build: 5.9.5.5 (2023-01-19)
+Current build: 5.9.5.7 (2023-05-04)
 
 Binary download: https://download.multiotp.net/ (including virtual appliance image)
 
@@ -153,6 +153,15 @@ WHAT'S NEW IN THIS 5.9.x RELEASE
 
 CHANGE LOG OF RELEASED VERSIONS
 ===============================
+```
+2023-05-04 5.9.5.7 FIX: Weekly anonymized stats date was not always updated
+                   FIX: Adding -tokenslist command in CLI mode (mas missing)
+                   FIX: Remove a debug line displaying sometimes "COMMDN:$command\n";
+                   FIX: Some minor PHP notice corrections
+                   ENH: Adding on-premises smsgateway (https://github.com/multiOTP/SMSGateway) as a new SMS provider
+                   ENH: Better warning messages when CheckUserLdapPassword failed
+                   ENH: Embedded documentation enhanced
+                   ENH: Template updated to display correct information for WITHOUT2FA tokens
 2023-01-19 5.9.5.5 ENH: LDAP filter can be customized using SetLdapFilter() method
                         ({cn_identifier}, {username}, and {groups_filtering} placeholders are supported)
                    ENH: Full PHP 8.x support (tested with 8.2.1 and 8.1.14),
@@ -580,6 +589,7 @@ CONTENT OF THE PACKAGE
 - the MSI installer of multiOTP Credential Provider for Windows 7/8/8.1/10/2012(R2)/2016
   must be downloaded separately on https://download.multiotp.net/credential-provider/
 
+```
 In the linux folder:
 - multiotp.php             : command line tool (merge of the header and the class, external files also included)
 - multiotp.class.php       : the main file, it is the class itself, external files are already included
@@ -589,16 +599,17 @@ In the linux folder:
 - test-tokens.csv          : provisioning file of test tokens
 + oath subfolder           : contains provisioning files for oath test tokens
 + templates folder         : all templates files needed to generate the provisioning pages from the web GUI
-```
+
 *******************************************************************************
 ***  FOR THESE PHP FILES, THE BACKEND IS FILE BASED AND THE CONFIG AND      ***
 ***  BACKEND FOLDERS ARE RELATIVE AND JUST BELOW THE MAIN MULTIOTP FOLDER   ***
 *******************************************************************************
 ```
 
+```
 In the raspberry folder:
 - all necessary files to be able to create your own strong authentication device using a Raspberry Pi
-```
+
 *******************************************************************************
 ***  FOR THESE PHP FILES, THE BACKEND IS SET BY DEFAULT AS FILE BASED AND   ***
 ***  THE CONFIG AND BACKEND FOLDERS DEFINED TO BE LOCATED IN /etc/multiotp/ ***
@@ -611,19 +622,21 @@ In the raspberry folder:
 *******************************************************************************
 ```
 
+```
 In the sources folder:
 - multiotp.class.php       : the main file, it is the class itself, which requires external files
 - multiotp.cli.header.php  : header file to be merged with the class for a single file command line tool
 - multiotp.server.php      : the web service file, which requires the class as external file
 - check.multiotp.class.php : PHP script to validate some multiOTP functionalities
 + contrib subfolder        : contains all external files required by the multiotp.class.php file
-```
+
 *******************************************************************************
 ***  FOR THESE PHP FILES, THE BACKEND IS FILE BASED AND THE CONFIG AND      ***
 ***  BACKEND FOLDERS ARE RELATIVE AND JUST BELOW THE MAIN MULTIOTP FOLDER   ***
 *******************************************************************************
 ```
 
+```
 In the windows folder:
 - multiotp.exe             : command line tool for Windows (digitally signed) with embedded PHP 7.x
 - multiotp.class.php       : the main file, it is the class itself, external files are already included
@@ -647,7 +660,7 @@ In the windows folder:
 + webservice subfolder     : all necessary files to be able to install a Windows multiOTP web service
                              (using Nginx as the light web server on port 8112,
                               or as a secured SSL connection (https) on port 8113)
-```
+
 *******************************************************************************
 ***  FOR THESE PHP FILES, THE BACKEND IS FILE BASED AND THE CONFIG AND      ***
 ***  BACKEND FOLDERS ARE RELATIVE AND JUST BELOW THE MAIN MULTIOTP FOLDER   ***
@@ -973,16 +986,16 @@ now be displayed (like with the same option used with ntlm_auth).
 ```
 
