Implemented 2FA TOTP with Google Authenticator

This commit is contained in:
root
2019-06-16 22:33:55 -04:00
parent bc8091ae49
commit e247ad4ee4
13 changed files with 564 additions and 125 deletions

View File

@@ -8,22 +8,48 @@ if(isset($_POST['login'])){
$email = mysqli_real_escape_string($mysqli,$_POST['email']);
$password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
$current_code = $_POST['current_code'];
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '$email' AND password = '$password'");
if(mysqli_num_rows($sql) == 1){
$row = mysqli_fetch_array($sql);
$_SESSION['logged'] = TRUE;
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['name'] = $row['name'];
$_SESSION['client_id'] = $row['client_id'];
$client_id = $row['client_id'];
$token = $row['token'];
if(empty($token)){
$_SESSION['logged'] = TRUE;
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['name'] = $row['name'];
$_SESSION['client_id'] = $row['client_id'];
$client_id = $row['client_id'];
if($client_id > 0){
header("Location: client.php?client_id=$client_id");
if($client_id > 0){
header("Location: client.php?client_id=$client_id");
}else{
header("Location: $config_start_page");
}
}else{
header("Location: $config_start_page");
require_once("rfc6238.php");
if(TokenAuth6238::verify($token,$current_code)){
$_SESSION['logged'] = TRUE;
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['name'] = $row['name'];
$_SESSION['client_id'] = $row['client_id'];
$client_id = $row['client_id'];
header("Location: $config_start_page");
}else{
$response = "
<div class='alert alert-danger'>
Invalid Code.
<button class='close' data-dismiss='alert'>&times;</button>
</div>
";
}
}
}else{
$response = "
<div class='alert alert-danger'>
@@ -79,6 +105,12 @@ if(isset($_POST['login'])){
<label for="inputPassword">Password</label>
</div>
</div>
<div class="form-group">
<div class="form-label-group">
<input type="text" id="inputToken" name="current_code" class="form-control" placeholder="2FA Token if applicable">
<label for="inputToken">Token</label>
</div>
</div>
<button class="btn btn-primary btn-block" type="submit" name="login">Login</button>
</form>
</div>