lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-23 19:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Google Authenticator

Browse Source
This commit is contained in:
xiaomlove
2021-06-10 21:07:20 +08:00
parent 37e0d74bae
commit 3bb15d6a41
17 changed files with 339 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/takelogin.php
+12 -2
View File
@@ -16,7 +16,7 @@ function bark($text = "")
}
if ($iv == "yes")
check_code ($_POST['imagehash'], $_POST['imagestring'],'login.php',true);
$res = sql_query("SELECT id, passhash, secret, enabled, status FROM users WHERE username = " . sqlesc($username));
$res = sql_query("SELECT id, passhash, secret, enabled, status, two_step_secret FROM users WHERE username = " . sqlesc($username));
$row = mysql_fetch_array($res);
if (!$row)
@@ -24,6 +24,16 @@ if (!$row)
if ($row['status'] == 'pending')
failedlogins($lang_takelogin['std_user_account_unconfirmed']);
if (!empty($row['two_step_secret'])) {
if (empty($_POST['two_step_code'])) {
failedlogins($lang_takelogin['std_require_two_step_code']);
}
$ga = new \PHPGangsta_GoogleAuthenticator();
if (!$ga->verifyCode($row['two_step_secret'], $_POST['two_step_code'])) {
failedlogins($lang_takelogin['std_invalid_two_step_code']);
}
}
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"]))
login_failedlogins();
@@ -64,7 +74,7 @@ if (isset($_POST["logout"]) && $_POST["logout"] == "yes")
logincookie($row["id"], $passh,1,900,$securelogin_indentity_cookie, $ssl, $trackerssl);
//sessioncookie($row["id"], $passh,true);
}
else
else
{
logincookie($row["id"], $passh,1,0x7fffffff,$securelogin_indentity_cookie, $ssl, $trackerssl);
//sessioncookie($row["id"], $passh,false);