[WIP] 2fa, separate files, move twigs

system/pages/account/2fa.php

@@ -1,124 +0,0 @@
-<?php
-/**
- * 2-factor authentication
- *
- * @package   MyAAC
- * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
- * @link      https://my-aac.org
- */
-
-use MyAAC\TwoFactorAuth\TwoFactorAuth;
-
-defined('MYAAC') or die('Direct access not allowed!');
-
-$title = 'Two Factor Authentication';
-require __DIR__ . '/base.php';
-
-csrfProtect();
-
-/**
- * @var OTS_Account $account_logged
- */
-$step = $_REQUEST['step'] ?? '';
-$code = $_REQUEST['auth-code'] ?? '';
-
-if ((!setting('core.mail_enabled')) && ACTION == 'email-code') {
-	$twig->display('error_box.html.twig',  ['errors' => ['Account two-factor e-mail authentication disabled.']]);
-	return;
-}
-
-if (!isset($account_logged) || !$account_logged->isLoaded()) {
-	$current_session = getSession('account');
-	if($current_session) {
-		$account_logged = new OTS_Account();
-		$account_logged->load($current_session);
-	}
-}
-
-$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
-$twig->addGlobal('account_logged', $account_logged);
-
-if (ACTION == 'email-code') {
-	if ($step == 'resend') {
-		if ($twoFactorAuth->hasRecentEmailCode(15 * 60)) {
-			$errors = ['Sorry, one email per 15 minutes'];
-		}
-		else {
-			$twoFactorAuth->resendEmailCode();
-		}
-
-		if (!empty($errors)) {
-			$twig->display('error_box.html.twig',  ['errors' => $errors]);
-		}
-
-		$twig->display('account.2fa.email.login.html.twig');
-	}
-	else if ($step == 'activate') {
-		if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
-			$twoFactorAuth->resendEmailCode();
-		}
-
-		if (isset($_POST['save'])) {
-			if (!empty($code)) {
-				$twoFactorAuth->setAuthGateway(TwoFactorAuth::TYPE_EMAIL);
-				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
-					$serverName = configLua('serverName');
-
-					$twoFactorAuth->enable(TwoFactorAuth::TYPE_EMAIL);
-					$twoFactorAuth->deleteOldCodes();
-
-					$twig->display('success.html.twig', [
-						'title' => 'Email Code Authentication Activated',
-						'description' => sprintf('You have successfully activated <b>email code authentication</b> for your account. This means an <b>email code</b> will be sent to the email address assigned to your account whenever you try to log in to the %s client or the %s website. In order to log in, you will need to enter the <b>most recent email code</b> you have received.', $serverName, $serverName)
-					]);
-
-					return;
-				}
-				else {
-					$errors[] = 'Invalid email code!';
-				}
-			}
-		}
-
-		if (!empty($errors)) {
-			$twig->display('error_box.html.twig', ['errors' => $errors]);
-		}
-
-		$twig->display('account.2fa.email_code.html.twig', ['wrongCode' => count($errors) > 0]);
-	}
-	else if ($step == 'deactivate') {
-		//if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
-		//	$twoFactorAuth->resendEmailCode();
-		//}
-
-		/*if (isset($_POST['save'])) {
-			if (!empty($code)) {
-				if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
-*/
-					$twoFactorAuth->disable();
-					$twoFactorAuth->deleteOldCodes();
-
-					$twig->display('success.html.twig',
-						[
-							'title' => 'Email Code Authentication Deactivated',
-							'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
-						]
-					);
-					/*
-				}
-				else {
-					$errors[] = 'Invalid email code!';
-				}
-			}
-		}*/
-
-		/*
-		if (!empty($errors)) {
-			$twig->display('error_box.html.twig', ['errors' => $errors]);
-		}
-
-		$twig->display('account.2fa.email.deactivate.html.twig', ['wrongCode' => count($errors) > 0]);
-		*/
-	}
-}

system/pages/account/2fa/app/activate.php

@@ -0,0 +1,4 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+require __DIR__ . '/../base.php';

system/pages/account/2fa/app/deactivate.php

@@ -0,0 +1,5 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+require __DIR__ . '/../base.php';
+

system/pages/account/2fa/base.php

@@ -0,0 +1,29 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+use MyAAC\TwoFactorAuth\TwoFactorAuth;
+
+csrfProtect();
+
+$title = 'Two Factor Authentication';
+
+/**
+ * @var OTS_Account $account_logged
+ */
+$code = $_REQUEST['auth-code'] ?? '';
+
+if ((!setting('core.mail_enabled')) && ACTION == 'email-code') {
+	$twig->display('error_box.html.twig',  ['errors' => ['Account two-factor e-mail authentication disabled.']]);
+	return;
+}
+
+if (!isset($account_logged) || !$account_logged->isLoaded()) {
+	$current_session = getSession('account');
+	if($current_session) {
+		$account_logged = new OTS_Account();
+		$account_logged->load($current_session);
+	}
+}
+
+$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
+$twig->addGlobal('account_logged', $account_logged);

