From 867e3e2c384f8afb775cc1b1ea8ee65c236372ef Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Wed, 21 Jan 2026 20:12:41 +0100
Subject: [PATCH] [WIP] 2fa - Optimize code, views

---
 system/pages/account/2fa/app/disable.php      | 10 +--
 system/pages/account/2fa/app/enable.php       | 85 +++++++++++--------
 system/pages/account/2fa/email/disable.php    |  4 +-
 system/src/TwoFactorAuth/TwoFactorAuth.php    | 53 ++++++++++--
 .../account/2fa/app/enable.html.twig          | 21 +++--
 .../account/2fa/app/enable.warning.html.twig  | 46 +++++++---
 .../account/2fa/app/enabled.html.twig         |  1 -
 .../templates/account/2fa/app/login.html.twig |  4 +-
 .../2fa/app/manage.connected.html.twig        | 25 ++++++
 .../manage.enable.html.twig}                  |  0
 .../account/2fa/email/disable.html.twig       |  4 +-
 .../account/2fa/email/enable.html.twig        |  6 +-
 .../account/2fa/email/login.html.twig         |  6 +-
 ...d.html.twig => manage.connected.html.twig} |  6 +-
 ...nage.html.twig => manage.enable.html.twig} |  2 +-
 .../account/2fa/main.protected.html.twig      | 22 +++++
 .../templates/account/2fa/protected.html.twig | 18 ----
 17 files changed, 208 insertions(+), 105 deletions(-)
 delete mode 100644 system/templates/account/2fa/app/enabled.html.twig
 create mode 100644 system/templates/account/2fa/app/manage.connected.html.twig
 rename system/templates/account/2fa/{connect.html.twig => app/manage.enable.html.twig} (100%)
 rename system/templates/account/2fa/email/{enabled.html.twig => manage.connected.html.twig} (88%)
 rename system/templates/account/2fa/email/{manage.html.twig => manage.enable.html.twig} (95%)
 create mode 100644 system/templates/account/2fa/main.protected.html.twig
 delete mode 100644 system/templates/account/2fa/protected.html.twig

diff --git a/system/pages/account/2fa/app/disable.php b/system/pages/account/2fa/app/disable.php
index c6e8b539..8b820f22 100644
--- a/system/pages/account/2fa/app/disable.php
+++ b/system/pages/account/2fa/app/disable.php
@@ -3,19 +3,11 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 require __DIR__ . '/../base.php';
 
-$account = \MyAAC\Models\Account::find($account_logged->getId());
-if (!$account) {
+if (!$account_logged->isLoaded()) {
 	error('Account not found!');
 	return;
 }
 
-if ($db->hasColumn('accounts', 'secret')) {
-	$account->secret = NULL;
-}
-
-$account->{'2fa_secret'} = '';
-$account->save();
-
 $twoFactorAuth->disable();
 
 $twig->display('success.html.twig', [
diff --git a/system/pages/account/2fa/app/enable.php b/system/pages/account/2fa/app/enable.php
index 9a574fe3..972053d4 100644
--- a/system/pages/account/2fa/app/enable.php
+++ b/system/pages/account/2fa/app/enable.php
@@ -14,57 +14,60 @@ if (!empty($account_logged->getCustomField('2fa_secret'))) {
 	return;
 }
 
+$explodeRecoveryKey = explode('-', $account_logged->getCustomField('key'));
+$newRecoveryKeyFormat = (count($explodeRecoveryKey) == 4);
+
 if (ACTION == 'request') {
-	$clock = new NativeClock();
 
-	$secret = generateRandom2faSecret();
+	if ($newRecoveryKeyFormat) {
+		$key = $_POST['key1'] . '-' . $_POST['key2'] . '-' . $_POST['key3'] . '-' . $_POST['key4'];
+	}
+	else {
+		$key = $_POST['key'];
+	}
 
-	$otp = TOTP::createFromSecret($secret);
+	$accountKey = $account_logged->getCustomField('key');
+	if (!empty($key) && $key == $accountKey) {
+		$clock = new NativeClock();
 
-	setSession('2fa_secret', $secret);
+		$secret = getSession('2fa_secret');
+		if ($secret === null) {
+			$secret = generateRandom2faSecret();
+			setSession('2fa_secret', $secret);
+		}
 
