Fixes in double auth
This commit is contained in:
parent
b4f758f0b5
commit
b37316ce64
4 changed files with 81 additions and 11 deletions
|
|
@ -3,6 +3,9 @@
|
|||
//use PhangoApp\PhaView\View;
|
||||
use PhangoApp\WPDO\WPDO;
|
||||
use PhangoApp\PhaRouter\Url;
|
||||
use PHPMailer\PHPMailer\PHPMailer;
|
||||
use PHPMailer\PHPMailer\SMTP;
|
||||
use PHPMailer\PHPMailer\Exception;
|
||||
//use PhangoApp\PhaModels\Webmodel;
|
||||
|
||||
//include('./modules/admin/libraries/login.php');
|
||||
|
|
@ -103,14 +106,20 @@ class AppController extends TplController{
|
|||
|
||||
$error=0;
|
||||
|
||||
$_SESSION['admin_login']=1;
|
||||
$_SESSION['admin_login']=$arr_user['id'];
|
||||
$_SESSION['date_login']=date("Y-m-d H:i:s");
|
||||
|
||||
if($arr_user['double_auth']) {
|
||||
|
||||
$_SESSION['double_auth']=1;
|
||||
|
||||
$this->db->update('useradmin', ['auth_token' => PhangoApp\PhaUtils\Utils::get_token(25)], 'where id=?', [$arr_user['id']]);
|
||||
$auth_code=PhangoApp\PhaUtils\Utils::get_token(12);
|
||||
|
||||
$this->db->update('useradmin', ['auth_token' => password_hash($auth_code, PASSWORD_DEFAULT)], 'where id=?', [$arr_user['id']]);
|
||||
|
||||
// Send email
|
||||
|
||||
$this->send_mail_auth(PhangoApp\PhaRouter\Config::$email_site, PhangoApp\PhaRouter\Config::$portal_name, $arr_user['email'], $arr_user['username'], $auth_code);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -261,9 +270,32 @@ class AppController extends TplController{
|
|||
if($this->check_login()) {
|
||||
|
||||
if($_SERVER['REQUEST_METHOD']=='POST') {
|
||||
|
||||
|
||||
$this->db->connect();
|
||||
|
||||
$error=1;
|
||||
|
||||
$error_form['auth_code_error']='';
|
||||
|
||||
$auth_code=$_POST['auth_code'] ?? '';
|
||||
//($table, $fields, $where_sql='', $values=[])
|
||||
//$arr_tries=$this->db->select_a_row('login_tries', [], 'WHERE ip=?', [$ip]);
|
||||
$arr_user=$this->db->select_a_row('useradmin', [], 'WHERE id=?', [$_SESSION['admin_login']]);
|
||||
|
||||
if(password_verify($auth_code, $arr_user['auth_token'])) {
|
||||
|
||||
unset($_SESSION['double_auth']);
|
||||
$error=0;
|
||||
|
||||
}
|
||||
else {
|
||||
|
||||
$error_form['auth_code_error']='Sorry, auth code wrong';
|
||||
|
||||
}
|
||||
|
||||
echo $this->json(['error' => $error, 'error_form' => $error_form]);
|
||||
|
||||
}
|
||||
else {
|
||||
|
||||
|
|
@ -288,4 +320,40 @@ class AppController extends TplController{
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
private function send_mail_auth($email_from, $portal_name, $email_to, $name, $auth_code) {
|
||||
|
||||
$mail=new PHPMailer(true);
|
||||
|
||||
|
||||
try {
|
||||
|
||||
//$mail->SMTPDebug = SMTP::DEBUG_SERVER; //Enable verbose debug output
|
||||
$mail->isSMTP(); //Send using SMTP
|
||||
$mail->Host=\PhangoApp\PhaRouter\Config::$data['smtp_host']; //Set the SMTP server to send through
|
||||
$mail->SMTPAuth=true; //Enable SMTP authentication
|
||||
$mail->Username=PhangoApp\PhaRouter\Config::$data['smtp_username']; //SMTP username
|
||||
$mail->Password=PhangoApp\PhaRouter\Config::$data['smtp_password']; //SMTP password
|
||||
$mail->SMTPSecure=PHPMailer::ENCRYPTION_STARTTLS; //Enable implicit TLS encryption
|
||||
$mail->Port=PhangoApp\PhaRouter\Config::$data['smtp_port'] ?? 587; //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`
|
||||
$mail->CharSet='UTF-8';
|
||||
|
||||
$auth_code=PhangoApp\PhaUtils\Utils::get_token(25);
|
||||
|
||||
$mail->setFrom($email_from, $portal_name);
|
||||
$mail->addAddress($email_to, $name);
|
||||
|
||||
$mail->Subject = 'Code for complete login';
|
||||
$mail->Body = 'We send to you a code for activate your account using double authentication: '.$auth_code;
|
||||
|
||||
$mail->send();
|
||||
|
||||
}
|
||||
catch (Exception $e) {
|
||||
//echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?=$this->layout('login_tpl', ['title' => $title])?>
|
||||
<?=$this->start('content')?>
|
||||
<form method="post" name="auth_submit" id="auth_submit">
|
||||
<p style="padding: 0px 10px;">You have 5 minutes for put the code sended to your email.</p>
|
||||
<p align="center" style="padding: 0px 10px;"><?=_('Check your email for get instructions for complete login with double auth or')?> <a href="<?=$this->make_url('admin', 'app', ['logout'])?>">logout</a> and login again with other user</p>
|
||||
<p><label for="auth_code"></label><input type="text" name="auth_code" id="auth_code_form" placeholder="<?=_('Code')?>"/></p>
|
||||
<p class="error" id="auth_code_error"></p>
|
||||
<?=PhangoApp\PhaUtils\Utils::set_csrf_key($name_token='csrf_token', $length_token=80)?>
|
||||
|
|
@ -21,7 +21,7 @@
|
|||
$('#loader-wrapper').show();
|
||||
|
||||
$.ajax({
|
||||
url: "<?=$this->make_url('admin', 'app', ['login'])?>",
|
||||
url: "<?=$this->make_url('admin', 'app', ['check_auth'])?>",
|
||||
method: "POST",
|
||||
dataType: "json",
|
||||
data: {'auth_code': $('#auth_code_form').val()},
|
||||
|
|
@ -43,7 +43,7 @@
|
|||
|
||||
$('#csrf_token').attr('value', data.csrf_token);
|
||||
|
||||
$('#auth_code_error').html(data.error_form.username_error);
|
||||
$('#auth_code_error').html(data.error_form.auth_code_error);
|
||||
}
|
||||
|
||||
},
|
||||
|
|
|
|||
|
|
@ -23,6 +23,11 @@ class Config {
|
|||
|
||||
static public $on_proxy=false;
|
||||
|
||||
static public $portal_name='Website name';
|
||||
|
||||
static public $email_site='';
|
||||
|
||||
|
||||
}
|
||||
|
||||
/*Examples
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue