Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2026-01-20 13:16:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

[WIP] 2fa, separate files, move twigs

Browse Source
This commit is contained in:
slawkens
2026-01-18 13:13:59 +01:00
parent 7d71bc2fee
commit 9f64d7834f
20 changed files with 151 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
system/pages/account/2fa.php
View File

@@ -1,124 +0,0 @@
<?php
/**
* 2-factor authentication
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
use MyAAC\TwoFactorAuth\TwoFactorAuth;
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Two Factor Authentication';
require __DIR__ . '/base.php';
csrfProtect();
/**
* @var OTS_Account $account_logged
*/
$step = $_REQUEST['step'] ?? '';
$code = $_REQUEST['auth-code'] ?? '';
if ((!setting('core.mail_enabled')) && ACTION == 'email-code') {
$twig->display('error_box.html.twig', ['errors' => ['Account two-factor e-mail authentication disabled.']]);
return;
}
if (!isset($account_logged) || !$account_logged->isLoaded()) {
$current_session = getSession('account');
if($current_session) {
$account_logged = new OTS_Account();
$account_logged->load($current_session);
}
}
$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
$twig->addGlobal('account_logged', $account_logged);
if (ACTION == 'email-code') {
if ($step == 'resend') {
if ($twoFactorAuth->hasRecentEmailCode(15 * 60)) {
$errors = ['Sorry, one email per 15 minutes'];
}
else {
$twoFactorAuth->resendEmailCode();
}
if (!empty($errors)) {
$twig->display('error_box.html.twig', ['errors' => $errors]);
}
$twig->display('account.2fa.email.login.html.twig');
}
else if ($step == 'activate') {
if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
$twoFactorAuth->resendEmailCode();
}
if (isset($_POST['save'])) {
if (!empty($code)) {
$twoFactorAuth->setAuthGateway(TwoFactorAuth::TYPE_EMAIL);
if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
$serverName = configLua('serverName');
$twoFactorAuth->enable(TwoFactorAuth::TYPE_EMAIL);
$twoFactorAuth->deleteOldCodes();
$twig->display('success.html.twig', [
'title' => 'Email Code Authentication Activated',
'description' => sprintf('You have successfully activated <b>email code authentication</b> for your account. This means an <b>email code</b> will be sent to the email address assigned to your account whenever you try to log in to the %s client or the %s website. In order to log in, you will need to enter the <b>most recent email code</b> you have received.', $serverName, $serverName)
]);
return;
}
else {
$errors[] = 'Invalid email code!';
}
}
}
if (!empty($errors)) {
$twig->display('error_box.html.twig', ['errors' => $errors]);
}
$twig->display('account.2fa.email_code.html.twig', ['wrongCode' => count($errors) > 0]);
}
else if ($step == 'deactivate') {
//if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
// $twoFactorAuth->resendEmailCode();
//}
/*if (isset($_POST['save'])) {
if (!empty($code)) {
if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
*/
$twoFactorAuth->disable();
$twoFactorAuth->deleteOldCodes();
$twig->display('success.html.twig',
[
'title' => 'Email Code Authentication Deactivated',
'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
]
);
/*
}
else {
$errors[] = 'Invalid email code!';
}
}
}*/
/*
if (!empty($errors)) {
$twig->display('error_box.html.twig', ['errors' => $errors]);
}
$twig->display('account.2fa.email.deactivate.html.twig', ['wrongCode' => count($errors) > 0]);
*/
}
}

4
system/pages/account/2fa/app/activate.php Normal file
View File

@@ -0,0 +1,4 @@
<?php
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/../base.php';

5
system/pages/account/2fa/app/deactivate.php Normal file
View File

@@ -0,0 +1,5 @@
<?php
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/../base.php';

29
system/pages/account/2fa/base.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
defined('MYAAC') or die('Direct access not allowed!');
use MyAAC\TwoFactorAuth\TwoFactorAuth;
csrfProtect();
$title = 'Two Factor Authentication';
/**
* @var OTS_Account $account_logged
*/
$code = $_REQUEST['auth-code'] ?? '';
if ((!setting('core.mail_enabled')) && ACTION == 'email-code') {
$twig->display('error_box.html.twig', ['errors' => ['Account two-factor e-mail authentication disabled.']]);
return;
}
if (!isset($account_logged) || !$account_logged->isLoaded()) {
$current_session = getSession('account');
if($current_session) {
$account_logged = new OTS_Account();
$account_logged->load($current_session);
}
}
$twoFactorAuth = TwoFactorAuth::getInstance($account_logged);
$twig->addGlobal('account_logged', $account_logged);