-	$otp->setLabel($account_logged->getEmail());
-	$otp->setIssuer(configLua('serverName'));
+		$twoFactorAuth->appDisplayEnable($secret);
 
-	$grCodeUri = $otp->getQrCodeUri(
-		'https://api.qrserver.com/v1/create-qr-code/?data=[DATA]&size=200x200&ecc=M',
-		'[DATA]'
-	);
-
-	$twig->display('account/2fa/app/enable.html.twig', [
-		'grCodeUri' => $grCodeUri,
-		'secret' => $secret,
-	]);
-
-	return;
+		return;
+	}
+	else {
+		if (empty($key)) {
+			$errors[] = 'Please enter the recovery key!';
+		}
+		else {
+			$errors[] = 'Invalid recovery key!';
+		}
+	}
 }
 
 if (ACTION == 'link') {
 	$secret = getSession('2fa_secret');
 
 	if ($secret === null) {
-		$twig->display('error_box.html.twig', ['errors' => ['Secret not set']]);
+		$twig->display('error_box.html.twig', ['errors' => ['Secret not set. Go back and try again.']]);
+		return;
 	}
 
-	$totp = $_POST['totp'] ?? '';
-	if (!empty($totp)) {
-		$otp = TOTP::createFromSecret($secret);
+	$authCode = $_POST['auth-code'] ?? '';
+	if (!empty($authCode)) {
+		$otp = $twoFactorAuth->appInitTOTP($secret);
 
-		$otp->setLabel($account_logged->getEmail());
-		$otp->setIssuer(configLua('serverName'));
+		if (!$otp->verify($authCode)) {
+			$errors = ['Token is invalid!'];
 
-		if (!$otp->verify($totp)) {
-			$grCodeUri = $otp->getQrCodeUri(
-				'https://api.qrserver.com/v1/create-qr-code/?data=[DATA]&size=200x200&ecc=M',
-				'[DATA]'
-			);
+			$twig->display('error_box.html.twig', ['errors' => $errors]);
 
-			$twig->display('error_box.html.twig', ['errors' => ['Token is invalid!']]);
-
-			$twig->display('account/2fa/app/enable.html.twig', [
-				'grCodeUri' => $grCodeUri,
-				'secret' => $secret,
-			]);
+			$twoFactorAuth->appDisplayEnable($secret, $otp, $errors);
 
 			return;
 		}
@@ -85,10 +88,22 @@ if (ACTION == 'link') {
 
 		return;
 	}
+	else {
+		$errors = ['You have to enter the code generated by the authenticator!'];
+
+		$twig->display('error_box.html.twig', ['errors' => $errors]);
+		$twoFactorAuth->appDisplayEnable($secret, null, $errors);
+		return;
+	}
 }
 
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', ['errors' => $errors]);
 }
 
-$twig->display('account/2fa/app/enable.warning.html.twig', ['wrongCode' => count($errors) > 0]);
+$twig->display('account/2fa/app/enable.warning.html.twig',
+	[
+		'newRecoveryKeyFormat' => $newRecoveryKeyFormat,
+		'errors' => $errors,
+	]
+);
diff --git a/system/pages/account/2fa/email/disable.php b/system/pages/account/2fa/email/disable.php
index ba78e6d1..9ae32b14 100644
--- a/system/pages/account/2fa/email/disable.php
+++ b/system/pages/account/2fa/email/disable.php
@@ -16,8 +16,8 @@ $twoFactorAuth->deleteOldCodes();
 
 $twig->display('success.html.twig',
 	[
-		'title' => 'Email Code Authentication Deactivated',
-		'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
+		'title' => 'Email Code Authentication Disabled',
+		'description' => 'You have successfully <strong>disabled</strong> the <b>Email Code Authentication</b> for your account.'
 	]
 );
 /*
diff --git a/system/src/TwoFactorAuth/TwoFactorAuth.php b/system/src/TwoFactorAuth/TwoFactorAuth.php
index c17fabbf..d6e74d0e 100644
--- a/system/src/TwoFactorAuth/TwoFactorAuth.php
+++ b/system/src/TwoFactorAuth/TwoFactorAuth.php
@@ -5,6 +5,7 @@ namespace MyAAC\TwoFactorAuth;
 use MyAAC\Models\AccountEMailCode;
 use MyAAC\TwoFactorAuth\Gateway\AppAuthGateway;
 use MyAAC\TwoFactorAuth\Gateway\EmailAuthGateway;
+use OTPHP\TOTP;
 
