phangoapp/simplephango
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity

Fixes in double auth

Browse source
This commit is contained in:
Antonio de la Rosa 2025-11-27 01:31:34 +01:00
parent b4f758f0b5
commit b37316ce64
4 changed files with 81 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

74
modules/admin/controllers/app.php
View file

@ -3,6 +3,9 @@
//use PhangoApp\PhaView\View;
use PhangoApp\WPDO\WPDO;
use PhangoApp\PhaRouter\Url;
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;
//use PhangoApp\PhaModels\Webmodel;
//include('./modules/admin/libraries/login.php');
@ -103,14 +106,20 @@ class AppController extends TplController{
$error=0;
$_SESSION['admin_login']=1;
$_SESSION['admin_login']=$arr_user['id'];
$_SESSION['date_login']=date("Y-m-d H:i:s");
if($arr_user['double_auth']) {
$_SESSION['double_auth']=1;
$this->db->update('useradmin', ['auth_token' => PhangoApp\PhaUtils\Utils::get_token(25)], 'where id=?', [$arr_user['id']]);
$auth_code=PhangoApp\PhaUtils\Utils::get_token(12);
$this->db->update('useradmin', ['auth_token' => password_hash($auth_code, PASSWORD_DEFAULT)], 'where id=?', [$arr_user['id']]);
// Send email
$this->send_mail_auth(PhangoApp\PhaRouter\Config::$email_site, PhangoApp\PhaRouter\Config::$portal_name, $arr_user['email'], $arr_user['username'], $auth_code);
}
@ -261,9 +270,32 @@ class AppController extends TplController{
if($this->check_login()) {
if($_SERVER['REQUEST_METHOD']=='POST') {
$this->db->connect();
$error=1;
$error_form['auth_code_error']='';
$auth_code=$_POST['auth_code'] ?? '';
//($table, $fields, $where_sql='', $values=[])
//$arr_tries=$this->db->select_a_row('login_tries', [], 'WHERE ip=?', [$ip]);
$arr_user=$this->db->select_a_row('useradmin', [], 'WHERE id=?', [$_SESSION['admin_login']]);
if(password_verify($auth_code, $arr_user['auth_token'])) {
unset($_SESSION['double_auth']);
$error=0;
}
else {
$error_form['auth_code_error']='Sorry, auth code wrong';
}
echo $this->json(['error' => $error, 'error_form' => $error_form]);
}
else {
@ -288,4 +320,40 @@ class AppController extends TplController{
}
}
private function send_mail_auth($email_from, $portal_name, $email_to, $name, $auth_code) {
$mail=new PHPMailer(true);
try {
//$mail->SMTPDebug = SMTP::DEBUG_SERVER; //Enable verbose debug output
$mail->isSMTP(); //Send using SMTP
$mail->Host=\PhangoApp\PhaRouter\Config::$data['smtp_host']; //Set the SMTP server to send through
$mail->SMTPAuth=true; //Enable SMTP authentication
$mail->Username=PhangoApp\PhaRouter\Config::$data['smtp_username']; //SMTP username
$mail->Password=PhangoApp\PhaRouter\Config::$data['smtp_password']; //SMTP password
$mail->SMTPSecure=PHPMailer::ENCRYPTION_STARTTLS; //Enable implicit TLS encryption
$mail->Port=PhangoApp\PhaRouter\Config::$data['smtp_port'] ?? 587; //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`
$mail->CharSet='UTF-8';
$auth_code=PhangoApp\PhaUtils\Utils::get_token(25);
$mail->setFrom($email_from, $portal_name);
$mail->addAddress($email_to, $name);
$mail->Subject = 'Code for complete login';
$mail->Body = 'We send to you a code for activate your account using double authentication: '.$auth_code;
$mail->send();
}
catch (Exception $e) {
//echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
return false;
}
}
}