 2) In the configuration file called "default" in etc/raddb/sites-enabled/  
-    a) Add the multiOTP handling  
 ```
+    a) Add the multiOTP handling  
     #  
     # Handle multiOTP (https://www.multiotp.net/) authentication.  
     # This must be added BEFORE the first "pap" entry found in the file.  
     multiotp  
 ```
 
-    b) Add the multiOTP authentication handling  
 ```
+    b) Add the multiOTP authentication handling  
     #  
     # Handle multiOTP (https://www.multiotp.net/) authentication.  
     # This must be added BEFORE the first "Auth-Type PAP" entry found in the file.  
@@ -991,28 +1004,28 @@ now be displayed (like with the same option used with ntlm_auth).
     }  
 ```
 
-    c) Comment the first line containing only "chap"  
 ```
+    c) Comment the first line containing only "chap"  
     #chap is now handled by multiOTP  
 ```
 
-    d) Comment the first line containing only "mschap"  
 ```
+    d) Comment the first line containing only "mschap"  
     #mschap is now handled by multiOTP  
 ```
 
 3) In the configuration file called "inner-tunnel" in etc/raddb/sites-enabled/  
 
-    a) Add the multiOTP handling  
 ```
+    a) Add the multiOTP handling  
     #  
     # Handle multiOTP (https://www.multiotp.net/) authentication.  
     # This must be added BEFORE the first "pap" entry found in the file.  
     multiotp  
 ```
 
-    b) Add the multiOTP authentication handling  
 ```
+    b) Add the multiOTP authentication handling  
     #  
     # Handle multiOTP (https://www.multiotp.net/) authentication.  
     # This must be added BEFORE the first "Auth-Type PAP" entry found in the file.  
@@ -1021,13 +1034,13 @@ now be displayed (like with the same option used with ntlm_auth).
     }  
 ```
 
-    c) Comment the first line containing only "chap"  
 ```
+    c) Comment the first line containing only "chap"  
     #chap is now handled by multiOTP  
 ```
 
-    d) Comment the first line containing only "mschap"  
 ```
+    d) Comment the first line containing only "mschap"  
     #mschap is now handled by multiOTP  
 ```
 
@@ -1072,10 +1085,10 @@ now be displayed (like with the same option used with ntlm_auth).
 
 Some values can go back to FreeRADIUS:
 
-a) Set the right format options for FreeRADIUS:  
+ * Set the right format options for FreeRADIUS:  
    multiotp -config radius-reply-attributor=" += " radius-reply-separator=","
 
-b) Set multiOTP to send back to FreeRADIUS the group of the authenticated user:  
+ * Set multiOTP to send back to FreeRADIUS the group of the authenticated user:  
    multiotp -config group-attribute="Filter-Id"  
 
 
@@ -1577,7 +1590,7 @@ MULTIOTP COMMAND LINE TOOL
 ==========================
 
 ``` 
-multiOTP 5.9.5.5 (2023-01-19)
+multiOTP 5.9.5.7 (2023-05-04)
 (c) 2010-2023 SysCo systemes de communication sa
 http://www.multiOTP.net   (you can try the [Donate] button ;-)
 
@@ -1698,8 +1711,8 @@ Usage:
  multiotp user [-chap-id=0x..] -chap-challenge=0x... -chap-password=0x...
    (the first byte of the chap-password value can contain the chap-id value)
 
- multiotp -fastcreate user [pin] (create a Google Auth compatible token)
- multiotp -fastcreatenopin user [pin] (create a user without a prefix PIN)
+ multiotp -fastcreate user [pin] (create a TOTP compatible token)
+ multiotp -fastcreatenopin user (create a user without a prefix PIN)
  multiotp -fastecreatewithpin user [pin] (create a user with a prefix PIN)
  multiotp -createga user base32_seed [pin] (create Google Auth user with TOTP)
  multiotp -create user algo seed pin digits [pos|interval]
@@ -1808,7 +1821,7 @@ Usage:
      radius-reply-separator: [,|:|;|cr|crlf] returned attributes separator
                              ('crlf' for TekRADIUS, ',' for FreeRADIUS)
           self-registration: [1|0] enable/disable self-registration of tokens
-         server-cache-level: [1|0] enable/allow cache from server to client
+         server-cache-level: [1|0] enable/disable cache from server to client
       server-cache-lifetime: lifetime in seconds of the cached information
               server-secret: shared secret used for client/server operation
              server-timeout: timeout value for the connection to the server
@@ -1871,7 +1884,7 @@ Custom SMS provider only
 
  multiotp -set user option1=value1 option2=value2 ... optionN=valueN
   options are  email: update the email of the user
-         cache-level: [1|0] enable/allow cache for this user on the client
+         cache-level: [1|0] enable/disable cache for this user on the client
       cache-lifetime: set/update lifetime in seconds of cached information
          description: set a description to the user, used for example during
                       the QRcode generation as the description of the account
@@ -1903,7 +1916,7 @@ Authentication parameters:
 
 Client/server inline parameters:
 
- -server-cache-level=[1|0] enable/allow cache from server to client
+ -server-cache-level=[1|0] enable/disable cache from server to client
  -server-secret=shared secret used for client/server operation
  -server-timeout=timeout value for the connection to the server
  -server-url=full url of the server(s) for client/server mode
@@ -2093,8 +2106,8 @@ Visit https://forum.multiotp.net/ for additional support
 ``` 
 
 ``` 
-Hash verification for multiotp_5.9.5.5.zip 
-SHA256:2c74456fabb492fd290d4cd78330da99ef30e3991ec75d5f7c5235f006774f1c 
-SHA1:93e198f68850c57a7c14e5a4a72f654722c929e4 
-MD5:992e16fedf5bd654e737918aeb9de6bc 
+Hash verification for multiotp_5.9.5.7.zip 
+SHA256:6a6c67577ca841121425ddb4af111f709c7ca635c79f41280ce0756ddaafeeb2 
+SHA1:0bfd98195d547f529228f675599d48fb6d21d417 
+MD5:0301cd0c94874db396dc03b1d10b90fc 
 ``` 

