From f4df7da0e4aecefbb2bfb73e751a187f799477d5 Mon Sep 17 00:00:00 2001 From: xiaomlove Date: Wed, 6 Jul 2022 15:23:23 +0800 Subject: [PATCH] show passkey login URL at usercp --- app/Http/Controllers/AuthenticateController.php | 15 +++++++++------ lang/chs/lang_usercp.php | 1 + lang/cht/lang_usercp.php | 1 + lang/en/lang_usercp.php | 1 + public/usercp.php | 3 +++ 5 files changed, 15 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/AuthenticateController.php b/app/Http/Controllers/AuthenticateController.php index af216198..3acf7bd1 100644 --- a/app/Http/Controllers/AuthenticateController.php +++ b/app/Http/Controllers/AuthenticateController.php @@ -46,12 +46,15 @@ class AuthenticateController extends Controller public function passkeyLogin($passkey) { - $user = User::query()->where('passkey', $passkey)->first(['id', 'passhash']); - if ($user) { - $passhash = md5($user->passhash . $_SERVER["REMOTE_ADDR"]); - logincookie($user->id, $passhash,false,0x7fffffff, true, true, true); - $user->last_login = now(); - $user->save(); + $deadline = Setting::get('security.login_secret_deadline'); + if ($deadline && $deadline > now()->toDateTimeString()) { + $user = User::query()->where('passkey', $passkey)->first(['id', 'passhash']); + if ($user) { + $passhash = md5($user->passhash . $_SERVER["REMOTE_ADDR"]); + logincookie($user->id, $passhash,false,0x7fffffff, true, true, true); + $user->last_login = now(); + $user->save(); + } } return redirect('index.php'); } diff --git a/lang/chs/lang_usercp.php b/lang/chs/lang_usercp.php index b7883f75..bb3a1910 100644 --- a/lang/chs/lang_usercp.php +++ b/lang/chs/lang_usercp.php @@ -251,6 +251,7 @@ $lang_usercp = array 'text_two_step_secret_bind_manually_note' => '或者在 APP 中手动输入以下 Key:', 'text_two_step_secret_bind_complete_note' => '输入 code 完成两步验证', 'text_two_step_secret_unbind_note' => '输入 code 取消两步验证', + 'row_passkey_login_url' => 'Passkey 登录链接', ); ?> diff --git a/lang/cht/lang_usercp.php b/lang/cht/lang_usercp.php index 986decf2..06bb8a30 100644 --- a/lang/cht/lang_usercp.php +++ b/lang/cht/lang_usercp.php @@ -249,6 +249,7 @@ $lang_usercp = array 'text_two_step_secret_bind_manually_note' => '或者在 APP 中手動輸入以下 Key:', 'text_two_step_secret_bind_complete_note' => '輸入 code 完成兩步驗證', 'text_two_step_secret_unbind_note' => '輸入 code 取消兩步驗證', + 'row_passkey_login_url' => 'Passkey 登錄鏈接', ); ?> diff --git a/lang/en/lang_usercp.php b/lang/en/lang_usercp.php index 389b06d3..e7fe883f 100644 --- a/lang/en/lang_usercp.php +++ b/lang/en/lang_usercp.php @@ -251,6 +251,7 @@ $lang_usercp = array 'text_two_step_secret_bind_manually_note' => 'Or manually enter the following key in the APP: ', 'text_two_step_secret_bind_complete_note' => 'Enter code to complete the two-step authentication', 'text_two_step_secret_unbind_note' => 'Enter code to cancel two-step authentication', + 'row_passkey_login_url' => 'Passkey login URL', ); ?> diff --git a/public/usercp.php b/public/usercp.php index 5c2a10f5..b6ae2361 100644 --- a/public/usercp.php +++ b/public/usercp.php @@ -933,6 +933,9 @@ else{ if ($CURUSER["avatar"]) tr_small($lang_usercp['row_avatar'], "", 1); tr_small($lang_usercp['row_passkey'], $CURUSER["passkey"], 1); +if (get_setting('security.login_type') == 'passkey' && get_setting('security.login_secret_deadline') > date('Y-m-d H:i:s')) { + tr_small($lang_usercp['row_passkey_login_url'], sprintf('%s/%s/%s', getSchemeAndHttpHost(), get_setting('security.login_secret'), $CURUSER['passkey']), 1); +} if ($prolinkpoint_bonus) { $prolinkclick=get_row_count("prolinkclicks", "WHERE userid=".$CURUSER['id']);