-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrecovery.php
88 lines (71 loc) · 2.16 KB
/
recovery.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
/*
* TwoFactorAuth
*
* Copyright (C) 2021-2022 e107 Inc. (https://www.e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
*/
if(!defined('e107_INIT'))
{
require_once(__DIR__.'/../../class2.php');
}
// Make this page inaccessible when plugin is not installed.
if (!e107::isInstalled('twofactorauth'))
{
e107::redirect();
exit;
}
// Make this page inaccessible when plugin is not installed.
if (!e107::isInstalled('twofactorauth'))
{
e107::redirect();
exit;
}
require_once(e_PLUGIN."twofactorauth/twofactorauth_class.php");
$tfa_class = new tfa_class();
$session_user_id = e107::getSession('2fa')->get('user_id');
$session_previous_page = e107::getSession('2fa')->get('previous_page');
// No need to access this file directly or when already logged in.
if(empty($session_user_id) || USER)
{
$tfa_class->tfaDebug(__LINE__." ".__FILE__.": session_user_id: ".$session_user_id);
if(USER)
{
$tfa_class->tfaDebug(__LINE__." ".__FILE__.": User is already logged in? Redirect to setup");
$url = e107::url('twofactorauth', 'setup');
e107::redirect($url);
}
else
{
$tfa_class->tfaDebug(__LINE__." ".__FILE__.": session user id already set? Redirect to homepage");
e107::redirect();
}
e107::redirect($url);
exit;
}
// Load LAN files
e107::lan('twofactorauth', false, true);
$caption = LAN_2FA_TITLE." - ".LAN_2FA_RECOVERY;
e107::title($caption);
require_once(HEADERF);
$text = "";
// Process TOTP code and verify against secret key
if(isset($_POST['enter-recovery-code']))
{
// Retrieve user ID from session
$user_id = e107::getSession('2fa')->get('user_id');
$recovery_code = (string) $_POST['recovery-code'];
if(!$tfa_class->processRecoveryCode($user_id, $recovery_code))
{
e107::getMessage()->addError(LAN_2FA_INCORRECT_RECOVERYCODE);
}
}
// Display form to enter recovery code
e107::getMessage()->addInfo(e107::getParser()->toHTML(LAN_2FA_RECOVERYCODE_INSTRUCTIONS, true));
$text .= $tfa_class->showRecoveryCodeInputForm($action);
// Let's render and show it all!
e107::getRender()->tablerender($caption, e107::getMessage()->render().$text);
require_once(FOOTERF);
exit;