public function TwoFactorCheck(&$result, $userinfo)
{
if ($userinfo !== false && $userinfo["two_factor_method"] == "sso_google_authenticator") {
$info = $this->GetInfo();
$code = SSO_FrontendFieldValue("two_factor_code", "");
$twofactor = sso_login::GetTimeBasedOTP($userinfo["two_factor_key"], time() / 30);
$twofactor2 = sso_login::GetTimeBasedOTP($userinfo["two_factor_key"], (time() - $info["clock_drift"]) / 30);
$twofactor3 = sso_login::GetTimeBasedOTP($userinfo["two_factor_key"], (time() + $info["clock_drift"]) / 30);
if ($code !== $twofactor && $code !== $twofactor2 && $code !== $twofactor3) {
$result["errors"][] = BB_Translate("Invalid two-factor authentication code.");
}
}
}
public function SendTwoFactorCode(&$result, $userrow, $userinfo)
{
// Send the two-factor authentication e-mail.
$info = $this->GetInfo();
$fromaddr = BB_PostTranslate($info["email_from"] != "" ? $info["email_from"] : SSO_SMTP_FROM);
$subject = BB_Translate($info["email_subject"]);
$twofactor = sso_login::GetTimeBasedOTP($userinfo["two_factor_key"], time() / $info["window"]);
$htmlmsg = str_ireplace(array("@USERNAME@", "@EMAIL@", "@TWOFACTOR@"), array(htmlspecialchars($userrow->username), htmlspecialchars($userrow->email), htmlspecialchars($twofactor)), BB_PostTranslate($info["email_msg"]));
$textmsg = str_ireplace(array("@USERNAME@", "@EMAIL@", "@TWOFACTOR@"), array($userrow->username, $userrow->email, $twofactor), BB_PostTranslate($info["email_msg_text"]));
$result2 = SSO_SendEmail($fromaddr, $userrow->email, $subject, $htmlmsg, $textmsg);
if (!$result2["success"]) {
$result["errors"][] = BB_Translate("Login exists but a fatal error occurred. Fatal error: Unable to send two-factor authentication e-mail. %s", $result["error"]);
}
}
