From 0dd20bc29a7942fccff765c9afe5ae01412de686 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Wed, 8 Nov 2023 10:47:12 +0100
Subject: [PATCH] fix 2fa code verification if method==email for changing
 system-critical settings

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/CurrentUser.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/Froxlor/CurrentUser.php b/lib/Froxlor/CurrentUser.php
index 2971a1ca..6d9972d5 100644
--- a/lib/Froxlor/CurrentUser.php
+++ b/lib/Froxlor/CurrentUser.php
@@ -187,7 +187,8 @@ class CurrentUser
 		if (self::getField('type_2fa') == 1) {
 			// generate code
 			$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
-			$code = $tfa->getCode($tfa->createSecret());
+			$secret = $tfa->createSecret();
+			$code = $tfa->getCode($secret);
 			// set code for user
 			$table = TABLE_PANEL_CUSTOMERS;
 			$uid = 'customerid';
@@ -197,7 +198,7 @@ class CurrentUser
 			}
 			$stmt = Database::prepare("UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid");
 			Database::pexecute($stmt, [
-				"d2fa" => $code,
+				"d2fa" => $secret,
 				"uid" => self::getField($uid)
 			]);
 			// build up & send email