check.multiotp.class.php

@@ -22,8 +22,8 @@
  * PHP 5.4.0 or higher is supported.
  *
  * @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
- * @version   5.9.5.5
- * @date      2023-01-19
+ * @version   5.9.5.7
+ * @date      2023-05-04
  * @since     2013-07-10
  * @copyright (c) 2013-2023 SysCo systemes de communication sa
  * @copyright GNU Lesser General Public License
@@ -123,15 +123,15 @@
 $first_time = time();
 
 if ((!isset($GLOBALS['minima'])) && isset($_GET['minima'])) {
-    $GLOBALS['minima'] = $_GET['minima'];
+    $GLOBALS['minima'] = isset($_GET['minima']);
 }
 
 if ((!isset($GLOBALS['keeplog'])) && isset($_GET['keeplog'])) {
-    $GLOBALS['keeplog'] = $_GET['keeplog'];
+    $GLOBALS['keeplog'] = isset($_GET['keeplog']);
 }
 
 if ((!isset($GLOBALS['noresume'])) && isset($_GET['noresume'])) {
-    $GLOBALS['noresume'] = $_GET['noresume'];
+    $GLOBALS['noresume'] = isset($_GET['noresume']);
 }
 
 $test_mail = isset($GLOBALS['test_mail'])?$GLOBALS['test_mail']:'';

checkmultiotp.cmd

@@ -11,8 +11,8 @@ REM
 REM Windows batch file for Windows 2K/XP/2003/7/2008/8/2012/10/2019
 REM
 REM @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
-REM @version   5.9.5.5
-REM @date      2023-01-19
+REM @version   5.9.5.7
+REM @date      2023-05-04
 REM @since     2010-07-10
 REM @copyright (c) 2010-2023 SysCo systemes de communication sa
 REM @copyright GNU Lesser General Public License

