/** * Authentication logic * @return void */ function twofactor_auth() { global $auth_message, $twofactorform, $config; $twofactor = dbFetchRow('SELECT twofactor FROM users WHERE username = ?', array($_SESSION['username'])); if (empty($twofactor['twofactor'])) { $_SESSION['twofactor'] = true; } else { $twofactor = json_decode($twofactor['twofactor'], true); if ($twofactor['fails'] >= 3 && (!$config['twofactor_lock'] || time() - $twofactor['last'] < $config['twofactor_lock'])) { $auth_message = "Too many failures, please " . ($config['twofactor_lock'] ? "wait " . $config['twofactor_lock'] . " seconds" : "contact administrator") . "."; } else { if (!$_POST['twofactor']) { $twofactorform = true; } else { if (($server_c = verify_hotp($twofactor['key'], $_POST['twofactor'], $twofactor['counter'])) === false) { $twofactor['fails']++; $twofactor['last'] = time(); $auth_message = "Wrong Two-Factor Token."; } else { if ($twofactor['counter'] !== false) { if ($server_c !== true && $server_c !== $twofactor['counter']) { $twofactor['counter'] = $server_c + 1; } else { $twofactor['counter']++; } } $twofactor['fails'] = 0; $_SESSION['twofactor'] = true; } dbUpdate(array('twofactor' => json_encode($twofactor)), 'users', 'username = ?', array($_SESSION['username'])); } } } }
if ($config['twofactor'] === true) { if ($_POST['twofactorremove'] == 1) { include_once $config['install_dir'] . '/html/includes/authentication/twofactor.lib.php'; if (!isset($_POST['twofactor'])) { echo '<div class="well"><form class="form-horizontal" role="form" action="" method="post" name="twofactorform">'; echo '<input type="hidden" name="twofactorremove" value="1" />'; echo twofactor_form(false); echo '</form></div>'; } else { $twofactor = dbFetchRow('SELECT twofactor FROM users WHERE username = ?', array($_SESSION['username'])); if (empty($twofactor['twofactor'])) { echo '<div class="alert alert-danger">Error: How did you even get here?!</div><script>window.location = "/preferences/";</script>'; } else { $twofactor = json_decode($twofactor['twofactor'], true); } if (verify_hotp($twofactor['key'], $_POST['twofactor'], $twofactor['counter'])) { if (!dbUpdate(array('twofactor' => ''), 'users', 'username = ?', array($_SESSION['username']))) { echo '<div class="alert alert-danger">Error while disabling TwoFactor.</div>'; } else { echo '<div class="alert alert-success">TwoFactor Disabled.</div>'; } } else { session_destroy(); echo '<div class="alert alert-danger">Error: Supplied TwoFactor Token is wrong, you\'ve been logged out.</div><script>window.location = "/";</script>'; } } //end if } else { $twofactor = dbFetchRow('SELECT twofactor FROM users WHERE username = ?', array($_SESSION['username'])); echo '<script src="/js/jquery.qrcode.min.js"></script>'; echo '<div class="well"><h3>Two-Factor Authentication</h3>';