39
system/pages/account/2fa/email/activate.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
use MyAAC\TwoFactorAuth\TwoFactorAuth;
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/../base.php';
if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
$twoFactorAuth->resendEmailCode();
}
if (isset($_POST['save'])) {
if (!empty($code)) {
$twoFactorAuth->setAuthGateway(TwoFactorAuth::TYPE_EMAIL);
if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
$serverName = configLua('serverName');
$twoFactorAuth->enable(TwoFactorAuth::TYPE_EMAIL);
$twoFactorAuth->deleteOldCodes();
$twig->display('success.html.twig', [
'title' => 'Email Code Authentication Activated',
'description' => sprintf('You have successfully activated <b>email code authentication</b> for your account. This means an <b>email code</b> will be sent to the email address assigned to your account whenever you try to log in to the %s client or the %s website. In order to log in, you will need to enter the <b>most recent email code</b> you have received.', $serverName, $serverName)
]);
return;
}
else {
$errors[] = 'Invalid email code!';
}
}
}
if (!empty($errors)) {
$twig->display('error_box.html.twig', ['errors' => $errors]);
}
$twig->display('account/2fa/email/request.html.twig', ['wrongCode' => count($errors) > 0]);

37
system/pages/account/2fa/email/deactivate.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/../base.php';
//if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) {
// $twoFactorAuth->resendEmailCode();
//}
/*if (isset($_POST['save'])) {
if (!empty($code)) {
if ($twoFactorAuth->getAuthGateway()->verifyCode($code)) {
*/
$twoFactorAuth->disable();
$twoFactorAuth->deleteOldCodes();
$twig->display('success.html.twig',
[
'title' => 'Email Code Authentication Deactivated',
'description' => 'You have successfully <b>deactivated</b> the <b>Email Code Authentication</b> for your account.'
]
);
/*
}
else {
$errors[] = 'Invalid email code!';
}
}
}*/
/*
if (!empty($errors)) {
$twig->display('error_box.html.twig', ['errors' => $errors]);
}
$twig->display('account/2fa/email/deactivate.html.twig', ['wrongCode' => count($errors) > 0]);
*/

17
system/pages/account/2fa/email/resend-code.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/../base.php';
if ($twoFactorAuth->hasRecentEmailCode(1 * 60)) {
$errors = ['Sorry, one email per 15 minutes'];
}
else {
$twoFactorAuth->resendEmailCode();
}
if (!empty($errors)) {
$twig->display('error_box.html.twig', ['errors' => $errors]);
}
$twig->display('account/2fa/email/login.html.twig');

14
system/src/TwoFactorAuth/TwoFactorAuth.php
View File

@@ -60,7 +60,7 @@ class TwoFactorAuth
} }
define('HIDE_LOGIN_BOX', true); define('HIDE_LOGIN_BOX', true);
$twig->display('account.2fa.email.login.html.twig', [ $twig->display('account/2fa/email/login.html.twig', [
'account_login' => $login_account, 'account_login' => $login_account,
'password_login' => $login_password, 'password_login' => $login_password,
'remember_me' => $remember_me, 'remember_me' => $remember_me,
@@ -94,7 +94,7 @@ class TwoFactorAuth
$errors[] = 'Invalid email code!'; $errors[] = 'Invalid email code!';
$twig->display('error_box.html.twig', ['errors' => $errors]); $twig->display('error_box.html.twig', ['errors' => $errors]);
$twig->display('account.2fa.email.login.html.twig', $twig->display('account/2fa/email/login.html.twig',
[ [
'account_login' => $login_account, 'account_login' => $login_account,
'password_login' => $login_password, 'password_login' => $login_password,
@@ -118,16 +118,16 @@ class TwoFactorAuth
public function getAccountManageViews(): array public function getAccountManageViews(): array
{ {
$twoFactorView = 'account.2fa.protected.html.twig'; $twoFactorView = 'account/2fa/protected.html.twig';
if ($this->authType == self::TYPE_EMAIL) { if ($this->authType == self::TYPE_EMAIL) {
$twoFactorView2 = 'account.2fa.email.activated.html.twig'; $twoFactorView2 = 'account/2fa/email/activated.html.twig';
} }
elseif ($this->authType == self::TYPE_APP) { elseif ($this->authType == self::TYPE_APP) {
$twoFactorView2 = 'account.2fa.app.activated.html.twig'; $twoFactorView2 = 'account/2fa/app/activated.html.twig';
} }
else { else {
$twoFactorView = 'account.2fa.connect.html.twig'; $twoFactorView = 'account/2fa/connect.html.twig';
$twoFactorView2 = 'account.2fa.email.activate.html.twig'; $twoFactorView2 = 'account/2fa/email/activate.html.twig';
} }
return [$twoFactorView, $twoFactorView2]; return [$twoFactorView, $twoFactorView2];

