<?php
if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) {
die;
}
if (!CModule::IncludeModule("security") || !\Bitrix\Security\Mfa\Otp::isOtpEnabled() || !$USER->IsAuthorized() || !CSecurityUser::IsOtpMandatory()) {
return;
}
foreach (GetModuleEvents("intranet", "OnIntranetPopupShow", true) as $arEvent) {
if (ExecuteModuleEventEx($arEvent) === false) {
return;
}
}
if (defined("BX_COMP_MANAGED_CACHE")) {
$ttl = 2592000;
} else {
$ttl = 600;
}
$cache_id = 'user_otp_' . intval($USER->GetID() / 100);
$cache_dir = '/otp/user_id';
$obCache = new CPHPCache();
if ($obCache->InitCache($ttl, $cache_id, $cache_dir)) {
$arUserOtp = $obCache->GetVars();
} else {
$arUserOtp = array("ACTIVE" => CSecurityUser::IsUserOtpActive($USER->GetID()));
if (defined("BX_COMP_MANAGED_CACHE")) {
global $CACHE_MANAGER;
$CACHE_MANAGER->StartTagCache($cache_dir);
$CACHE_MANAGER->RegisterTag("USER_OTP_" . intval($USER->GetID() / 100));
$CACHE_MANAGER->EndTagCache();
}
die;
}
if ($USER->Login($_POST['login'], $_POST['password']) !== true) {
if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) {
$CAPTCHA_CODE = $APPLICATION->CaptchaGetCode();
echo "{'captchaCode': '" . $CAPTCHA_CODE . "'};";
}
CHTTP::SetStatus("401 Unauthorized");
die;
}
if (!CModule::IncludeModule("security")) {
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
if (!\Bitrix\Security\Mfa\Otp::isOtpEnabled()) {
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
if ($_POST['action'] != 'register') {
$_POST['secret'] = "";
}
$isUpdated = CSecurityUser::update(array("USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y", "TYPE" => \Bitrix\Security\Mfa\Otp::TYPE_HOTP));
if (!$isUpdated) {
//print_r($APPLICATION->GetException());
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
$USER->Logout();