header('Access-Control-Max-Age: 60'); //header('Access-Control-Allow-Headers: *'); header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept'); die(''); } define("ADMIN_SECTION", false); require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php"; if ($_POST['action'] != 'register' && $_POST['action'] != 'unregister' || $_POST['secret'] == "") { CHTTP::SetStatus("403 Forbidden"); die; } if ($USER->Login($_POST['login'], $_POST['password']) !== true) { if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) { $CAPTCHA_CODE = $APPLICATION->CaptchaGetCode(); echo "{'captchaCode': '" . $CAPTCHA_CODE . "'};"; } CHTTP::SetStatus("401 Unauthorized"); die; } if (!CModule::IncludeModule("security")) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } if ($_POST['action'] != 'register') { $_POST['secret'] = ""; } if (!CSecurityUser::update(array("USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y"))) { //print_r($APPLICATION->GetException()); } $USER->Logout();
<?php $securityWarningTmp = ""; if (CModule::IncludeModule("security") && check_bitrix_sessid() && $USER->CanDoOperation('security_edit_user_otp')) { $arSecurityFields = array("USER_ID" => $ID, "ACTIVE" => $security_ACTIVE, "SECRET" => $security_SECRET, "SYNC1" => $security_SYNC1, "SYNC2" => $security_SYNC2); $security_res = CSecurityUser::update($arSecurityFields); }
die; } if ($USER->Login($_POST['login'], $_POST['password']) !== true) { if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) { $CAPTCHA_CODE = $APPLICATION->CaptchaGetCode(); echo "{'captchaCode': '" . $CAPTCHA_CODE . "'};"; } CHTTP::SetStatus("401 Unauthorized"); die; } if (!CModule::IncludeModule("security")) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } if (!\Bitrix\Security\Mfa\Otp::isOtpEnabled()) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } if ($_POST['action'] != 'register') { $_POST['secret'] = ""; } $isUpdated = CSecurityUser::update(array("USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y", "TYPE" => \Bitrix\Security\Mfa\Otp::TYPE_HOTP)); if (!$isUpdated) { //print_r($APPLICATION->GetException()); CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die; } $USER->Logout();