Business/AccountHub
2
0
Fork 2
Code Issues 3 Pull Requests Releases 3 Wiki Activity

Improve logging, fix bug allowing login with only username and 2fa code

Browse Source
This commit is contained in:
Skylar Ittner 2017-05-02 19:19:27 -06:00
parent 87104163be
commit 760e9d4323
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
index.php
View File

@ -27,6 +27,7 @@ if ($VARS['progress'] == "1") {
break; break;
} }
if ($userpass_ok) { if ($userpass_ok) {
$_SESSION['passok'] = true; // stop logins using only username and authcode
if (userHasTOTP($VARS['username'])) { if (userHasTOTP($VARS['username'])) {
$multiauth = true; $multiauth = true;
} else { } else {
@ -45,6 +46,10 @@ if ($VARS['progress'] == "1") {
insertAuthLog(8, null, "Username: " . $VARS['username']); insertAuthLog(8, null, "Username: " . $VARS['username']);
} }
} else if ($VARS['progress'] == "2") { } else if ($VARS['progress'] == "2") {
if ($_SESSION['passok'] !== true) {
// stop logins using only username and authcode
sendError("Password integrity check failed!");
}
if (verifyTOTP($VARS['username'], $VARS['authcode'])) { if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
doLoginUser($VARS['username'], $VARS['password']); doLoginUser($VARS['username'], $VARS['password']);
insertAuthLog(1, $_SESSION['uid']); insertAuthLog(1, $_SESSION['uid']);