AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-21 04:55:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added Remember Me option by checking this you wont have to enter your MFA for up to 14 days on the device

Browse Source
This commit is contained in:
johnnyq
2023-11-20 20:49:33 -05:00
parent dcd5103819
commit 0d6c58f1d0
3 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
database_updates.php
View File

@@ -1504,6 +1504,12 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
// Then, update the database to the next sequential version // Then, update the database to the next sequential version
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.9.5'"); mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.9.5'");
} }
if (CURRENT_DATABASE_VERSION == '0.9.5') {
mysqli_query($mysqli, "ALTER TABLE `user_settings` ADD `user_config_remember_me_token` VARCHAR(255) NULL DEFAULT NULL AFTER `user_role`");
// Then, update the database to the next sequential version
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.9.6'");
}
} else { } else {
// Up-to-date // Up-to-date
} }

2
database_version.php
View File

@@ -5,5 +5,5 @@
* It is used in conjunction with database_updates.php * It is used in conjunction with database_updates.php
*/ */
DEFINE("LATEST_DATABASE_VERSION", "0.9.5"); DEFINE("LATEST_DATABASE_VERSION", "0.9.6");

23
login.php
View File

@@ -111,12 +111,25 @@ if (isset($_POST['login'])) {
$user_email = sanitizeInput($row['user_email']); $user_email = sanitizeInput($row['user_email']);
$token = sanitizeInput($row['user_token']); $token = sanitizeInput($row['user_token']);
$force_mfa = intval($row['user_config_force_mfa']); $force_mfa = intval($row['user_config_force_mfa']);
$remember_token = $row['user_config_remember_me_token'];
if($force_mfa == 1 && $token == NULL) { if($force_mfa == 1 && $token == NULL) {
$config_start_page = "user_profile.php"; $config_start_page = "user_profile.php";
} }
// Checking for user 2FA $bypass_2fa = false;
if (empty($token) || TokenAuth6238::verify($token, $current_code)) { if (isset($_COOKIE['rememberme']) && $_COOKIE['rememberme'] == $remember_token) {
$bypass_2fa = true;
} elseif (empty($token) || TokenAuth6238::verify($token, $current_code)) {
$bypass_2fa = true;
}
if ($bypass_2fa) {
if (isset($_POST['remember_me'])) {
$newRememberToken = bin2hex(random_bytes(64));
setcookie('rememberme', $newRememberToken, time() + 86400*14, "/", null, true, true);
$updateTokenQuery = "UPDATE user_settings SET user_config_remember_me_token = '$newRememberToken' WHERE user_id = $user_id";
mysqli_query($mysqli, $updateTokenQuery);
}
// FULL LOGIN SUCCESS - 2FA not configured or was successful // FULL LOGIN SUCCESS - 2FA not configured or was successful
@@ -310,14 +323,14 @@ if (isset($_POST['login'])) {
</div> </div>
</div> </div>
</div> </div>
<!--
<div class="form-group mb-3"> <div class="form-group mb-3">
<div class="custom-control custom-checkbox"> <div class="custom-control custom-checkbox">
<input type="checkbox" class="custom-control-input" id="remember_me"> <input type="checkbox" class="custom-control-input" id="remember_me" name="remember_me">
<label class="custom-control-label" for="remember_me">Remember Me</label> <label class="custom-control-label" for="remember_me">Remember Me</label>
</div> </div>
</div> </div>
!-->
<?php if (isset($token_field)) { echo $token_field; } ?> <?php if (isset($token_field)) { echo $token_field; } ?>
<button type="submit" class="btn btn-primary btn-block mb-3" name="login">Sign In</button> <button type="submit" class="btn btn-primary btn-block mb-3" name="login">Sign In</button>