system/pages/account/2fa/email/activate.php

@@ -0,0 +1,39 @@
+<?php
+
+use MyAAC\TwoFactorAuth\TwoFactorAuth;
+
+defined('MYAAC') or die('Direct access not allowed!');
+
+require __DIR__ . '/../base.php';
+
+if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
+	$twoFactorAuth->resendEmailCode();
+}
+
+if (isset($_POST['save'])) {
+	if (!empty($code)) {
+		$twoFactorAuth->setAuthGateway(TwoFactorAuth::TYPE_EMAIL);
+		if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
+			$serverName = configLua('serverName');
+
+			$twoFactorAuth->enable(TwoFactorAuth::TYPE_EMAIL);
+			$twoFactorAuth->deleteOldCodes();
+
+			$twig->display('success.html.twig', [
+				'title' => 'Email Code Authentication Activated',
+				'description' => sprintf('You have successfully activated <b>email code authentication</b> for your account. This means an <b>email code</b> will be sent to the email address assigned to your account whenever you try to log in to the %s client or the %s website. In order to log in, you will need to enter the <b>most recent email code</b> you have received.', $serverName, $serverName)
+			]);
+
+			return;
+		}
+		else {
+			$errors[] = 'Invalid email code!';
+		}
+	}
+}
+
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', ['errors' => $errors]);
+}
+
+$twig->display('account/2fa/email/request.html.twig', ['wrongCode' => count($errors) > 0]);

system/pages/account/2fa/email/deactivate.php

@@ -0,0 +1,37 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+require __DIR__ . '/../base.php';
+
+//if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
+//	$twoFactorAuth->resendEmailCode();
+//}
+
+/*if (isset($_POST['save'])) {
+	if (!empty($code)) {
+		if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
+*/
+$twoFactorAuth->disable();
+$twoFactorAuth->deleteOldCodes();
+
+$twig->display('success.html.twig',
+	[
+		'title' => 'Email Code Authentication Deactivated',
+		'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
+	]
+);
+/*
+}
+else {
+$errors[] = 'Invalid email code!';
+}
+}
+}*/
+
+/*
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig', ['errors' => $errors]);
+}
+
+$twig->display('account/2fa/email/deactivate.html.twig', ['wrongCode' => count($errors) > 0]);
+*/

system/pages/account/2fa/email/resend-code.php

@@ -0,0 +1,17 @@
+<?php
+defined('MYAAC') or die('Direct access not allowed!');
+
+require __DIR__ . '/../base.php';
+
+if ($twoFactorAuth->hasRecentEmailCode(1 * 60)) {
+	$errors = ['Sorry, one email per 15 minutes'];
+}
+else {
+	$twoFactorAuth->resendEmailCode();
+}
+
+if (!empty($errors)) {
+	$twig->display('error_box.html.twig',  ['errors' => $errors]);
+}
+
+$twig->display('account/2fa/email/login.html.twig');

system/src/TwoFactorAuth/TwoFactorAuth.php

@@ -60,7 +60,7 @@ class TwoFactorAuth
 				}
 
 				define('HIDE_LOGIN_BOX', true);
-				$twig->display('account.2fa.email.login.html.twig', [
+				$twig->display('account/2fa/email/login.html.twig', [
 					'account_login' => $login_account,
 					'password_login' => $login_password,
 					'remember_me' => $remember_me,
@@ -94,7 +94,7 @@ class TwoFactorAuth
 		$errors[] = 'Invalid email code!';
 		$twig->display('error_box.html.twig', ['errors' => $errors]);
 
-		$twig->display('account.2fa.email.login.html.twig',
+		$twig->display('account/2fa/email/login.html.twig',
 			[
 				'account_login' => $login_account,
 				'password_login' => $login_password,
@@ -118,16 +118,16 @@ class TwoFactorAuth
 
 	public function getAccountManageViews(): array
 	{
-		$twoFactorView = 'account.2fa.protected.html.twig';
+		$twoFactorView = 'account/2fa/protected.html.twig';
 		if ($this->authType == self::TYPE_EMAIL) {
-			$twoFactorView2 = 'account.2fa.email.activated.html.twig';
+			$twoFactorView2 = 'account/2fa/email/activated.html.twig';
 		}
 		elseif ($this->authType == self::TYPE_APP) {
-			$twoFactorView2 = 'account.2fa.app.activated.html.twig';
+			$twoFactorView2 = 'account/2fa/app/activated.html.twig';
 		}
 		else {
-			$twoFactorView = 'account.2fa.connect.html.twig';
-			$twoFactorView2 = 'account.2fa.email.activate.html.twig';
+			$twoFactorView = 'account/2fa/connect.html.twig';
+			$twoFactorView2 = 'account/2fa/email/activate.html.twig';
 		}
 
 		return [$twoFactorView, $twoFactorView2];

system/templates/account.management.html.twig

@@ -148,7 +148,7 @@
 		</form>
 		<br/>
 
-		{{ include('account.2fa.main.html.twig') }}
+		{{ include('account/2fa/main.html.twig') }}
 
