From e435062025939438362cb216ccd8f124c7919807 Mon Sep 17 00:00:00 2001 From: slawkens Date: Sat, 5 Jul 2025 08:20:58 +0200 Subject: [PATCH] [WIP] 2fa --- system/pages/account/2fa.php | 4 +- system/pages/account/login.php | 10 +-- system/src/TwoFactorAuth/TwoFactorAuth.php | 68 +++++++++---------- ...=> account.2fa.email.deactivate.html.twig} | 0 ...twig => account.2fa.email.login.html.twig} | 0 5 files changed, 41 insertions(+), 41 deletions(-) rename system/templates/{account.2fa.email-code.deactivate.html.twig => account.2fa.email.deactivate.html.twig} (100%) rename system/templates/{account.2fa.email-code.login.html.twig => account.2fa.email.login.html.twig} (100%) diff --git a/system/pages/account/2fa.php b/system/pages/account/2fa.php index fca2bcdb..6bca840e 100644 --- a/system/pages/account/2fa.php +++ b/system/pages/account/2fa.php @@ -50,7 +50,7 @@ if (ACTION == 'email-code') { $twig->display('error_box.html.twig', ['errors' => $errors]); } - $twig->display('account.2fa.email-code.login.html.twig'); + $twig->display('account.2fa.email.login.html.twig'); } else if ($step == 'activate') { if (!$twoFactorAuth->hasRecentEmailCode(15 * 60)) { @@ -116,6 +116,6 @@ if (ACTION == 'email-code') { $twig->display('error_box.html.twig', ['errors' => $errors]); } - $twig->display('account.2fa.email-code.deactivate.html.twig', ['wrongCode' => count($errors) > 0]); + $twig->display('account.2fa.email.deactivate.html.twig', ['wrongCode' => count($errors) > 0]); } } diff --git a/system/pages/account/login.php b/system/pages/account/login.php index 544656a2..a9752d42 100644 --- a/system/pages/account/login.php +++ b/system/pages/account/login.php @@ -51,6 +51,11 @@ if(!empty($login_account) && !empty($login_password)) if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) { $errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.'; } else { + $twoFactorAuth = TwoFactorAuth::getInstance($account_logged); + if (!$twoFactorAuth->process($login_account, $login_password, $_POST['email-code'] ?? '')) { + return; + } + session_regenerate_id(); setSession('account', $account_logged->getId()); setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password)); @@ -58,11 +63,6 @@ if(!empty($login_account) && !empty($login_password)) setSession('remember_me', true); } - $twoFactorAuth = TwoFactorAuth::getInstance($account_logged); - if (!$twoFactorAuth->process($_POST['email-code'] ?? '')) { - return; - } - $logged = true; $logged_flags = $account_logged->getWebFlags(); diff --git a/system/src/TwoFactorAuth/TwoFactorAuth.php b/system/src/TwoFactorAuth/TwoFactorAuth.php index cf40c124..ed7840b5 100644 --- a/system/src/TwoFactorAuth/TwoFactorAuth.php +++ b/system/src/TwoFactorAuth/TwoFactorAuth.php @@ -44,7 +44,7 @@ class TwoFactorAuth return self::$instance; } - public function process($code): bool + public function process($login_account, $login_password, $code): bool { global $twig; @@ -52,48 +52,48 @@ class TwoFactorAuth return true; } - if (!empty($code)) { - if ($this->getAuthGateway()->verifyCode($code)) { - if ($this->authType === self::TYPE_EMAIL) { - $this->deleteOldCodes(); - } - - header('Location: account/manage'); - return true; - } - else { - if (setting('core.mail_enabled')) { - $mailBody = $twig->render('mail.account.2fa.email-code.wrong-attempt.html.twig'); - - if (!_mail($this->account->getEMail(), configLua('serverName') . ' - Failed Two-Factor Authentication Attempt', $mailBody)) { - error('An error occurred while sending email. For Admin: More info can be found in system/logs/mailer-error.log'); - } + if (empty($code)) { + if ($this->authType == self::TYPE_EMAIL) { + if (!$this->hasRecentEmailCode(15 * 60)) { + $this->resendEmailCode(); + //success('Resent email.'); } define('HIDE_LOGIN_BOX', true); - - $errors[] = 'Invalid email code!'; - $twig->display('error_box.html.twig', ['errors' => $errors]); - - $twig->display('account.2fa.email-code.login.html.twig', ['wrongCode' => true]); - - return false; + $twig->display('account.2fa.email.login.html.twig'); } - } - - if ($this->authType == self::TYPE_EMAIL) { - if (!$this->hasRecentEmailCode(15 * 60)) { - $this->resendEmailCode(); - //success('Resent email.'); + else { + echo 'Two Factor App Auth'; } - define('HIDE_LOGIN_BOX', true); - $twig->display('account.2fa.email-code.login.html.twig'); - return false; } - return true; + if ($this->getAuthGateway()->verifyCode($code)) { + if ($this->authType === self::TYPE_EMAIL) { + $this->deleteOldCodes(); + } + + header('Location: account/manage'); + return true; + } + + if (setting('core.mail_enabled')) { + $mailBody = $twig->render('mail.account.2fa.email-code.wrong-attempt.html.twig'); + + if (!_mail($this->account->getEMail(), configLua('serverName') . ' - Failed Two-Factor Authentication Attempt', $mailBody)) { + error('An error occurred while sending email. For Admin: More info can be found in system/logs/mailer-error.log'); + } + } + + define('HIDE_LOGIN_BOX', true); + + $errors[] = 'Invalid email code!'; + $twig->display('error_box.html.twig', ['errors' => $errors]); + + $twig->display('account.2fa.email.login.html.twig', ['wrongCode' => true]); + + return false; } public function setAuthGateway(int $authType): void diff --git a/system/templates/account.2fa.email-code.deactivate.html.twig b/system/templates/account.2fa.email.deactivate.html.twig similarity index 100% rename from system/templates/account.2fa.email-code.deactivate.html.twig rename to system/templates/account.2fa.email.deactivate.html.twig diff --git a/system/templates/account.2fa.email-code.login.html.twig b/system/templates/account.2fa.email.login.html.twig similarity index 100% rename from system/templates/account.2fa.email-code.login.html.twig rename to system/templates/account.2fa.email.login.html.twig