 class TwoFactorAuth
 {
@@ -127,16 +128,17 @@ class TwoFactorAuth
 
 	public function getAccountManageViews(): array
 	{
-		$twoFactorView = 'account/2fa/protected.html.twig';
 		if ($this->authType == self::TYPE_EMAIL) {
-			$twoFactorView2 = 'account/2fa/email/enabled.html.twig';
+			$twoFactorView = 'account/2fa/main.protected.html.twig';
+			$twoFactorView2 = 'account/2fa/email/manage.connected.html.twig';
 		}
 		elseif ($this->authType == self::TYPE_APP) {
-			$twoFactorView2 = 'account/2fa/app/enabled.html.twig';
+			$twoFactorView = 'account/2fa/app/manage.connected.html.twig';
+			$twoFactorView2 = 'account/2fa/main.protected.html.twig';
 		}
 		else {
-			$twoFactorView = 'account/2fa/connect.html.twig';
-			$twoFactorView2 = 'account/2fa/email/manage.html.twig';
+			$twoFactorView = 'account/2fa/app/manage.enable.html.twig';
+			$twoFactorView2 = 'account/2fa/email/manage.enable.html.twig';
 		}
 
 		return [$twoFactorView, $twoFactorView2];
@@ -146,8 +148,17 @@ class TwoFactorAuth
 		$this->account->setCustomField('2fa_type', $type);
 	}
 
-	public function disable(): void {
+	public function disable(): void
+	{
+		global $db;
+
 		$this->account->setCustomField('2fa_type', self::TYPE_NONE);
+
+		if ($db->hasColumn('accounts', 'secret')) {
+			$this->account->setCustomField('secret', null);
+		}
+
+		$this->account->setCustomField('2fa_secret', '');
 	}
 
 	public function isActive(): bool {
@@ -170,6 +181,36 @@ class TwoFactorAuth
 		AccountEMailCode::where('account_id', '=', $this->account->getId())->delete();
 	}
 
+	public function appInitTOTP(string $secret): TOTP
+	{
+		$otp = TOTP::createFromSecret($secret);
+
+		$otp->setLabel($this->account->getEmail());
+		$otp->setIssuer(configLua('serverName'));
+
+		return $otp;
+	}
+
+	public function appDisplayEnable(string $secret, TOTP $otp = null, array $errors = []): void
+	{
+		global $twig;
+
+		if ($otp === null) {
+			$otp = $this->appInitTOTP($secret);
+		}
+
+		$grCodeUri = $otp->getQrCodeUri(
+			'https://api.qrserver.com/v1/create-qr-code/?data=[DATA]&size=200x200&ecc=M',
+			'[DATA]'
+		);
+
+		$twig->display('account/2fa/app/enable.html.twig', [
+			'grCodeUri' => $grCodeUri,
+			'secret' => $secret,
+			'errors' => $errors,
+		]);
+	}
+
 	public function resendEmailCode(): void
 	{
 		global $twig;
diff --git a/system/templates/account/2fa/app/enable.html.twig b/system/templates/account/2fa/app/enable.html.twig
index ac11cdab..b97d1d92 100644
--- a/system/templates/account/2fa/app/enable.html.twig
+++ b/system/templates/account/2fa/app/enable.html.twig
@@ -23,7 +23,13 @@
 								<li><label for="totp">Enter the verification code you have received from the used
 										authenticator app:</label><br>
 									<div style="margin-top: 15px; margin-bottom: 15px;">
-										<input form="form" id="totp" name="totp" autocomplete="off"></div>
+
+										<input form="form" id="auth-code" name="auth-code" maxlength="6" autocomplete="off">
+										{% if errors|length > 0 %}
+											<br/>
+											<div class="FormFieldError">{{ errors[0] }}</div>
+										{% endif %}
+									</div>
 								</li>
 								<li>Click on "Continue" to connect the authenticator app to your
 									Tibia account.
@@ -46,13 +52,14 @@
 		<td>
 			<form id="form" method="post" action="{{ getLink('account/2fa/app/enable') }}">
 
