setcookie($cookiepic, false, time() - 3600 * 24 * 365, '/');
// do JS cookie wipe too
$deferredJS .= "\n\$.removeCookie('{$cookieuser}',{path:'/'});";
$deferredJS .= "\n\$.removeCookie('{$cookieperson}',{path:'/'});";
$deferredJS .= "\n\$.removeCookie('{$cookieauth}',{path:'/'});";
$deferredJS .= "\n\$.removeCookie('{$cookiekey}',{path:'/'});";
$deferredJS .= "\n\$.removeCookie('{$cookiepic}',{path:'/'});";
$deferredJS .= "\nresetLoginState();";
$deferredScriptBlock = "<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js'></script>\n<script type='text/javascript' src='" . $relative_path . "js/loadJQuery.js'></script>\n<script type='text/javascript'>\nvar loadLast = function () {\n try {\n {$deferredJS}\n }\n catch (e)\n {\n console.error(\"Couldn't load deferred calls\");\n }\n}\n</script>";
header("Refresh: 2; url=" . $baseurl);
ob_end_flush();
$login_output .= "<h1>Logging out ...</h1>" . $deferredScriptBlock;
}
try {
$logged_in = $user->validateUser($_COOKIE[$cookielink]);
if (!$user->has2FA() && $require_two_factor === true && !isset($_REQUEST['2fa']) && $logged_in && $_REQUEST['q'] != 'logout') {
# If require two factor is on, always force it post login
header("Refresh: 0; url=" . $self_url . "?2fa=t");
$deferredJS .= "\nwindow.location.href=\"" . $self_url . "?2fa=t\";";
ob_end_flush();
}
# This should only show when there isn't two factor enabled ...
$twofactor = $user->has2FA() ? "Remove two-factor authentication" : "Add two-factor authentication";
$phone_verify_template = "<form id='verify_phone' onsubmit='event.preventDefault();'>\n <input type='tel' id='phone' name='phone' value='" . $user->getPhone() . "' readonly='readonly'/>\n <input type='hidden' id='username' name='username' value='" . $user->getUsername() . "'/>\n <button id='verify_phone_button' class='btn btn-primary'>Verify Phone Now</button>\n <p>\n <small>\n <a href='#' id='verify_later'>\n Verify Later\n </a>\n </small>\n </p>\n</form>";
try {
$needPhone = !$user->canSMS();
$deferredJS .= "console.log('Needs phone? '," . strbool($needPhone) . "," . DBHelper::staticSanitize($user->getPhone()) . ");\n";
$altPhone = "<p>Congratulations! Your phone number is verified.</p>";
} catch (Exception $e) {
$needPhone = false;
$deferredJS .= "console.warn('An exception was thrown checking for SMS-ability:','" . $e->getMessage() . "');\n";
function sendTOTPText($get)
{
$user = $get['user'];
# We don't need to verify the user here
$u = new UserFunctions($user);
# Ensure the user has SMS-ability and 2FA
try {
# Return status
if (!$u->has2FA()) {
return array('status' => false, 'human_error' => 'Two-Factor authentication is not enabled for this account', 'error' => 'Two-Factor authentication is not enabled for this account', 'username' => $user);
}
if (!$u->canSMS()) {
return array('status' => false, 'human_error' => "Your phone setup isn't complete", 'error' => 'User failed SMS check', 'username' => $user);
}
$result = $u->sendTOTPText();
return array('status' => $result, 'message' => 'Message sent');
} catch (Exception $e) {
return array('status' => false, 'human_error' => 'There was a problem sending your text.', 'error' => $e->getMessage());
}
}