2
system/templates/account.management.html.twig
View File

@@ -148,7 +148,7 @@
</form> </form>
<br/> <br/>
{{ include('account.2fa.main.html.twig') }} {{ include('account/2fa/main.html.twig') }}
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }} {{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
<a name="Account+Logs" ></a> <a name="Account+Logs" ></a>

0
system/templates/account/2fa/app/activate.html.twig Normal file
View File

2
system/templates/account.2fa.connect.html.twig → system/templates/account/2fa/connect.html.twig
View File

@@ -9,7 +9,7 @@
<tbody><tr> <tbody><tr>
<td class="LabelV"><b>Connect your {{ config.lua.serverName }} account to an authenticator app!</b> <td class="LabelV"><b>Connect your {{ config.lua.serverName }} account to an authenticator app!</b>
<div style="float: right; font-size: 1px;"> <div style="float: right; font-size: 1px;">
<form action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="margin: 0px; padding: 0px;"> <form action="{{ getLink('account/2fa/app/activate') }}" method="post" style="margin: 0; padding: 0;">
{{ csrf() }} {{ csrf() }}
{% set button_name = 'Request' %} {% set button_name = 'Request' %}
{% include('buttons.base.html.twig') %} {% include('buttons.base.html.twig') %}

2
system/templates/account.2fa.email.activate.html.twig → system/templates/account/2fa/email/activate.html.twig
View File

@@ -10,7 +10,7 @@
<tr> <tr>
<td class="LabelV"><b>Activate email code authentication for your account!</b> <td class="LabelV"><b>Activate email code authentication for your account!</b>
<div style="float: right; font-size: 1px;"> <div style="float: right; font-size: 1px;">
<form action="{{ getLink('account/2fa') }}?action=email-code&step=activate" method="post" style="margin: 0; padding: 0;"> <form action="{{ getLink('account/2fa/email/activate') }}" method="post" style="margin: 0; padding: 0;">
{{ csrf() }} {{ csrf() }}
{% set button_name = 'Request' %} {% set button_name = 'Request' %}
{% include('buttons.base.html.twig') %} {% include('buttons.base.html.twig') %}

4
system/templates/account.2fa.email.activated.html.twig → system/templates/account/2fa/email/activated.html.twig
View File

@@ -6,9 +6,9 @@
<tr> <tr>
<td> <td>
<div style="float: right; width: 135px;"> <div style="float: right; width: 135px;">
<form action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="padding:0;margin:0;"> <form action="{{ getLink('account/2fa/email/deactivate') }}" method="post" style="padding:0;margin:0;">
{{ csrf() }} {{ csrf() }}
<input type="hidden" name="step" value="deactivate">
{% set button_name = 'Deactivate' %} {% set button_name = 'Deactivate' %}
{{ include('buttons.base.html.twig') }} {{ include('buttons.base.html.twig') }}
</form> </form>

7
system/templates/account.2fa.email.deactivate.html.twig → system/templates/account/2fa/email/deactivate.html.twig
View File

