janis/ma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding 2fa

Browse Source
This commit is contained in:
jakani24
2024-06-06 16:33:38 +02:00
parent c1cbddf955
commit 8071748b02
3 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/server/cyberhex-code/system/insecure_zone/php/2fa.php
View File

@@ -45,6 +45,7 @@ include "../../../api/php/notifications/sendmessage.php"; //to send user notific
<div class="col">
<button style="align:left" type="submit" class="btn btn-primary btn-block">Check pin</button>
</div>
<br>
</form>
<!-- php code to verify 2fa pin-->
<?php

4
src/server/cyberhex-code/system/insecure_zone/php/login.php
View File

@@ -71,7 +71,11 @@ async function checkRegistration() {
reloadServerPreview();
//window.alert(authenticatorAttestationServerResponse.msg || 'login success');
//auth success, send to index
if(authenticatorAttestationServerResponse.msg=="send_to_2fa"){
window.location.href = "/system/insecure_zone/php/2fa.php";
}else{
window.location.href = "/system/secure_zone/php/index.php";
}
} else {
throw new Error(authenticatorAttestationServerResponse.msg);
}

17
src/server/cyberhex-code/system/insecure_zone/php/login_backend.php
View File

@@ -179,14 +179,27 @@ try {
$_SESSION["allow_pw_login"]=$row["allow_pw_login"];
$_SESSION["send_login_message"]=$row["send_login_message"];
$_SESSION["use_2fa"]=$row["use_2fa"];
$return = new stdClass();
$return->success = true;
if($_SESSION["use_2fa"]=="1"){
unset($_SESSION["login"]); //set the login state to false
$_SESSION["2fa_auth"]=true;
$pin=mt_rand(100000, 999999);
$_SESSION["pin"]=$pin;
$ip = $_SERVER['REMOTE_ADDR'];
send_to_user("[2FA-Pin]\nHello $username\nHere is your pin to log into cyberhex: $pin. If you did not try to log in please take steps to secure your account!\nIP: $ip\n",$username);
//send the user to 2fa auth page
$return->msg="send_to_2fa";
}else{
if($_SESSION["send_login_message"]=="1"){
$ip = $_SERVER['REMOTE_ADDR'];
$username=$row["username"];
send_to_user("[LOGIN WARNING]\nHello $username\nSomebody has logged into Cyberhex with your account.\nIf this was you, you can ignore this message. Else please take steps to secure your account!\nIP: $ip\n",$username);
}
}
$return = new stdClass();
$return->success = true;
header('Content-Type: application/json');
print(json_encode($return));
}