contrib/MultiotpSms.php

@@ -20,6 +20,7 @@ class MultiotpSms
  *         nexmo: Nexmo (HTTPS), https://www.nexmo.com/
  *        nowsms: NowSMS.com (on-premises), https://www.nowsms.com/
  *      smseagle: SMSEagle (hardware gateway), https://www.smseagle.eu/
+ *    smsgateway: SMSGateway (open source on-premises), https://github.com/multiOTP/SMSGateway
  *      swisscom: Swisscom LA (REST-JSON), https://messagingproxy.swisscom.ch:4300/rest/1.0.0/
  *        telnyx: Telnyx, https://developers.telnyx.com/docs/api/v2/messaging
  *
@@ -70,15 +71,17 @@ class MultiotpSms
  *
  * Change Log
  *
+ *   2023-03-21 5.9.5.8 SysCo/al smsgateway provider added
+ *                               Specific URL can be specified in the constructor
  *   2022-12-26 5.9.5.3 SysCo/al Updated eCall API
  *                               Updated ASPSMS API
  *                               Enhanced payload handling
- *   2022-04-11 5.8.6.0 SysCo/al Adding telnyx provider
- *                               Adding specific header option
- *                               Adding international format request
- *   2021-08-26 5.8.3.0 SysCo/al Adding aspsms-ucs2 for special chars (limited to 70 caracters)
+ *   2022-04-11 5.8.6.0 SysCo/al telnyx provider added
+ *                               specific header option added
+ *                               international format request added
+ *   2021-08-26 5.8.3.0 SysCo/al aspsms-ucs2 for special chars (limited to 70 caracters) added
  *   2019-10-23 5.4.0.3 SysCo/al Define all parameters for preconfigured providers
- *   2018-11-02 5.4.0.3 SysCo/al Adding and testing preconfigured providers
+ *   2018-11-02 5.4.0.3 SysCo/al Preconfigured providers added and tested
  *   2018-10-09 5.4.0.2 SysCo/al First implementation
  */
 {
@@ -367,7 +370,9 @@ function setProvider($provider)
                 $this->header = "";
                 break;
             case 'nowsms':
-                $this->url = "http://%ip:%port/?PhoneNumber=%to&Text=%msg";
+                if (empty($this->url)) {
+                  $this->url = "http://%ip:%port/?PhoneNumber=%to&Text=%msg";
+                }
                 $this->send_template = "";
                 $this->method = "GET";
                 $this->encoding = "UTF";
@@ -380,7 +385,9 @@ function setProvider($provider)
                 $this->header = "";
                 break;
             case 'smseagle':
-                $this->url = "https://%ip:%port/index.php/http_api/send_sms?login=%user&pass=%pass&to=%to&message=%msg";
+                if (empty($this->url)) {
+                  $this->url = "https://%ip:%port/index.php/http_api/send_sms?login=%user&pass=%pass&to=%to&message=%msg";
+                }
                 $this->send_template = "";
                 $this->method = "GET";
                 $this->encoding = "UTF";
@@ -392,6 +399,21 @@ function setProvider($provider)
                 $this->content_encoding = "";
                 $this->header = "";
                 break;
+            case 'smsgateway':
+                if (empty($this->url)) {
+                  $this->url = "https://%ip:%port/smsgateway/index.php?id=%api_id&h=%pass&to=%to&message=%msg";
+                }
+                $this->send_template = "";
+                $this->method = "GET";
+                $this->encoding = "UTF";
+                $this->status_success = "20";
+                $this->content_success = "\"X-SMSGateway-State\" content=\"NEW\"";
+                $this->no_double_zero = FALSE;
+                $this->international_format = FALSE;
+                $this->basic_auth = FALSE;
+                $this->content_encoding = "";
+                $this->header = "";
+                break;
             case 'swisscom':
                 $this->url = "https://messagingproxy.swisscom.ch:4300/rest/1.0.0/submit_sm/%api_id";
                 $this->send_template = "{\n".
@@ -909,8 +931,8 @@ function sendSMS($msg = "")
             }
         }
         if (TRUE == $this->debug) {
-            echo "DEBUG result_status: " . ($result_status ? "TRUE" : "FALSE") . "<br />\n)";
-            echo "DEBUG result_content: " . ($result_content ? "TRUE" : "FALSE") . "<br />\n)";
+            echo "DEBUG result_status: " . (isset($result_status) ? ($result_status ? "TRUE" : "FALSE") : "") . "<br />\n)";
+            echo "DEBUG result_content: " . (isset($result_content) ? ($result_content ? "TRUE" : "FALSE") : "") . "<br />\n)";
         }
         return $result;
     }

contrib/MultiotpTools.php

@@ -87,6 +87,13 @@ function fnmatch($pattern, $string, $flags = 0) {
 }
 
 
+if (!function_exists('is64bitPHP')) {
+  function is64bitPHP() {
+    return strstr(php_uname("m"), '64') == '64';
+  }
+}
+
+
 /***********************************************************************
  * Name: ram_total_space
  * Short description: return total RAM in Bytes.

launcher/ReadMe.txt

@@ -15,8 +15,8 @@ The multiOTP C++ launcher is simply used to launch PHP
 and run multiotp.windows.php with the provided arguments.
 
 @author    Andre Liechti, SysCo systemes de communication sa, <info@multiotp.net>
-@version   5.9.5.5
-@date      2023-01-19
+@version   5.9.5.7
+@date      2023-05-04
 @since     2016-12-08
 @copyright (c) 2010-2023 SysCo systemes de communication sa
 @copyright GNU Lesser General Public License