AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-23 05:55:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Reworked MFA Enforcement page to use login page style for smoother transition

Browse Source
This commit is contained in:
johnnyq
2025-01-29 11:35:14 -05:00
parent 6cbd4ffebe
commit 22a5c90d21
3 changed files with 48 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
force_mfa.php
View File

@@ -1,74 +0,0 @@
<?php
require_once "config.php";
include_once "functions.php";
require_once "check_login.php";
require_once "header.php";
?>
<div class="card card-dark">
<div class="card-header py-3">
<h3 class="card-title"><i class="fas fa-fw fa-sheild mr-2"></i>2FA Setup</h3>
</div>
<div class="card-body">
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<?php if (empty($session_token)) { ?>
<button type="submit" name="enable_2fa" class="btn btn-success btn-block mt-3"><i class="fa fa-fw fa-lock"></i><br> Enable 2FA</button>
<?php } else { ?>
<p>You have set up 2FA. Your QR code is below.</p>
<button type="submit" name="disable_2fa" class="btn btn-danger btn-block mt-3"><i class="fa fa-fw fa-unlock"></i><br>Disable 2FA</button>
<?php } ?>
<center>
<?php
require_once 'rfc6238.php';
//Generate a base32 Key
$secretkey = key32gen();
if (!empty($session_token)) {
// Generate QR Code
$data = "otpauth://totp/ITFlow:$session_email?secret=$session_token";
print "<img src='plugins/barcode/barcode.php?f=png&s=qr&d=$data'>";
echo "<p class='text-secondary'>$session_token</p>";
}
?>
</center>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>">
</form>
<?php if (!empty($session_token)) { ?>
<form action="post.php" method="post" autocomplete="off">
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
</div>
<input type="text" class="form-control" name="code" placeholder="Verify 2FA Code" required>
<div class="input-group-append">
<button type="submit" name="verify" class="btn btn-success">Verify</button>
</div>
</div>
</div>
</form>
<?php } ?>
</div>
</div>
<?php
require_once "includes/footer.php";

2
login.php
View File

@@ -324,7 +324,7 @@ if (isset($_POST['login'])) {
<?php if (!empty($company_logo)) { ?> <?php if (!empty($company_logo)) { ?>
<img alt="<?=nullable_htmlentities($company_name)?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>"> <img alt="<?=nullable_htmlentities($company_name)?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
<?php } else { ?> <?php } else { ?>
<b>IT</b>Flow <span class="text-primary text-bold"><i class="fas fa-paper-plane mr-2"></i>IT</span>Flow
<?php } ?> <?php } ?>
</div> </div>

90
mfa_enforcement.php
View File

@@ -47,50 +47,55 @@ $data = "otpauth://totp/ITFlow:$session_email?secret=$token";
<script src="plugins/toastr/toastr.min.js"></script> <script src="plugins/toastr/toastr.min.js"></script>
</head> </head>
<body class="bg-light"> <body class="hold-transition login-page">
<div class="wrapper text-sm"> <?php require_once "includes/inc_alert_feedback.php"; ?>
<div class="container col-md-5"> <div class="login-box">
<div class="login-logo">
<?php require_once 'includes/inc_alert_feedback.php'; ?> <?php if (!empty($company_logo)) { ?>
<img alt="<?=nullable_htmlentities($company_name)?> logo" height="110" width="380" class="img-fluid" src="<?php echo "uploads/settings/$company_logo"; ?>">
<div class="card card-dark mt-5"> <?php } else { ?>
<div class="card-header"> <span class="text-primary text-bold"><i class="fas fa-paper-plane mr-2"></i>IT</span>Flow
<h3 class="card-title"><i class="fas fa-shield-alt mr-2"></i>Multi-Factor Authentication Enforcement</h3> <?php } ?>
</div>
<div class="card-body">
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="text-center">
<h4>Scan this code into your app</h4>
<img src='plugins/barcode/barcode.php?f=png&s=qr&d=<?php echo $data; ?>'>
<div>Can't Scan? <span class="text-secondary">Copy and paste the secret below</span>
</div>
<hr>
<p><span class='text-secondary'>Secret:</span> <?php echo $token; ?>
<button type="button" class='btn btn-sm clipboardjs' data-clipboard-text='<?php echo $token; ?>'><i class='far fa-copy text-secondary'></i></button>
</p>
</div>
<hr>
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
</div>
<input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*" minlength="6" maxlength="6" name="verify_code" placeholder="Enter 6 digit code to verify MFA" required>
<div class="input-group-append">
<button type="submit" name="enable_mfa" class="btn btn-primary"><i class="fa fa-check mr-2"></i>Enable</button>
</div>
</div>
</div>
</form>
</div>
</div>
</div> </div>
</div> <!-- ./wrapper -->
<!-- /.login-logo -->
<div class="card">
<div class="card-body login-card-body">
<p class="login-box-msg">Multi-Factor Authentication Enforced</p>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="text-center">
<img src='plugins/barcode/barcode.php?f=png&s=qr&d=<?php echo $data; ?>'>
<p>
<small><?php echo $token; ?></small>
<button type="button" class='btn btn-sm clipboardjs' data-clipboard-text='<?php echo $token; ?>'><i class='far fa-copy text-secondary'></i></button>
</p>
</div>
<div class="input-group mb-3">
<input type="text" class="form-control" inputmode="numeric" pattern="[0-9]*" minlength="6" maxlength="6" name="verify_code" placeholder="Enter 6 digit code to verify MFA" required>
<div class="input-group-append">
<div class="input-group-text">
<span class="fas fa-lock"></span>
</div>
</div>
</div>
<button type="submit" name="enable_mfa" class="btn btn-primary btn-block mb-3"><i class="fa fa-check mr-2"></i>Enable MFA</button>
</form>
</div>
<!-- /.login-card-body -->
</div>
</div>
<!-- /.login-box -->
<!-- REQUIRED SCRIPTS --> <!-- REQUIRED SCRIPTS -->
@@ -143,6 +148,5 @@ clipboard.on('error', function(e) {
}); });
</script> </script>
<script src="js/confirm_modal.js"></script>
</body> </body>
</html> </html>