AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated 2FA UI

This commit is contained in:
root 2019-06-16 23:56:40 -04:00
parent e247ad4ee4
commit b65739bfc3
3 changed files with 33 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
login.php
View File

@ -15,14 +15,13 @@ if(isset($_POST['login'])){
if(mysqli_num_rows($sql) == 1){ if(mysqli_num_rows($sql) == 1){
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$token = $row['token']; $token = $row['token'];
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['name'] = $row['name'];
$_SESSION['client_id'] = $row['client_id'];
$client_id = $row['client_id'];
if(empty($token)){ if(empty($token)){
$_SESSION['logged'] = TRUE; $_SESSION['logged'] = TRUE;
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['name'] = $row['name'];
$_SESSION['client_id'] = $row['client_id'];
$client_id = $row['client_id'];
if($client_id > 0){ if($client_id > 0){
header("Location: client.php?client_id=$client_id"); header("Location: client.php?client_id=$client_id");
@ -35,10 +34,6 @@ if(isset($_POST['login'])){
if(TokenAuth6238::verify($token,$current_code)){ if(TokenAuth6238::verify($token,$current_code)){
$_SESSION['logged'] = TRUE; $_SESSION['logged'] = TRUE;
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['name'] = $row['name'];
$_SESSION['client_id'] = $row['client_id'];
$client_id = $row['client_id'];
header("Location: $config_start_page"); header("Location: $config_start_page");
}else{ }else{
$response = " $response = "
@ -108,7 +103,7 @@ if(isset($_POST['login'])){
<div class="form-group"> <div class="form-group">
<div class="form-label-group"> <div class="form-label-group">
<input type="text" id="inputToken" name="current_code" class="form-control" placeholder="2FA Token if applicable"> <input type="text" id="inputToken" name="current_code" class="form-control" placeholder="2FA Token if applicable">
<label for="inputToken">Token</label> <label for="inputToken">2FA Token</label>
</div> </div>
</div> </div>
<button class="btn btn-primary btn-block" type="submit" name="login">Login</button> <button class="btn btn-primary btn-block" type="submit" name="login">Login</button>

14
post.php
View File

@ -115,13 +115,23 @@ if(isset($_POST['edit_invoice_settings'])){
} }
if(isset($_POST['settings_2fa'])){ if(isset($_POST['enable_2fa'])){
$token = mysqli_real_escape_string($mysqli,$_POST['token']); $token = mysqli_real_escape_string($mysqli,$_POST['token']);
mysqli_query($mysqli,"UPDATE users SET token = '$token' WHERE user_id = $session_user_id"); mysqli_query($mysqli,"UPDATE users SET token = '$token' WHERE user_id = $session_user_id");
$_SESSION['alert_message'] = "Updated User Token"; $_SESSION['alert_message'] = "2FA Enabled and Token Updated";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['disable_2fa'])){
mysqli_query($mysqli,"UPDATE users SET token = '' WHERE user_id = $session_user_id");
$_SESSION['alert_message'] = "2FA Disabled you can now login without an additional code";
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);

30
settings-user.php
View File

@ -6,15 +6,10 @@
<div class="card mb-3"> <div class="card mb-3">
<div class="card-header"> <div class="card-header">
<h6 class="float-left mt-1"><i class="fa fa-fw fa-cog mr-2"></i>User Settings</h6> <h6 class="float-left mt-1"><i class="fa fa-fw fa-lock mr-2"></i>Two Factor Authentication</h6>
</div> </div>
<div class="card-body"> <div class="card-body">
<form class="p-3" action="post.php" method="post" autocomplete="off"> <form class="p-3" action="post.php" method="post" autocomplete="off">
<input type="hidden" name="secretkey" value="<?php echo $secret_key; ?>">
<div class="custom-control custom-switch mb-2">
<input type="checkbox" class="custom-control-input" name="en2fa" <?php if($en2fa == 1){ echo "checked"; } ?> value="1" id="customSwitch1">
<label class="custom-control-label" for="customSwitch1">Enable Two Factor Authentication</label>
</div>
<?php <?php
@ -23,22 +18,29 @@
//Generate a base32 Key //Generate a base32 Key
$secretkey = key32gen(); $secretkey = key32gen();
//Generate QR Code based off the generated key if(!empty($session_token)){
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl('','',$secretkey,'PittPC-CRM')); //Generate QR Code based off the generated key
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl('','',$session_token,'PittPC-CRM'));
}
?> ?>
<input type="hidden" name="token" value="<?php echo $secretkey; ?>"> <input type="hidden" name="token" value="<?php echo $secretkey; ?>">
<hr> <hr>
<button type="submit" name="settings_2fa" class="btn btn-primary">Enable</button>
<?php if(empty($session_token)){ ?>
<button type="submit" name="enable_2fa" class="btn btn-primary">Enable 2FA</button>
<?php }else{ ?>
<button type="submit" name="disable_2fa" class="btn btn-danger">Disable 2FA</button>
<?php } ?>
</form> </form>
<hr> <?php if(!empty($session_token)){ ?>
<form class="p-3" action="post.php" method="post" autocomplete="off"> <form class="p-3" action="post.php" method="post" autocomplete="off">
<div class="form-group"> <div class="form-group">
<label>Enter Code</label> <label>Verify 2FA is Working</label>
<div class="input-group"> <div class="input-group">
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-key"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
@ -48,10 +50,8 @@
</div> </div>
<hr> <hr>
<button type="submit" name="verify" class="btn btn-primary">Verify</button> <button type="submit" name="verify" class="btn btn-primary">Verify</button>
</form> </form>
<?php } ?>
</div> </div>
</div> </div>