paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Allow multiple TOTP

master
andryyy 2021-10-23 17:14:43 +02:00
parent 8e911c1283
commit 8769a91388
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
data/web/inc/functions.inc.php
View File

@ -1222,8 +1222,8 @@ function set_tfa($_data) {
case "totp": case "totp":
$key_id = (!isset($_data["key_id"])) ? 'unidentified' : $_data["key_id"]; $key_id = (!isset($_data["key_id"])) ? 'unidentified' : $_data["key_id"];
if ($tfa->verifyCode($_POST['totp_secret'], $_POST['totp_confirm_token']) === true) { if ($tfa->verifyCode($_POST['totp_secret'], $_POST['totp_confirm_token']) === true) {
$stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username"); //$stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
$stmt->execute(array(':username' => $username)); //$stmt->execute(array(':username' => $username));
$stmt = $pdo->prepare("INSERT INTO `tfa` (`username`, `key_id`, `authmech`, `secret`, `active`) VALUES (?, ?, 'totp', ?, '1')"); $stmt = $pdo->prepare("INSERT INTO `tfa` (`username`, `key_id`, `authmech`, `secret`, `active`) VALUES (?, ?, 'totp', ?, '1')");
$stmt->execute(array($username, $key_id, $_POST['totp_secret'])); $stmt->execute(array($username, $key_id, $_POST['totp_secret']));
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
@ -1610,7 +1610,8 @@ function verify_tfa_login($username, $token) {
AND `authmech` = 'totp' AND `authmech` = 'totp'
AND `active`='1'"); AND `active`='1'");
$stmt->execute(array(':username' => $username)); $stmt->execute(array(':username' => $username));
$row = $stmt->fetch(PDO::FETCH_ASSOC); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
if ($tfa->verifyCode($row['secret'], $_POST['token']) === true) { if ($tfa->verifyCode($row['secret'], $_POST['token']) === true) {
$_SESSION['tfa_id'] = $row['id']; $_SESSION['tfa_id'] = $row['id'];
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
@ -1620,6 +1621,7 @@ function verify_tfa_login($username, $token) {
); );
return true; return true;
} }
}
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $username, '*'), 'log' => array(__FUNCTION__, $username, '*'),