mirror of
https://github.com/slawkens/myaac.git
synced 2026-01-23 14:36:22 +01:00
110 lines
2.5 KiB
PHP
110 lines
2.5 KiB
PHP
<?php
|
|
defined('MYAAC') or die('Direct access not allowed!');
|
|
|
|
use MyAAC\TwoFactorAuth\TwoFactorAuth;
|
|
use OTPHP\TOTP;
|
|
use Symfony\Component\Clock\NativeClock;
|
|
|
|
require __DIR__ . '/../base.php';
|
|
|
|
if (!empty($account_logged->getCustomField('2fa_secret'))) {
|
|
|
|
$twig->display('account/2fa/app/enable.already_connected.html.twig');
|
|
|
|
return;
|
|
}
|
|
|
|
$explodeRecoveryKey = explode('-', $account_logged->getCustomField('key'));
|
|
$newRecoveryKeyFormat = (count($explodeRecoveryKey) == 4);
|
|
|
|
if (ACTION == 'request') {
|
|
|
|
if ($newRecoveryKeyFormat) {
|
|
$key = $_POST['key1'] . '-' . $_POST['key2'] . '-' . $_POST['key3'] . '-' . $_POST['key4'];
|
|
}
|
|
else {
|
|
$key = $_POST['key'];
|
|
}
|
|
|
|
$accountKey = $account_logged->getCustomField('key');
|
|
if (!empty($key) && $key == $accountKey) {
|
|
$clock = new NativeClock();
|
|
|
|
$secret = getSession('2fa_secret');
|
|
if ($secret === null) {
|
|
$secret = generateRandom2faSecret();
|
|
setSession('2fa_secret', $secret);
|
|
}
|
|
|
|
$twoFactorAuth->appDisplayEnable($secret);
|
|
|
|
return;
|
|
}
|
|
else {
|
|
if (empty($key)) {
|
|
$errors[] = 'Please enter the recovery key!';
|
|
}
|
|
else {
|
|
$errors[] = 'Invalid recovery key!';
|
|
}
|
|
}
|
|
}
|
|
|
|
if (ACTION == 'link') {
|
|
$secret = getSession('2fa_secret');
|
|
|
|
if ($secret === null) {
|
|
$twig->display('error_box.html.twig', ['errors' => ['Secret not set. Go back and try again.']]);
|
|
return;
|
|
}
|
|
|
|
$authCode = $_POST['auth-code'] ?? '';
|
|
if (!empty($authCode)) {
|
|
$otp = $twoFactorAuth->appInitTOTP($secret);
|
|
|
|
if (!$otp->verify($authCode)) {
|
|
$errors = ['Token is invalid!'];
|
|
|
|
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
|
|
|
$twoFactorAuth->appDisplayEnable($secret, $otp, $errors);
|
|
|
|
return;
|
|
}
|
|
|
|
if ($db->hasColumn('accounts', 'secret')) {
|
|
$account_logged->setCustomField('secret', $secret);
|
|
}
|
|
|
|
$account_logged->setCustomField('2fa_secret', $secret);
|
|
$twoFactorAuth->enable(TwoFactorAuth::TYPE_APP);
|
|
|
|
$twig->display('success.html.twig',
|
|
[
|
|
'title' => 'Authenticator App Connected',
|
|
'description' => 'You successfully connected your Tibia account to an authenticator app.'
|
|
]
|
|
);
|
|
|
|
return;
|
|
}
|
|
else {
|
|
$errors = ['You have to enter the code generated by the authenticator!'];
|
|
|
|
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
|
$twoFactorAuth->appDisplayEnable($secret, null, $errors);
|
|
return;
|
|
}
|
|
}
|
|
|
|
if (!empty($errors)) {
|
|
$twig->display('error_box.html.twig', ['errors' => $errors]);
|
|
}
|
|
|
|
$twig->display('account/2fa/app/enable.warning.html.twig',
|
|
[
|
|
'newRecoveryKeyFormat' => $newRecoveryKeyFormat,
|
|
'errors' => $errors,
|
|
]
|
|
);
|