3) { header('Location: /login/'); exit; } $tfa = new TwoFactorAuth(new EndroidQrCodeWithLogoProvider()); $secret = $_SESSION['mfa']['user_secret']; $postedCode = linkVerificationPosts(); if ($postedCode) { $result = $tfa->verifyCode($secret, $postedCode); if ($result) { loginUser($_SESSION['mfa']['user_uuid']); unset($_SESSION['mfa']); } else { addLoginAttempts(); setcookie('login_error', 'Invalid verification code', time() + 3600, '/'); } } else { unset($_SESSION['mfa']); } header('Location: /'); exit;