 		{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
 		<a name="Account+Logs" ></a>

system/templates/account/2fa/connect.html.twig

@@ -9,7 +9,7 @@
 					<tbody><tr>
 						<td class="LabelV"><b>Connect your {{ config.lua.serverName }} account to an authenticator app!</b>
 							<div style="float: right; font-size: 1px;">
-								<form action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="margin: 0px; padding: 0px;">
+								<form action="{{ getLink('account/2fa/app/activate') }}" method="post" style="margin: 0; padding: 0;">
 									{{ csrf() }}
 									{% set button_name = 'Request' %}
 									{% include('buttons.base.html.twig') %}

system/templates/account/2fa/email/activate.html.twig

@@ -10,7 +10,7 @@
 					<tr>
 						<td class="LabelV"><b>Activate email code authentication for your account!</b>
 							<div style="float: right; font-size: 1px;">
-								<form action="{{ getLink('account/2fa') }}?action=email-code&step=activate" method="post" style="margin: 0; padding: 0;">
+								<form action="{{ getLink('account/2fa/email/activate') }}" method="post" style="margin: 0; padding: 0;">
 									{{ csrf() }}
 									{% set button_name = 'Request' %}
 									{% include('buttons.base.html.twig') %}

system/templates/account/2fa/email/activated.html.twig

@@ -6,9 +6,9 @@
 				<tr>
 					<td>
 						<div style="float: right; width: 135px;">
-							<form action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="padding:0;margin:0;">
+							<form action="{{ getLink('account/2fa/email/deactivate') }}" method="post" style="padding:0;margin:0;">
 								{{ csrf() }}
-								<input type="hidden" name="step" value="deactivate">
+
 								{% set button_name = 'Deactivate' %}
 								{{ include('buttons.base.html.twig') }}
 							</form>

system/templates/account/2fa/email/deactivate.html.twig

@@ -10,7 +10,7 @@
 						<tr>
 							<td>To deactivate <b>two-factor email code authentication</b> for your account, enter the
 								received <b>email code</b> below. Note, however, that <b>email code authentication</b>
-								is an important security feature which helps to prevent any unauthorised access to your
+								is an important security feature which helps to prevent any unauthorized access to your
 								Tibia account.
 							</td>
 						</tr>
@@ -28,7 +28,7 @@
 							<td>
 								<div style="float: right;">
 									<form
-										action="{{ getLink('account/2fa') }}?action=email-code&step=resend"
+										action="{{ getLink('account/2fa/email/resend-code') }}"
 										method="post"
 										style="padding:0;margin:0;"
 									>
@@ -86,10 +86,9 @@
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
-			<form id="form-code" method="post" action="{{ getLink('account/2fa') }}?action=email-code">
+			<form id="form-code" method="post" action="{{ getLink('account/2fa/email/deactivate') }}">
 				{{ csrf() }}
 
-				<input type="hidden" name="step" value="deactivate">
 				<input type="hidden" name="save" value="1">
 
 				{% set button_name = 'Continue' %}

system/templates/account/2fa/email/login.html.twig

@@ -11,7 +11,7 @@
 						<td>
 							<div style="float: right;">
 								<form
-										action="{{ getLink('account/2fa') }}?action=email-code&step=resend"
+										action="{{ getLink('account/2fa/email/resend-code') }}"
 										method="post"
 										style="padding:0;margin:0;"
 								>

system/templates/account/2fa/email/request.html.twig

@@ -31,14 +31,13 @@
 					<tr>
 						<td>
 							<div style="float: right;">
-								<form action="{{ getLink('account/2fa') }}?action=email-code"
+								<form action="{{ getLink('account/2fa/email/resend-code') }}"
 									method="post" style="padding:0;margin:0;">
 									{{ csrf() }}
 
 									{% if account_logged is defined %}
 										<input type="hidden" name="account_logged" value="{{ account_logged.getId() }}">
 									{% endif %}
-									<input type="hidden" name="step" value="resend">
 
 									{% set button_name = 'Resend Email Code' %}
 									{% include('buttons.base.html.twig') %}
@@ -88,10 +87,9 @@
 	<tbody>
 	<tr align="center" valign="top">
 		<td>
-			<form id="confirmActivateForm" action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="padding:0;margin:0;">
+			<form id="confirmActivateForm" action="{{ getLink('account/2fa/email/activate') }}" method="post" style="padding:0;margin:0;">
 				{{ csrf() }}
 
-				<input type="hidden" name="step" value="activate">
 				<input type="hidden" name="save" value="1">
 
 				{% set button_color = 'green' %}

system/templates/mail.account.2fa.email-code.html.twig

@@ -2,7 +2,7 @@ Dear {{ config.lua.serverName}} player,
 <br/><br/>
 Your account is protected by email code authentication, and you requested a new email code:
 <br/><br/>
-<p>{{ code }}</p>
+<h1><strong>{{ code }}</strong></h1>
 <br/>
 Note that the code is only valid for 24 hours.
 <br/><br/>