From 3f772f5a2f7584de39785f3816accb447edccfa0 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Mon, 19 Aug 2024 19:56:12 +0100
Subject: [PATCH] Bugfix: credentials

Fix an edge-case bug causing the user_encryption_session_key session cookie to not be set due to error output (when display PHP errors in browser is enabled). This means login credentials are still encrypted but cannot be decrypted properly by other users.
Prevent users creating new credentials if they do not have the correct cookie set.
---
 client_logins.php | 2 +-
 login.php         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/client_logins.php b/client_logins.php
index 83acddc0..6f263650 100644
--- a/client_logins.php
+++ b/client_logins.php
@@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
         <h3 class="card-title mt-2"><i class="fa fa-fw fa-key mr-2"></i>Credentials</h3>
         <div class="card-tools">
             <div class="btn-group">
-                <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal">
+                <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal" <?php if (!isset($_COOKIE['user_encryption_session_key'])) { echo "disabled"; } ?>>
                     <i class="fas fa-plus mr-2"></i>New Credential
                 </button>
                 <button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
diff --git a/login.php b/login.php
index 7bdda367..edfeef33 100644
--- a/login.php
+++ b/login.php
@@ -145,7 +145,7 @@ if (isset($_POST['login'])) {
         }
 
         // Validate MFA code
-        if (TokenAuth6238::verify($token, $current_code)) {
+        if (!empty($current_code) && TokenAuth6238::verify($token, $current_code)) {
             $mfa_is_complete = true;
             $extended_log = 'with 2FA';
         }