-			<input type="hidden" name="action" value="link">
+				<input type="hidden" name="action" value="link">
 
-			{{ csrf() }}
+				{{ csrf() }}
 
-			{% set button_color = 'green' %}
-			{% set button_name = 'Continue' %}
-			{{ include('buttons.base.html.twig') }}
+				{% set button_color = 'green' %}
+				{% set button_name = 'Continue' %}
+				{{ include('buttons.base.html.twig') }}
+			</form>
 		</td>
 		<td>
 			<form action="{{ getLink('account/manage') }}" method="post" style="padding:0;margin:0;">
@@ -60,7 +67,7 @@
 				{{ csrf() }}
 
 				{% set button_color = 'blue' %}
-				{% set button_name = 'Request' %}
+				{% set button_name = 'Cancel' %}
 				{{ include('buttons.base.html.twig') }}
 			</form>
 		</td>
diff --git a/system/templates/account/2fa/app/enable.warning.html.twig b/system/templates/account/2fa/app/enable.warning.html.twig
index 145fedac..5e8089f3 100644
--- a/system/templates/account/2fa/app/enable.warning.html.twig
+++ b/system/templates/account/2fa/app/enable.warning.html.twig
@@ -6,12 +6,12 @@
 	<tbody>
 	<tr>
 		<td>
-			<span class="red"><b>Please read this warning carefully as it contains important security information! If you skip this message, you might lose your Tibia account!</b></span><br><br>
+			<span class="red"><b>Please read this warning carefully as it contains important security information! If you skip this message, you might lose your {{ config.lua.serverName }} account!</b></span><br><br>
 			<p>Before you connect your account with an authenticator app, you will be asked to
 				enter your recovery key. If you do not have a valid recovery key, you need to
 				order a new one before you can connect your account with an authenticator.</p>
 			<p>Why?<br>The recovery key is the only way to unlink the authenticator app from
-				your Tibia account in various cases, among others, if:</p>
+				your {{ config.lua.serverName }} account in various cases, among others, if:</p>
 			<ul style="list-style-type:square">
 				<li>you lose your device (mobile phone, tablet, etc.) with the authenticator
 					app
@@ -26,17 +26,30 @@
 				(e.g. Google or iTunes sync) even if you have app data backup&amp;synchronisation
 				activated in the settings of your device!</p>
 			<p>In all these scenarios, the recovery key is the only way to get access to your
-				Tibia account. Note that not even customer support will be able to help you in
+				{{ config.lua.serverName }} account. Note that not even customer support will be able to help you in
 				these cases if you do not have a valid recovery key.<br>For this reason, make
 				sure to store your recovery key always in a safe place!</p><br>Do you have a
 			valid recovery key and would like to request the email with the confirmation key to
-			start connecting your Tibia account to an authenticator app?<br><br><b>Enter your
-				recovery key:</b><br>
+			start connecting your {{ config.lua.serverName }} account to an authenticator app?<br><br><b>Enter your
+				recovery key:</b><br/>
+
 			<div style="margin-top: 15px; margin-bottom: 15px;">
 
-				<input class="UpperCaseInput" name="key1" value="" size="5" maxlength="5" autocomplete="off"> -
-				<input class="UpperCaseInput" name="key2" value="" size="5" maxlength="5" autocomplete="off"> - <input class="UpperCaseInput" name="key3" value="" size="5" maxlength="5" autocomplete="off"> -
-				<input class="UpperCaseInput" name="key4" value="" size="5" maxlength="5" autocomplete="off"></div>
+				{% if newRecoveryKeyFormat %}
+
+					<input form="form" class="UpperCaseInput" name="key1" value="" size="5" maxlength="5" autocomplete="off"> -
+					<input form="form" class="UpperCaseInput" name="key2" value="" size="5" maxlength="5" autocomplete="off"> - <input class="UpperCaseInput" name="key3" value="" size="5" maxlength="5" autocomplete="off"> -
+					<input form="form" class="UpperCaseInput" name="key4" value="" size="5" maxlength="5" autocomplete="off">
+
+				{% else %}
+					<input form="form" class="UpperCaseInput" name="key" value="" autocomplete="off">
+				{% endif %}
+
+				{% if errors|length > 0 %}
+					<br/>
+					<div class="FormFieldError">{{ errors[0] }}</div>
+				{% endif %}
+			</div>
 		</td>
 	</tr>
 	</tbody>
@@ -49,14 +62,15 @@
 	<tbody>
 	<tr align="center">
 		<td>
-			<form action="{{ getLink('account/2fa/app/enable') }}" method="post" style="padding:0;margin:0;">
+			<form id="form" action="{{ getLink('account/2fa/app/enable') }}" method="post" style="padding:0;margin:0;">
 
