ob_end_flush();
$login_output .= "<h1>Logging out ...</h1>" . $deferredScriptBlock;
}
try {
$logged_in = $user->validateUser($_COOKIE[$cookielink]);
if (!$user->has2FA() && $require_two_factor === true && !isset($_REQUEST['2fa']) && $logged_in && $_REQUEST['q'] != 'logout') {
# If require two factor is on, always force it post login
header("Refresh: 0; url=" . $self_url . "?2fa=t");
$deferredJS .= "\nwindow.location.href=\"" . $self_url . "?2fa=t\";";
ob_end_flush();
}
# This should only show when there isn't two factor enabled ...
$twofactor = $user->has2FA() ? "Remove two-factor authentication" : "Add two-factor authentication";
$phone_verify_template = "<form id='verify_phone' onsubmit='event.preventDefault();'>\n <input type='tel' id='phone' name='phone' value='" . $user->getPhone() . "' readonly='readonly'/>\n <input type='hidden' id='username' name='username' value='" . $user->getUsername() . "'/>\n <button id='verify_phone_button' class='btn btn-primary'>Verify Phone Now</button>\n <p>\n <small>\n <a href='#' id='verify_later'>\n Verify Later\n </a>\n </small>\n </p>\n</form>";
try {
$needPhone = !$user->canSMS();
$deferredJS .= "console.log('Needs phone? '," . strbool($needPhone) . "," . DBHelper::staticSanitize($user->getPhone()) . ");\n";
$altPhone = "<p>Congratulations! Your phone number is verified.</p>";
} catch (Exception $e) {
$needPhone = false;
$deferredJS .= "console.warn('An exception was thrown checking for SMS-ability:','" . $e->getMessage() . "');\n";
$altPhone = "<p>You don't have a phone number registered with us. Please go to account settings and add a phone number.</p>";
}
$verifyphone_link = $needPhone ? "<li><a href='?q=verify'>Verify Phone</a></li>" : null;
$phone_verify_form = $needPhone ? $phone_verify_template : $altPhone;
} catch (Exception $e) {
# There have been no cookies set.
$logged_in = false;
$twofactor = "Please log in.";
}
$login_output = "";
function sendTOTPText($get)
{
$user = $get['user'];
# We don't need to verify the user here
$u = new UserFunctions($user);
# Ensure the user has SMS-ability and 2FA
try {
# Return status
if (!$u->has2FA()) {
return array('status' => false, 'human_error' => 'Two-Factor authentication is not enabled for this account', 'error' => 'Two-Factor authentication is not enabled for this account', 'username' => $user);
}
if (!$u->canSMS()) {
return array('status' => false, 'human_error' => "Your phone setup isn't complete", 'error' => 'User failed SMS check', 'username' => $user);
}
$result = $u->sendTOTPText();
return array('status' => $result, 'message' => 'Message sent');
} catch (Exception $e) {
return array('status' => false, 'human_error' => 'There was a problem sending your text.', 'error' => $e->getMessage());
}
}
