setcookie($cookiepic, false, time() - 3600 * 24 * 365, '/'); // do JS cookie wipe too $deferredJS .= "\n\$.removeCookie('{$cookieuser}',{path:'/'});"; $deferredJS .= "\n\$.removeCookie('{$cookieperson}',{path:'/'});"; $deferredJS .= "\n\$.removeCookie('{$cookieauth}',{path:'/'});"; $deferredJS .= "\n\$.removeCookie('{$cookiekey}',{path:'/'});"; $deferredJS .= "\n\$.removeCookie('{$cookiepic}',{path:'/'});"; $deferredJS .= "\nresetLoginState();"; $deferredScriptBlock = "<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js'></script>\n<script type='text/javascript' src='" . $relative_path . "js/loadJQuery.js'></script>\n<script type='text/javascript'>\nvar loadLast = function () {\n try {\n {$deferredJS}\n }\n catch (e)\n {\n console.error(\"Couldn't load deferred calls\");\n }\n}\n</script>"; header("Refresh: 2; url=" . $baseurl); ob_end_flush(); $login_output .= "<h1>Logging out ...</h1>" . $deferredScriptBlock; } try { $logged_in = $user->validateUser($_COOKIE[$cookielink]); if (!$user->has2FA() && $require_two_factor === true && !isset($_REQUEST['2fa']) && $logged_in && $_REQUEST['q'] != 'logout') { # If require two factor is on, always force it post login header("Refresh: 0; url=" . $self_url . "?2fa=t"); $deferredJS .= "\nwindow.location.href=\"" . $self_url . "?2fa=t\";"; ob_end_flush(); } # This should only show when there isn't two factor enabled ... $twofactor = $user->has2FA() ? "Remove two-factor authentication" : "Add two-factor authentication"; $phone_verify_template = "<form id='verify_phone' onsubmit='event.preventDefault();'>\n <input type='tel' id='phone' name='phone' value='" . $user->getPhone() . "' readonly='readonly'/>\n <input type='hidden' id='username' name='username' value='" . $user->getUsername() . "'/>\n <button id='verify_phone_button' class='btn btn-primary'>Verify Phone Now</button>\n <p>\n <small>\n <a href='#' id='verify_later'>\n Verify Later\n </a>\n </small>\n </p>\n</form>"; try { $needPhone = !$user->canSMS(); $deferredJS .= "console.log('Needs phone? '," . strbool($needPhone) . "," . DBHelper::staticSanitize($user->getPhone()) . ");\n"; $altPhone = "<p>Congratulations! Your phone number is verified.</p>"; } catch (Exception $e) { $needPhone = false; $deferredJS .= "console.warn('An exception was thrown checking for SMS-ability:','" . $e->getMessage() . "');\n";
function sendTOTPText($get) { $user = $get['user']; # We don't need to verify the user here $u = new UserFunctions($user); # Ensure the user has SMS-ability and 2FA try { # Return status if (!$u->has2FA()) { return array('status' => false, 'human_error' => 'Two-Factor authentication is not enabled for this account', 'error' => 'Two-Factor authentication is not enabled for this account', 'username' => $user); } if (!$u->canSMS()) { return array('status' => false, 'human_error' => "Your phone setup isn't complete", 'error' => 'User failed SMS check', 'username' => $user); } $result = $u->sendTOTPText(); return array('status' => $result, 'message' => 'Message sent'); } catch (Exception $e) { return array('status' => false, 'human_error' => 'There was a problem sending your text.', 'error' => $e->getMessage()); } }