@@ -10,7 +10,7 @@
<tr> <tr>
<td>To deactivate <b>two-factor email code authentication</b> for your account, enter the <td>To deactivate <b>two-factor email code authentication</b> for your account, enter the
received <b>email code</b> below. Note, however, that <b>email code authentication</b> received <b>email code</b> below. Note, however, that <b>email code authentication</b>
is an important security feature which helps to prevent any unauthorised access to your is an important security feature which helps to prevent any unauthorized access to your
Tibia account. Tibia account.
</td> </td>
</tr> </tr>
@@ -28,7 +28,7 @@
<td> <td>
<div style="float: right;"> <div style="float: right;">
<form <form
action="{{ getLink('account/2fa') }}?action=email-code&step=resend" action="{{ getLink('account/2fa/email/resend-code') }}"
method="post" method="post"
style="padding:0;margin:0;" style="padding:0;margin:0;"
> >
@@ -86,10 +86,9 @@
<tbody> <tbody>
<tr align="center" valign="top"> <tr align="center" valign="top">
<td> <td>
<form id="form-code" method="post" action="{{ getLink('account/2fa') }}?action=email-code"> <form id="form-code" method="post" action="{{ getLink('account/2fa/email/deactivate') }}">
{{ csrf() }} {{ csrf() }}
<input type="hidden" name="step" value="deactivate">
<input type="hidden" name="save" value="1"> <input type="hidden" name="save" value="1">
{% set button_name = 'Continue' %} {% set button_name = 'Continue' %}

2
system/templates/account.2fa.email.login.html.twig → system/templates/account/2fa/email/login.html.twig
View File

@@ -11,7 +11,7 @@
<td> <td>
<div style="float: right;"> <div style="float: right;">
<form <form
action="{{ getLink('account/2fa') }}?action=email-code&step=resend" action="{{ getLink('account/2fa/email/resend-code') }}"
method="post" method="post"
style="padding:0;margin:0;" style="padding:0;margin:0;"
> >

6
system/templates/account.2fa.email_code.html.twig → system/templates/account/2fa/email/request.html.twig
View File

@@ -31,14 +31,13 @@
<tr> <tr>
<td> <td>
<div style="float: right;"> <div style="float: right;">
<form action="{{ getLink('account/2fa') }}?action=email-code" <form action="{{ getLink('account/2fa/email/resend-code') }}"
method="post" style="padding:0;margin:0;"> method="post" style="padding:0;margin:0;">
{{ csrf() }} {{ csrf() }}
{% if account_logged is defined %} {% if account_logged is defined %}
<input type="hidden" name="account_logged" value="{{ account_logged.getId() }}"> <input type="hidden" name="account_logged" value="{{ account_logged.getId() }}">
{% endif %} {% endif %}
<input type="hidden" name="step" value="resend">
{% set button_name = 'Resend Email Code' %} {% set button_name = 'Resend Email Code' %}
{% include('buttons.base.html.twig') %} {% include('buttons.base.html.twig') %}
@@ -88,10 +87,9 @@
<tbody> <tbody>
<tr align="center" valign="top"> <tr align="center" valign="top">
<td> <td>
<form id="confirmActivateForm" action="{{ getLink('account/2fa') }}?action=email-code" method="post" style="padding:0;margin:0;"> <form id="confirmActivateForm" action="{{ getLink('account/2fa/email/activate') }}" method="post" style="padding:0;margin:0;">
{{ csrf() }} {{ csrf() }}
<input type="hidden" name="step" value="activate">
<input type="hidden" name="save" value="1"> <input type="hidden" name="save" value="1">
{% set button_color = 'green' %} {% set button_color = 'green' %}

0
system/templates/account.2fa.main.html.twig → system/templates/account/2fa/main.html.twig
View File

0
system/templates/account.2fa.protected.html.twig → system/templates/account/2fa/protected.html.twig
View File

2
system/templates/mail.account.2fa.email-code.html.twig
View File

@@ -2,7 +2,7 @@ Dear {{ config.lua.serverName}} player,
<br/><br/> <br/><br/>
Your account is protected by email code authentication, and you requested a new email code: Your account is protected by email code authentication, and you requested a new email code:
<br/><br/> <br/><br/>
<p>{{ code }}</p> <h1><strong>{{ code }}</strong></h1>
<br/> <br/>
Note that the code is only valid for 24 hours. Note that the code is only valid for 24 hours.
<br/><br/> <br/><br/>

2
templates/tibiacom/account.management.html.twig
View File

@@ -291,7 +291,7 @@
{% include 'tables.headline.html.twig' %} {% include 'tables.headline.html.twig' %}
<br/> <br/>
{{ include('account.2fa.main.html.twig') }} {{ include('account/2fa/main.html.twig') }}
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }} {{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
<a name="Account+Logs" ></a> <a name="Account+Logs" ></a>