Improve logging, fix bug allowing login with only username and 2fa code

index.php

@@ -27,6 +27,7 @@ if ($VARS['progress'] == "1") {
                     break;
             }
             if ($userpass_ok) {
+                $_SESSION['passok'] = true; // stop logins using only username and authcode
                 if (userHasTOTP($VARS['username'])) {
                     $multiauth = true;
                 } else {
@@ -45,6 +46,10 @@ if ($VARS['progress'] == "1") {
         insertAuthLog(8, null, "Username: " . $VARS['username']);
     }
 } else if ($VARS['progress'] == "2") {
+    if ($_SESSION['passok'] !== true) {
+        // stop logins using only username and authcode
+        sendError("Password integrity check failed!");
+    }
     if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
         doLoginUser($VARS['username'], $VARS['password']);
         insertAuthLog(1, $_SESSION['uid']);