From fe00c0df2b8237c8fca9a2993e8404ab9e5848c8 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Sat, 21 Jan 2023 14:37:50 +0000 Subject: [PATCH] Send users a notification email if they disable 2FA --- post.php | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/post.php b/post.php index 092f1464..8a27d455 100644 --- a/post.php +++ b/post.php @@ -295,10 +295,10 @@ if(isset($_POST['edit_profile'])){ // Determine exactly what changed if ($user_old_email !== $email && !empty($new_password)) { - $details = "Your e-mail address and password were changed. New email: $email"; + $details = "Your e-mail address and password were changed. New email: $email."; } elseif ($user_old_email !== $email) { - $details = "Your email address was changed. New email: $email"; + $details = "Your email address was changed. New email: $email."; } elseif (!empty($new_password)) { $details = "Your password was changed."; @@ -1136,6 +1136,17 @@ if(isset($_POST['disable_2fa'])){ //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Settings', log_action = 'Modify', log_description = '$session_name disabled 2FA on their account', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); + // Email notification + if (!empty($config_smtp_host)) { + $subject = "$config_app_name account update confirmation for $session_name"; + $body = "Hi $session_name,

Your $config_app_name account has been updated, details below:

2FA was disabled.

If you did not perform this change, contact your $config_app_name administrator immediately.

Thanks,
ITFlow
$session_company_name"; + + $mail = sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port, + $config_mail_from_email, $config_mail_from_name, + $session_email, $session_name, + $subject, $body); + } + $_SESSION['alert_message'] = "Two-factor authentication disabled"; header("Location: " . $_SERVER["HTTP_REFERER"]);