AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added Remember Me option by checking this you wont have to enter your MFA for up to 14 days on the device

Browse Source
This commit is contained in:
johnnyq
2023-11-20 20:49:33 -05:00
parent dcd5103819
commit 0d6c58f1d0
3 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
login.php
View File

@@ -111,12 +111,25 @@ if (isset($_POST['login'])) {
$user_email = sanitizeInput($row['user_email']);
$token = sanitizeInput($row['user_token']);
$force_mfa = intval($row['user_config_force_mfa']);
$remember_token = $row['user_config_remember_me_token'];
if($force_mfa == 1 && $token == NULL) {
$config_start_page = "user_profile.php";
}
// Checking for user 2FA
if (empty($token) || TokenAuth6238::verify($token, $current_code)) {
$bypass_2fa = false;
if (isset($_COOKIE['rememberme']) && $_COOKIE['rememberme'] == $remember_token) {
$bypass_2fa = true;
} elseif (empty($token) || TokenAuth6238::verify($token, $current_code)) {
$bypass_2fa = true;
}
if ($bypass_2fa) {
if (isset($_POST['remember_me'])) {
$newRememberToken = bin2hex(random_bytes(64));
setcookie('rememberme', $newRememberToken, time() + 86400*14, "/", null, true, true);
$updateTokenQuery = "UPDATE user_settings SET user_config_remember_me_token = '$newRememberToken' WHERE user_id = $user_id";
mysqli_query($mysqli, $updateTokenQuery);
}
// FULL LOGIN SUCCESS - 2FA not configured or was successful
@@ -310,14 +323,14 @@ if (isset($_POST['login'])) {
</div>
</div>
</div>
<!--
<div class="form-group mb-3">
<div class="custom-control custom-checkbox">
<input type="checkbox" class="custom-control-input" id="remember_me">
<input type="checkbox" class="custom-control-input" id="remember_me" name="remember_me">
<label class="custom-control-label" for="remember_me">Remember Me</label>
</div>
</div>
!-->
<?php if (isset($token_field)) { echo $token_field; } ?>
<button type="submit" class="btn btn-primary btn-block mb-3" name="login">Sign In</button>