Adding all the code i changed. It now supports mfa, passkeys and passwords
This commit is contained in:
Janis Steiner
@@ -2,19 +2,80 @@
|
||||
session_start();
|
||||
header('Content-Type: application/json');
|
||||
$send_to=$_SESSION["end_url"];
|
||||
//if allready authenticated
|
||||
if(($_SESSION["auth_passkey"]==="not_reauired" or $_SESSION["auth_passkey"]==="authenticated") and ($_SESSION["auth_password"]==="not_reauired" or $_SESSION["auth_password"]==="authenticated") and ($_SESSION["auth_2fa"]==="not_reauired" or $_SESSION["auth_2fa"]==="authenticated")){
|
||||
//user is fully authenticated, send him to the desired page
|
||||
$data = [
|
||||
'login' => true,
|
||||
'message' => 'fully_logged_in',
|
||||
'redirect' => $send_to
|
||||
];
|
||||
echo(json_encode($data));
|
||||
}else{
|
||||
|
||||
include "../../config/config.php";
|
||||
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
||||
|
||||
if($_SESSION["needs_auth"]===false && $_SESSION["pw_required"]==1 && $_SESSION["pw_authenticated"]==0){
|
||||
//check for pw
|
||||
$data=[
|
||||
'message' => 'auth_pw',
|
||||
'redirect' => '/login/pw.php'
|
||||
];
|
||||
echo(json_encode($data));
|
||||
}
|
||||
else if($_SESSION["needs_auth"]===false && $_SESSION["mfa_required"]==1 && $_SESSION["mfa_authenticated"]==0){
|
||||
$data=[
|
||||
'message' => 'auth_mfa',
|
||||
'redirect' => '/login/mfa.php'
|
||||
];
|
||||
echo(json_encode($data));
|
||||
|
||||
//check for mfa
|
||||
}
|
||||
else if($_SESSION["needs_auth"]===false && $_SESSION["passkey_required"]==1 && $_SESSION["passkey_authenticated"]==0){
|
||||
//check for passkey
|
||||
$data=[
|
||||
'message' => 'auth_passkey',
|
||||
'redirect' => '/login/passkey.php'
|
||||
];
|
||||
echo(json_encode($data));
|
||||
}else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 && $_SESSION["pw_authenticated"]==1 && $_SESSION["passkey_authenticated"]){
|
||||
//fully authenticated
|
||||
$_SESSION["logged_in"]=true;
|
||||
$data=[
|
||||
'message' => 'done',
|
||||
'redirect' => $send_to
|
||||
];
|
||||
echo(json_encode($data));
|
||||
}
|
||||
else{
|
||||
//we have to send the user around :)
|
||||
//load his auth methods. then send the first one. if he auths there he will be send back here and we can send him to the next auth method
|
||||
$username=$_SESSION["username"];
|
||||
$_SESSION["needs_auth"]=false;
|
||||
$_SESSION["logged_in"]=false;
|
||||
$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey FROM users WHERE username = ?";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 's', $username);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_store_result($stmt);
|
||||
$pw=0;
|
||||
$mfa=0;
|
||||
$passkey=0;
|
||||
if(mysqli_stmt_num_rows($stmt) == 1){
|
||||
mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey);
|
||||
mysqli_stmt_fetch($stmt);
|
||||
$_SESSION["pw_required"] = $pw;
|
||||
$_SESSION["pw_authenticated"] = ($pw == 0) ? 1 : 0; // If $pw is 0, set pw_authenticated to 1
|
||||
$_SESSION["mfa_required"] = $mfa;
|
||||
$_SESSION["mfa_authenticated"] = ($mfa == 0) ? 1 : 0;
|
||||
$_SESSION["passkey_required"] = $passkey;
|
||||
$_SESSION["passkey_authenticated"] = ($passkey == 0) ? 1 : 0;
|
||||
$data=[
|
||||
'message' => 'prepared_start_auth',
|
||||
'redirect' => '/login/'
|
||||
];
|
||||
echo(json_encode($data));
|
||||
}else{
|
||||
$data = [
|
||||
'message' => 'this user does not exist',
|
||||
'redirect' => '/?user_not_found'
|
||||
];
|
||||
echo(json_encode($data));
|
||||
}
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user