-			<input type="hidden" name="action" value="request" />
+				<input type="hidden" name="action" value="request" />
 
-			{{ csrf() }}
+				{{ csrf() }}
 
-			{% set button_name = 'Request' %}
-			{{ include('buttons.base.html.twig') }}
+				{% set button_name = 'Request' %}
+				{{ include('buttons.base.html.twig') }}
+			</form>
 		</td>
 		<td>
 			<form action="{{ getLink('account/register') }}" method="post" style="padding:0;margin:0;">
@@ -79,3 +93,9 @@
 	</tr>
 	</tbody>
 </table>
+
+<style>
+	.UpperCaseInput {
+		text-transform: uppercase;
+	}
+</style>
diff --git a/system/templates/account/2fa/app/enabled.html.twig b/system/templates/account/2fa/app/enabled.html.twig
deleted file mode 100644
index 1333ed77..00000000
--- a/system/templates/account/2fa/app/enabled.html.twig
+++ /dev/null
@@ -1 +0,0 @@
-TODO
diff --git a/system/templates/account/2fa/app/login.html.twig b/system/templates/account/2fa/app/login.html.twig
index d5977caa..7af585ea 100644
--- a/system/templates/account/2fa/app/login.html.twig
+++ b/system/templates/account/2fa/app/login.html.twig
@@ -15,7 +15,7 @@
 								<div class="LabelV200" style="float:left;">Authenticator App
 									Token:
 								</div>
-								<input form="form-code" id="auth-code" name="auth-code" maxlength="6" autocomplete="off"></div>
+								<input form="form" id="auth-code" name="auth-code" maxlength="6" autocomplete="off"></div>
 						</td>
 					</tr>
 					</tbody>
@@ -33,7 +33,7 @@
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
-			<form id="form-code" action="{{ getLink('account/manage') }}" method="post">
+			<form id="form" action="{{ getLink('account/manage') }}" method="post">
 
 				{{ csrf() }}
 
diff --git a/system/templates/account/2fa/app/manage.connected.html.twig b/system/templates/account/2fa/app/manage.connected.html.twig
new file mode 100644
index 00000000..3ffd6a25
--- /dev/null
+++ b/system/templates/account/2fa/app/manage.connected.html.twig
@@ -0,0 +1,25 @@
+<tr>
+	<td>
+		<div class="TableContentContainer ">
+			<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
+				<tbody>
+				<tr>
+					<td>
+						<div style="float: right; width: 135px;">
+							<form action="{{ getLink('account/2fa/app/disable') }}" method="post" style="padding:0;margin:0;">
+								{{ csrf() }}
+
+								{% set button_name = 'Unlink' %}
+								{{ include('buttons.base.html.twig') }}
+							</form>
+						</div>
+						<b>Your Tibia account is <span style="color: green">connected</span> to an authenticator app.</b>
+						<p>If you do not want to use an authenticator app any longer, you can "Unlink" the authenticator
+							App. Note, however, an authenticator app is an important security feature which helps to
+							prevent any unauthorized access to your Tibia account.</p></td>
+				</tr>
+				</tbody>
+			</table>
+		</div>
+	</td>
+</tr>
diff --git a/system/templates/account/2fa/connect.html.twig b/system/templates/account/2fa/app/manage.enable.html.twig
similarity index 100%
rename from system/templates/account/2fa/connect.html.twig
rename to system/templates/account/2fa/app/manage.enable.html.twig
diff --git a/system/templates/account/2fa/email/disable.html.twig b/system/templates/account/2fa/email/disable.html.twig
index 8303e554..73a3d345 100644
--- a/system/templates/account/2fa/email/disable.html.twig
+++ b/system/templates/account/2fa/email/disable.html.twig
@@ -63,7 +63,7 @@
 								<div style="margin-top: 15px; margin-bottom: 15px;">
 									<div class="LabelV150 {{ wrongCode ? 'red' : '' }}" style="float:left;"><label
 											for="email-code">Email Code:</label></div>
-									<input form="form-code" id="auth-code" name="email-code" maxlength="15"
+									<input form="form" id="auth-code" name="email-code" maxlength="15"
 										   autocomplete="off">
 									{% if wrongCode %}
 										<br/>
@@ -86,7 +86,7 @@
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
-			<form id="form-code" method="post" action="{{ getLink('account/2fa/email/disable') }}">
+			<form id="form" method="post" action="{{ getLink('account/2fa/email/disable') }}">
 				{{ csrf() }}
 
