$user = $_SESSION['user']; $user->setSecret($secret); $mapper = $app->userMapper; $mapper->save($user); $app->flash('message', 'Successfully set up two factor authentication!'); $app->redirect('/'); } $app->flash('error', 'Failed to confirm code'); $app->redirect('/setup2fa'); }); $app->get('/auth2fa', function () use($app) { $user = $_SESSION['user_in_progress']; $app->render('auth2fa.twig'); }); $app->post('/auth2fa', function () use($app) { $user = $_SESSION['user_in_progress']; $secret = $user->getSecret(); $code = $app->request->post('code'); $g = new \Google\Authenticator\GoogleAuthenticator(); if ($g->checkCode($secret, $code)) { // code is valid! $_SESSION['user'] = $_SESSION['user_in_progress']; unset($_SESSION['user_in_progress']); $app->flash('message', 'Successfully logged in using two factor authentication!'); $app->redirect('/'); } $app->flash('error', 'Failed to confirm code'); $app->redirect('/auth2fa'); }); // Run app $app->run();
session_destroy(); header("Location: ./"); } // check if the user is logged in. if ($user->isLoggedIn()) { include __DIR__ . "/../tmpl/loggedin.php"; //show the QR code if whished so if (isset($_GET['showqr'])) { $secret = $user->getSecret(); include __DIR__ . "/../tmpl/show-qr.php"; } } else { if ($user->isOTP() && isset($_POST['otp'])) { $g = new \Google\Authenticator\GoogleAuthenticator(); // check if the submitted token is the right one and log in if ($g->checkCode($user->getSecret(), $_POST['otp'])) { // do log-in the user $user->doLogin(); //if the user clicked the "remember the token" checkbox, set the cookie if (isset($_POST['remember']) && $_POST['remember']) { $user->setOTPCookie(); } include __DIR__ . "/../tmpl/loggedin.php"; } else { session_destroy(); include __DIR__ . "/../tmpl/login-error.php"; } } else { session_destroy(); include __DIR__ . "/../tmpl/login.php"; }