maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

fix 2fa code verification if method==email for changing system-critical settings

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2023-11-08 10:47:12 +01:00
parent f71ee9f1f2
commit 0dd20bc29a
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/Froxlor/CurrentUser.php
View File

@@ -187,7 +187,8 @@ class CurrentUser
if (self::getField('type_2fa') == 1) { if (self::getField('type_2fa') == 1) {
// generate code // generate code
$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname')); $tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
$code = $tfa->getCode($tfa->createSecret()); $secret = $tfa->createSecret();
$code = $tfa->getCode($secret);
// set code for user // set code for user
$table = TABLE_PANEL_CUSTOMERS; $table = TABLE_PANEL_CUSTOMERS;
$uid = 'customerid'; $uid = 'customerid';
@@ -197,7 +198,7 @@ class CurrentUser
} }
$stmt = Database::prepare("UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid"); $stmt = Database::prepare("UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid");
Database::pexecute($stmt, [ Database::pexecute($stmt, [
"d2fa" => $code, "d2fa" => $secret,
"uid" => self::getField($uid) "uid" => self::getField($uid)
]); ]);
// build up & send email // build up & send email