From 8071748b02657fbc4c6b87b7aa6e050c19f768cd Mon Sep 17 00:00:00 2001 From: jakani24 Date: Thu, 6 Jun 2024 16:33:38 +0200 Subject: [PATCH] adding 2fa --- .../system/insecure_zone/php/2fa.php | 1 + .../system/insecure_zone/php/login.php | 6 ++++- .../insecure_zone/php/login_backend.php | 23 +++++++++++++++---- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/server/cyberhex-code/system/insecure_zone/php/2fa.php b/src/server/cyberhex-code/system/insecure_zone/php/2fa.php index 9bec669..b8353e3 100644 --- a/src/server/cyberhex-code/system/insecure_zone/php/2fa.php +++ b/src/server/cyberhex-code/system/insecure_zone/php/2fa.php @@ -45,6 +45,7 @@ include "../../../api/php/notifications/sendmessage.php"; //to send user notific
+
success = true; + + if($_SESSION["use_2fa"]=="1"){ + unset($_SESSION["login"]); //set the login state to false + $_SESSION["2fa_auth"]=true; + $pin=mt_rand(100000, 999999); + $_SESSION["pin"]=$pin; $ip = $_SERVER['REMOTE_ADDR']; - $username=$row["username"]; - send_to_user("[LOGIN WARNING]\nHello $username\nSomebody has logged into Cyberhex with your account.\nIf this was you, you can ignore this message. Else please take steps to secure your account!\nIP: $ip\n",$username); + send_to_user("[2FA-Pin]\nHello $username\nHere is your pin to log into cyberhex: $pin. If you did not try to log in please take steps to secure your account!\nIP: $ip\n",$username); + //send the user to 2fa auth page + $return->msg="send_to_2fa"; + }else{ + if($_SESSION["send_login_message"]=="1"){ + $ip = $_SERVER['REMOTE_ADDR']; + $username=$row["username"]; + send_to_user("[LOGIN WARNING]\nHello $username\nSomebody has logged into Cyberhex with your account.\nIf this was you, you can ignore this message. Else please take steps to secure your account!\nIP: $ip\n",$username); + } } - $return = new stdClass(); - $return->success = true; header('Content-Type: application/json'); print(json_encode($return)); }