function check_2FAlogin($p) { $rcmail = rcmail::get_instance(); $config_2FA = self::__get2FAconfig(); if ($config_2FA['activate']) { // with IP allowed, we don't need to check anything if ($rcmail->config->get('whitelist')) { foreach ($rcmail->config->get('whitelist') as $ip_to_check) { if (CIDR::match($_SERVER['REMOTE_ADDR'], $ip_to_check)) { if ($rcmail->task === 'login') { $this->__goingRoundcubeTask('mail'); } return $p; } } } $code = rcube_utils::get_input_value('_code_2FA', RCUBE_INPUT_POST); $remember = rcube_utils::get_input_value('_remember_2FA', RCUBE_INPUT_POST); if ($code) { if (self::__checkCode($code) || self::__isRecoveryCode($code)) { if (self::__isRecoveryCode($code)) { self::__consumeRecoveryCode($code); } if (rcube_utils::get_input_value('_remember_2FA', RCUBE_INPUT_POST) === 'yes') { $this->__cookie($set = true); } $this->__goingRoundcubeTask('mail'); } else { if ($this->_enable_logs) { $this->__logError(); } $this->__exitSession(); } } elseif ($rcmail->task !== 'login' && !$_SESSION['twofactor_gauthenticator_2FA_login'] >= $_SESSION['twofactor_gauthenticator_2FA_login']) { $this->__exitSession(); } } elseif ($rcmail->config->get('force_enrollment_users') && ($rcmail->task !== 'settings' || $rcmail->action !== 'plugin.twofactor_gauthenticator')) { if ($rcmail->task !== 'login') { $this->__goingRoundcubeTask('settings', 'plugin.twofactor_gauthenticator'); } } return $p; }