 				<input type="hidden" name="save" value="1">
diff --git a/system/templates/account/2fa/email/enable.html.twig b/system/templates/account/2fa/email/enable.html.twig
index 598efc43..e857782e 100644
--- a/system/templates/account/2fa/email/enable.html.twig
+++ b/system/templates/account/2fa/email/enable.html.twig
@@ -12,7 +12,7 @@
 						<td>Enter the email code below to enable <b>two-factor email code authentication</b>. Note
 							that this code is only valid for 24 hours.<br><br>
 							<div class="AttentionSign"><img src="{{ template_path }}/images/global/content/attentionsign.gif"></div>
-							<b>Note:</b> Once you have email code authentication activated, an <b>email code</b> will be
+							<b>Note:</b> Once you have email code authentication enabled, an <b>email code</b> will be
 							sent to the email address assigned to your account whenever you try to log in to the Tibia
 							client or the {{ config.lua.serverName }} website. In order to log in, you will need to enter the <b>most recent
 								email code</b> you have received.
@@ -64,7 +64,7 @@
 							the email code you received at the email address assigned to your account.
 							<div style="margin-top: 15px; margin-bottom: 15px;">
 								<div class="LabelV150 {{ wrongCode ? 'red' : '' }}" style="float:left;">Email Code:</div>
-								<input form="confirmActivateForm" name="auth-code" maxlength="6">
+								<input form="form" name="auth-code" maxlength="6" autocomplete="off">
 								{% if wrongCode %}
 									<br/>
 									<div class="LabelV150" style="float:left;">&nbsp; </div>
@@ -87,7 +87,7 @@
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
-			<form id="confirmActivateForm" action="{{ getLink('account/2fa/email/enable') }}" method="post" style="padding:0;margin:0;">
+			<form id="form" action="{{ getLink('account/2fa/email/enable') }}" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 
 				<input type="hidden" name="save" value="1">
diff --git a/system/templates/account/2fa/email/login.html.twig b/system/templates/account/2fa/email/login.html.twig
index 0c786b13..3699acb2 100644
--- a/system/templates/account/2fa/email/login.html.twig
+++ b/system/templates/account/2fa/email/login.html.twig
@@ -38,11 +38,11 @@
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
-						<td><b>Email code authentication is activated for your account.</b><br><br>Please enter the <b>most
+						<td><b>Email code authentication is enabled for your account.</b><br><br>Please enter the <b>most
 								recent email code</b> you have received in order to log in.<br>
 							<div style="margin-top: 15px; margin-bottom: 15px;">
 								<div class="LabelV150 {{ wrongCode ? 'red' : '' }}" style="float:left;"><label for="email-code">Email Code:</label></div>
-								<input form="form-code" id="auth-code" name="auth-code" maxlength="15" autocomplete="off">
+								<input form="form" id="auth-code" name="auth-code" maxlength="15" autocomplete="off">
 								{% if wrongCode %}
 									<br/>
 									<div class="LabelV150" style="float:left;">&nbsp; </div>
@@ -64,7 +64,7 @@
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
-			<form id="form-code" method="post" action="{{ getLink('account/manage') }}">
+			<form id="form" method="post" action="{{ getLink('account/manage') }}">
 				{{ csrf() }}
 
