Single-sign-on and self-serve account management. https://netsyms.biz/apps/accounthub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

setup_2fa.php 3.3KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. dieifnotloggedin();
  6. use OTPHP\Factory;
  7. use Endroid\QrCode\ErrorCorrectionLevel;
  8. use Endroid\QrCode\QrCode;
  9. // extra login utils
  10. require_once __DIR__ . "/../lib/login.php";
  11. $APPS["setup_2fa"]["title"] = lang("setup 2fa", false);
  12. $APPS["setup_2fa"]["icon"] = "lock";
  13. if (userHasTOTP($_SESSION['username'])) {
  14. $APPS["setup_2fa"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("2fa active", false) . '</div>'
  15. . '<a href="action.php?action=rm2fa&source=security" class="btn btn-warning btn-sm btn-block">'
  16. . lang("remove 2fa", false) . '</a>';
  17. } else if ($_GET['2fa'] == "generate") {
  18. $codeuri = newTOTP($_SESSION['username']);
  19. $userdata = $database->select('accounts', ['email', 'authsecret', 'realname'], ['username' => $_SESSION['username']])[0];
  20. $label = SYSTEM_NAME . ":" . is_null($userdata['email']) ? $userdata['realname'] : $userdata['email'];
  21. $issuer = SYSTEM_NAME;
  22. $qrCode = new QrCode($codeuri);
  23. $qrCode->setWriterByName('svg');
  24. $qrCode->setSize(550);
  25. $qrCode->setErrorCorrectionLevel(ErrorCorrectionLevel::HIGH);
  26. $qrcode = $qrCode->writeDataUri();
  27. $totp = Factory::loadFromProvisioningUri($codeuri);
  28. $codesecret = $totp->getSecret();
  29. $chunk_secret = trim(chunk_split($codesecret, 4, ' '));
  30. $lang_manualsetup = lang("manual setup", false);
  31. $lang_secretkey = lang("secret key", false);
  32. $lang_label = lang("label", false);
  33. $lang_issuer = lang("issuer", false);
  34. $lang_entercode = lang("enter otp code", false);
  35. $APPS["setup_2fa"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("scan 2fa qrcode", false) . '</div>' . <<<END
  36. <style nonce="$SECURE_NONCE">
  37. .margintop-15px {
  38. margin-top: 15px;
  39. }
  40. .mono-chunk {
  41. text-align: center;
  42. font-size: 110%;
  43. font-family: monospace;
  44. }
  45. </style>
  46. <img src="$qrcode" class="img-responsive qrcode" />
  47. <form action="action.php" method="POST" class="margintop-15px">
  48. <input type="text" name="totpcode" class="form-control" placeholder="$lang_entercode" minlength=6 maxlength=6 required />
  49. <br />
  50. <input type="hidden" name="action" value="add2fa" />
  51. <input type="hidden" name="source" value="security" />
  52. <input type="hidden" name="secret" value="$codesecret" />
  53. <button type="submit" class="btn btn-success btn-sm btn-block">
  54. END
  55. . lang("confirm 2fa", false) . <<<END
  56. </button>
  57. </form>
  58. <div class="panel panel-default margintop-15px">
  59. <div class="panel-body">
  60. <b>$lang_manualsetup</b>
  61. <br /><label>$lang_secretkey:</label>
  62. <div class="well well-sm mono-chunk">$chunk_secret</div>
  63. <br /><label>$lang_label:</label>
  64. <div class="well well-sm mono-chunk">$label</div>
  65. <br /><label>$lang_issuer:</label>
  66. <div class="well well-sm mono-chunk">$issuer</div>
  67. </div>
  68. </div>
  69. END;
  70. } else {
  71. $APPS["setup_2fa"]["content"] = '<div class="alert alert-info"><i class="fa fa-info-circle"></i> ' . lang("2fa explained", false) . '</div>'
  72. . '<a class="btn btn-success btn-sm btn-block" href="home.php?page=security&2fa=generate">'
  73. . lang("enable 2fa", false) . '</a>';
  74. }