diff --git a/cp/app/Auth/Auth.php b/cp/app/Auth/Auth.php index 58a7b2c..3017b7a 100644 --- a/cp/app/Auth/Auth.php +++ b/cp/app/Auth/Auth.php @@ -128,7 +128,7 @@ class Auth * @throws \Pinga\Auth\AttemptCancelledException * @throws \Pinga\Auth\AuthError */ - public static function login($email, $password, $remember=null){ + public static function login($email, $password, $remember=null, $code=null){ $auth = self::$auth; try { if ($remember !='') { @@ -140,8 +140,28 @@ class Auth $rememberDuration = null; } - $auth->login($email, $password,$rememberDuration); - return true; + $auth->login($email, $password, $rememberDuration); + + global $container; + $db = $container->get('db'); + $tfa = $db->selectRow('SELECT tfa_enabled, tfa_secret FROM users WHERE id = ?', [$auth->getUserId()]); + + if ($tfa) { + if ($tfa['tfa_enabled'] == 1) { + $tfaService = new \RobThree\Auth\TwoFactorAuth('Namingo'); + if ($tfaService->verifyCode($tfa['tfa_secret'], $code) === true) { + return true; + } else { + self::$auth->logOut(); + redirect()->route('login')->with('error','Incorrect 2FA Code. Please check and enter the correct code. 2FA codes are time-sensitive. For continuous issues, contact support.'); + } + } elseif ($tfa['tfa_enabled'] == 0) { + return true; + } + } else { + self::$auth->logOut(); + redirect()->route('login')->with('error','Temporary Database Issue. Please try again shortly. If this problem persists, kindly reach out to our support team for assistance.'); + } } catch (InvalidEmailException $e) { redirect()->route('login')->with('error','Wrong email address'); @@ -303,4 +323,4 @@ class Auth ]; return $info; } -} +} \ No newline at end of file diff --git a/cp/app/Controllers/Auth/AuthController.php b/cp/app/Controllers/Auth/AuthController.php index 0356f17..27f48e8 100644 --- a/cp/app/Controllers/Auth/AuthController.php +++ b/cp/app/Controllers/Auth/AuthController.php @@ -39,7 +39,12 @@ class AuthController extends Controller }else{ $remember = null; } - $login = Auth::login($data['email'], $data['password'], $remember); + if(isset($data['code'])){ + $code = $data['code']; + }else{ + $code = null; + } + $login = Auth::login($data['email'], $data['password'], $remember, $code); if($login===true) redirect()->route('home'); } @@ -48,8 +53,8 @@ class AuthController extends Controller * @throws \Pinga\Auth\AuthError */ public function logout() - { - Auth::logout(); - redirect()->route('login'); - } -} + { + Auth::logout(); + redirect()->route('login'); + } +} \ No newline at end of file diff --git a/cp/resources/views/admin/profile/profile.twig b/cp/resources/views/admin/profile/profile.twig index 4a68899..c73b446 100644 --- a/cp/resources/views/admin/profile/profile.twig +++ b/cp/resources/views/admin/profile/profile.twig @@ -102,7 +102,7 @@ {{ csrf.field | raw }}

Set up 2FA for additional security. Scan the QR code with your authentication app and enter the provided code below to verify.

- +
2FA QR Code
@@ -128,7 +128,13 @@ {% else %}
-

2FA active

+
+ +
+
Your account is secured with an additional layer of protection.
+

2FA is currently enabled for your account. If you encounter any issues or need to disable 2FA, please contact our support team for assistance.

+
+
{% endif %}
diff --git a/cp/resources/views/auth/login.twig b/cp/resources/views/auth/login.twig index 4d1b163..1bf8d2c 100644 --- a/cp/resources/views/auth/login.twig +++ b/cp/resources/views/auth/login.twig @@ -35,7 +35,7 @@
- +