 				<input type="hidden" name="account_login" value="{{ account_login ?? '' }}" />
diff --git a/system/templates/account/2fa/email/enabled.html.twig b/system/templates/account/2fa/email/manage.connected.html.twig
similarity index 88%
rename from system/templates/account/2fa/email/enabled.html.twig
rename to system/templates/account/2fa/email/manage.connected.html.twig
index 0ab977f6..e6abcba9 100644
--- a/system/templates/account/2fa/email/enabled.html.twig
+++ b/system/templates/account/2fa/email/manage.connected.html.twig
@@ -9,12 +9,12 @@
 							<form action="{{ getLink('account/2fa/email/disable') }}" method="post" style="padding:0;margin:0;">
 								{{ csrf() }}
 
-								{% set button_name = 'Deactivate' %}
+								{% set button_name = 'Disable' %}
 								{{ include('buttons.base.html.twig') }}
 							</form>
 						</div>
-						<b>Two-Factor Email Code Authentication <span style="color: green">Activated</span>!</b>
-						<p>To disable <b>email code authentication</b>, click on the "Deactivate" button.</p>
+						<b>Two-Factor Email Code Authentication <span style="color: green">Enabled</span>!</b>
+						<p>To disable <b>email code authentication</b>, click on the "Disable" button.</p>
 						<!--p>You will have to confirm the deactivation by entering an <b>email code</b> which will be sent
 							to the email address assigned to your account.</p-->
 					</td>
diff --git a/system/templates/account/2fa/email/manage.html.twig b/system/templates/account/2fa/email/manage.enable.html.twig
similarity index 95%
rename from system/templates/account/2fa/email/manage.html.twig
rename to system/templates/account/2fa/email/manage.enable.html.twig
index ae224736..f8593a7a 100644
--- a/system/templates/account/2fa/email/manage.html.twig
+++ b/system/templates/account/2fa/email/manage.enable.html.twig
@@ -8,7 +8,7 @@
 				<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
 					<tbody>
 					<tr>
-						<td class="LabelV"><b>Activate email code authentication for your account!</b>
+						<td class="LabelV"><b>Enable email code authentication for your account!</b>
 							<div style="float: right; font-size: 1px;">
 								<form action="{{ getLink('account/2fa/email/enable') }}" method="post" style="margin: 0; padding: 0;">
 									{{ csrf() }}
diff --git a/system/templates/account/2fa/main.protected.html.twig b/system/templates/account/2fa/main.protected.html.twig
new file mode 100644
index 00000000..69a78f1a
--- /dev/null
+++ b/system/templates/account/2fa/main.protected.html.twig
@@ -0,0 +1,22 @@
+{% if logged and account_logged.getCustomField('2fa_type') == 1 %}
+	{% set header = 'Two-Factor Email Code Authentication' %}
+	{% set text =  'Your account is currently protected by email code authentication. If you prefer to use a <strong>two-factor authentication app</strong>, you have to "Disable" email code authentication first.' %}
+{% else %}
+	{% set header = 'Two-Factor App Code Authentication' %}
+	{% set text =  'Your account is currently protected by an authenticator app. If you prefer to use the <strong>two-factor email code authentication</strong>, you have to "Unlink" the authenticator app first.' %}
+{% endif %}
+<tr>
+	<td>
+		<div class="TableContentContainer ">
+			<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
+				<tbody>
+				<tr>
+					<td><b>{{ header|raw }}</b>
+						<p>{{ text|raw }}</p>
+					</td>
+				</tr>
+				</tbody>
+			</table>
+		</div>
+	</td>
+</tr>
diff --git a/system/templates/account/2fa/protected.html.twig b/system/templates/account/2fa/protected.html.twig
deleted file mode 100644
index e0fa4f5b..00000000
--- a/system/templates/account/2fa/protected.html.twig
+++ /dev/null
@@ -1,18 +0,0 @@
-<tr>
-	<td>
-		<div class="TableContentContainer ">
-			<table class="TableContent" width="100%" style="border:1px solid #faf0d7;">
-				<tbody>
-				<tr>
-					<td>
-						<div class="InTableRightButtonContainer"></div>
-						<b>Two-Factor Authenticator App</b>
-						<p>Your account is currently protected by email code authentication. If you prefer to use a <b>two-factor
-								authentication app</b>, you have to "Deactivate" email code authentication first.</p>
-					</td>
-				</tr>
-				</tbody>
-			</table>
-		</div>
-	</td>
-</tr>