Mowie/Mowie
1
0
Fork 0
mirror of https://github.com/Mowie/Mowie synced 2024-06-09 20:29:39 +00:00
Code Issues Releases Wiki Activity

Moved 2FA to new Library

Browse Source
This commit is contained in:
kolaente 2017-10-04 21:12:57 +02:00
parent d3bff8730e
commit f5291de8c2
3 changed files with 200 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
admin/login.php
View File

@ -43,13 +43,12 @@ if(isset($_POST['username']))
exit;
} else
{
require_once '../inc/libs/2fa.php';
$authenticator = new php2FA();
$auth = new \PragmaRX\Google2FA\Google2FA();
if ($authenticator->verifyCode($db->data[0]['secret'], $_POST['2fa'], 3))
if($auth->verify($_POST['2fa'], $db->data[0]['secret']))
{
echo 'success';
stream_message('{user} has logged in.', 4);
stream_message('{user} has logged in.', 4, null, null, $db->data[0]['id']);
} else
{
echo '2fafail';

23
admin/user_settings.php
View File

@ -131,8 +131,12 @@ if (hasPerm('manage_admins') || $uid == $_SESSION['userid'])
elseif (isset($_GET['2fa']))
{
echo '<div class="main">';
require_once '../inc/libs/2fa.php';
$authenticator = new php2FA();
$auth = new \PragmaRX\Google2FA\Google2FA();
$db->clear();
$db->setCol('system_admins');
$db->data['id'] = $_SESSION['userid'];
@ -171,7 +175,7 @@ if (hasPerm('manage_admins') || $uid == $_SESSION['userid'])
echo '<h2>' . $lang->get('user_settings_2fa_activate') . '</h2>';
if (isset($_POST['smbt']))
{
if ($authenticator->verifyCode($_POST['secret'], $_POST['2fatest'], 3))
if ($auth->verify($_POST['2fatest'], $_POST['secret']))
{
$db->clear();
$db->setCol('system_admins');
@ -187,15 +191,23 @@ if (hasPerm('manage_admins') || $uid == $_SESSION['userid'])
{
echo msg('fail', $lang->get('user_settings_2fa_activate_wrong_code') . ' {back}');
}
} else
}
else
{
echo '<p>' . $lang->get('user_settings_2fa_activate_import_code') . '</p>';
$secret = $authenticator->createSecret();
$secret = $auth->generateSecretKey();
echo '<p><b>' . $lang->get('user_settings_2fa_key') . ':</b> ' . $secret . '<br/><br/>';
$website = $MCONF['title'] . ' - Admin';
$title = $_SESSION['user'];
$qrCodeUrl = $authenticator->getSecretUrl($title, $secret, $website);
echo '<img src="https://api.qrserver.com/v1/create-qr-code/?size=200x200&format=svg&data=' . $qrCodeUrl . '" alt=""/></p>';
$qrcode = $auth->getQRCodeInline(
$MCONF['title'],
$_SESSION['user'],
$secret,
250
);
echo '<img src="' . $qrcode . '" alt=""/></p>';
?>
<p><?php echo $lang->get('user_settings_2fa_confirm_code'); ?>:</p>
<form action="<?php echo $_SERVER['REQUEST_URI'] ?>" method="post">
@ -297,8 +309,7 @@ if (hasPerm('manage_admins') || $uid == $_SESSION['userid'])
if (isset($db->data[0]['name']))
{
echo $db->data[0]['name'];
}
else
} else
{
echo '<i>' . sprintf($lang->get('user_settings_none'), $MCONF['web_uri'] . 'admin/roles.php') . '</i>';
} ?></p>

2
inc/libs/functions.php
View File

@ -764,7 +764,7 @@ function remote_file_exists($url)
function stream_message($msg, $lvl, $extra = '', $time = null, $user = null)
{
if (!isset($time)) $time = time();
if (!isset($user)) $user = $_SESSION['userid'];
if(isset($_SESSION['userid']) && !isset($user)) $user = $_SESSION['userid'];
global $db;
$db->setCol('system_stream');