52 $this->oTwig = lib_twig_box::getInstance();
53 $this->oAC = account::getInstance();
57 $temp_value = $this->database->get_one(
"SELECT pin FROM ".TABLE_PREFIX.
"users WHERE user_id = ".
$user_id);
61 $this->key_new =
true;
65 $this->key_new =
false;
69 $ini_file_name = LEPTON_PATH.
"/config/lepton.ini.php";
70 $config = parse_ini_string(
";" . file_get_contents($ini_file_name),
true);
71 if ($config[
'custom_vars'][
'tfa_code_expires'] !=
'')
74 $this->iCodeExpires = intval($config[
'custom_vars'][
'tfa_code_expires']);
78 $createPin = random_int(100000, 999999);
79 $this->pin =
"".$createPin.
"";
80 $this->pin_encode = password_hash($this->pin, PASSWORD_DEFAULT);
87 if(isset($_SESSION[
'USER_ID']) && isset($_SESSION[
'LEPTOKENS']))
89 $token = $_SESSION[
'LEPTOKENS'][0];
90 $redirect = $_GET[
'redirect']?? LEPTON_URL;
94 'ACTION_URL' => LEPTON_URL.
"/account/tfa.php",
96 'redirect' => $redirect,
97 'post_login' => $_POST,
99 'new' => $this->key_new,
102 echo $this->oTwig->render(
"tfa_form.lte",$page_values);
106 elseif ( $id ==
'save')
108 if(isset($_POST[
'save']) && strlen($_POST[
'save']) == 6 )
110 $this->pin_encode = password_hash($_POST[
'save'], PASSWORD_DEFAULT);
113 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin` = '".$this->pin_encode.
"' WHERE user_id = ".$this->user_id);
116 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
119 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `unix_time` = ".time().
" WHERE user_id = ".$this->user_id);
121 header(
'Location: '.$_POST[
'redirect'].
' ');
128 header(
'Location: '.LEPTON_URL.
'/account/logout.php');
136 if ( $id ==
'display' || $id ==
'resend')
141 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin` = '".$this->pin_encode.
"' WHERE user_id = ".$this->user_id);
142 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
145 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `unix_time` = ".time().
" WHERE user_id = ".$this->user_id);
149 $page_values = array(
151 'ACTION_URL' => LEPTON_URL.
"/account/tfa.php",
152 'post_login' => $_POST,
153 'redirect' => $_POST[
'redirect'] ?? LEPTON_URL,
155 'token' => $_SESSION[
'LEPTOKENS'][0],
159 echo $this->oTwig->render(
"tfa_form.lte",$page_values);
161 elseif ( $id ==
'forward')
163 if(isset($_POST[
'token']) && strlen($_POST[
'pin']) == 6 )
166 $unix = $this->database->get_one(
"SELECT unix_time FROM ".TABLE_PREFIX.
"users WHERE user_id = ".$this->user_id);
167 if($unix + $this->iCodeExpires < time())
169 LEPTON_frontend::displayFEMessage(
'error',$TEXT[
'TFA_EXPIRED'],$_POST[
'redirect'],-1);
175 $dbKey = $this->database->get_one(
"SELECT pin FROM ".TABLE_PREFIX.
"users WHERE user_id = ".$this->user_id);
176 $postKey = $_POST[
'pin'];
177 $forward = strip_tags($_REQUEST[
'redirect'] ?? LEPTON_URL);
180 if(password_verify ($postKey, $dbKey) ===
true)
183 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin_set` = 2 WHERE user_id = ".$this->user_id);
185 header(
'Location: '.$forward);
189 header(
'Location: '.LEPTON_URL.
'/account/logout.php');
195 header(
'Location: '.LEPTON_URL.
'/account/logout.php');
200 header(
'Location: '.LEPTON_URL.
'/account/logout.php');
206 if ( $id ==
'create')
208 $page_values = array(
210 'ACTION_URL' => ADMIN_URL.
"/login/tfa.php",
211 'token' => $_SESSION[
'LEPTOKENS'][0],
212 'post_login' => $_POST,
214 'new' => $this->key_new,
217 echo $this->oTwig->render(
"@theme/tfa_form.lte",$page_values);
222 if(isset($_POST[
'save']) && strlen($_POST[
'save']) == 6 )
224 $this->pin_encode = password_hash($_POST[
'save'], PASSWORD_DEFAULT);
227 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin` = '".$this->pin_encode.
"' WHERE user_id = ".$this->user_id);
230 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
233 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `unix_time` = ".time().
" WHERE user_id = ".$this->user_id);
235 header(
'Location: '.ADMIN_URL.
'/logout/index.php');
240 header(
'Location: '.ADMIN_URL.
'/logout/index.php');
249 if ( $id ==
'display' || $id ==
'resend')
254 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin` = '".$this->pin_encode.
"' WHERE user_id = ".$this->user_id);
255 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin_set` = 1 WHERE user_id = ".$this->user_id);
258 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `unix_time` = ".time().
" WHERE user_id = ".$this->user_id);
263 $page_values = array(
265 'ACTION_URL' => ADMIN_URL.
"/login/tfa.php",
266 'token' => $_SESSION[
'LEPTOKENS'][0],
271 echo $this->oTwig->render(
"@theme/tfa_form.lte",$page_values);
274 elseif ( $id ==
'forward')
276 if(isset($_POST[
'token']) && strlen($_POST[
'pin']) == 6 )
279 $dbKey = $this->database->get_one(
"SELECT pin FROM ".TABLE_PREFIX.
"users WHERE user_id = ".$this->user_id);
280 $postKey = $_POST[
'pin'];
283 $unix = $this->database->get_one(
"SELECT unix_time FROM ".TABLE_PREFIX.
"users WHERE user_id = ".$this->user_id);
284 if($unix + $this->iCodeExpires < time())
286 LEPTON_frontend::displayFEMessage(
'error',$TEXT[
'TFA_EXPIRED'],$_POST[
'redirect'],-1);
292 if(password_verify ($postKey, $dbKey) ===
true)
295 $this->database->simple_query(
"UPDATE ".TABLE_PREFIX.
"users SET `pin_set` = 2 WHERE user_id = ".$this->user_id);
297 header(
'Location: '.ADMIN_URL.
'/start/index.php?leptoken='.$_POST[
'token']);
301 header(
'Location: '.ADMIN_URL.
'/logout/index.php');
308 header(
'Location: '.ADMIN_URL.
'/logout/index.php');