function check_2FAlogin($p)
{
$rcmail = rcmail::get_instance();
$config_2FA = self::__get2FAconfig();
if ($config_2FA['activate']) {
// with IP allowed, we don't need to check anything
if ($rcmail->config->get('whitelist')) {
foreach ($rcmail->config->get('whitelist') as $ip_to_check) {
if (CIDR::match($_SERVER['REMOTE_ADDR'], $ip_to_check)) {
if ($rcmail->task === 'login') {
$this->__goingRoundcubeTask('mail');
}
return $p;
}
}
}
$code = rcube_utils::get_input_value('_code_2FA', RCUBE_INPUT_POST);
$remember = rcube_utils::get_input_value('_remember_2FA', RCUBE_INPUT_POST);
if ($code) {
if (self::__checkCode($code) || self::__isRecoveryCode($code)) {
if (self::__isRecoveryCode($code)) {
self::__consumeRecoveryCode($code);
}
if (rcube_utils::get_input_value('_remember_2FA', RCUBE_INPUT_POST) === 'yes') {
$this->__cookie($set = true);
}
$this->__goingRoundcubeTask('mail');
} else {
if ($this->_enable_logs) {
$this->__logError();
}
$this->__exitSession();
}
} elseif ($rcmail->task !== 'login' && !$_SESSION['twofactor_gauthenticator_2FA_login'] >= $_SESSION['twofactor_gauthenticator_2FA_login']) {
$this->__exitSession();
}
} elseif ($rcmail->config->get('force_enrollment_users') && ($rcmail->task !== 'settings' || $rcmail->action !== 'plugin.twofactor_gauthenticator')) {
if ($rcmail->task !== 'login') {
$this->__goingRoundcubeTask('settings', 'plugin.twofactor_gauthenticator');
}
}
return $p;
}
