/** * @param \phpbb\event\data $event * * @return \phpbb\event\data $event|null * @throw http_exception */ public function auth_login_session_create_before($event) { if ($this->config['tfa_mode'] == session_helper_interface::MODE_DISABLED) { return $event; } if (isset($event['login'], $event['login']['status']) && $event['login']['status'] == LOGIN_SUCCESS) { // We have a LOGIN_SUCCESS result. if ($this->session_helper->isTfaRequired($event['login']['user_row']['user_id'], $event['admin'], $event['user_row'])) { if (!$this->session_helper->isTfaRegistered($event['login']['user_row']['user_id'])) { // While 2FA is enabled, the user has no methods added. // We simply return and continue the login procedure (The normal way :)), // and will disable all pages until he has added a 2FA key. return $event; } else { $this->session_helper->generate_page($event['login']['user_row']['user_id'], $event['admin'], $event['view_online'], !$this->request->is_set_post('viewonline'), $this->request->variable('redirect', '')); } } } return null; }