Files
Sentri/pub/login/mfaSetup.php

108 lines
4.8 KiB
PHP

<?php
session_start();
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
use RobThree\Auth\TwoFactorAuth;
use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
# check if user sessions exists
if (!isset($_SESSION['user']['user_uuid'])) {
header('Location: /');
exit;
}
# update the user session params
setSessionParams();
# if 2fa is already set, go fuck yourself
if ($_SESSION['user']['user_two_factor_enabled'] == 1) {
header('Location: /userprofile/');
exit;
}
if (checkLoginAttempts() > 10) {
echo 'too many attempts, please try again later.';
exit;
}
# Init vars
$tfa = new TwoFactorAuth(new EndroidQrCodeWithLogoProvider());
$secret = $tfa->createSecret('160');
$_SESSION['mfasetup']['secret'] = $secret;
?>
<!DOCTYPE html>
<html data-coreui-theme="dark" lang="en">
<head>
<base href="./">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
<meta name="description" content="Sentri - Operations centre">
<meta name="author" content="Marco Mooij">
<meta name="keyword" content="sentri">
<title>Sentri | Login</title>
<!-- favicon -->
<link rel="icon" type="image/png" href="/src/images/favicon/favicon-96x96.png" sizes="96x96">
<link rel="icon" type="image/svg+xml" href="/src/images/favicon/favicon-96x96.png">
<link rel="shortcut icon" href="/src/images/favicon/favicon.ico">
<link rel="apple-touch-icon" sizes="180x180" href="/src/images/favicon/apple-touch-icon.png">
<link rel="manifest" href="/src/images/favicon/site.webmanifest">
<link rel="stylesheet" href="css/style.full.css" as="style">
</head>
<body>
<div class="bg-body-tertiary min-vh-100 d-flex flex-row align-items-center">
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-10 col-md-10 col-12 d-flex align-items-center justify-content-center">
<div class="card-group d-block d-md-flex row">
<div class="card col-md-6 text-white bg-transparent border-0">
<div class="card-body text-center py-0">
<h2>Step 1.</h2>
<small>Scan this code with your authentication app:</small><br><br>
<img class="w-100" alt="portal-image" src="<?php echo $tfa->getQRCodeImageAsDataUri('Sentri - ' . $_SESSION['user']['user_first_name'], $secret); ?>">
<br>
<small class="">Or enter this code in your app:<br>
<b><?php echo $secret ?></b></small>
</div>
</div>
</div>
<div class="col-lg-6 col-md-6 d-flex align-items-center justify-content-center">
<div class="card mb-0 border-0 py-0">
<form method="post" action="/api/v1/user/mfa/">
<input type="hidden" name="_return" value="/userprofile/">
<div class="card-body text-center">
<h2>Step 2.</h2>
<small>Enter the code from your authentication app:</small><br>
<div class="input-group mb-3">
<div id="code-container">
<input name="verification-1" type="text" maxlength="1" class="code-input" autocomplete="off" autofocus>
<input name="verification-2" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-3" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-4" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-5" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-6" type="text" maxlength="1" class="code-input" autocomplete="off">
</div>
</div>
<button class="btn btn-primary px-4" type="submit">
<i class="fa-solid fa-certificate"></i> Verify
</button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
<script src="/login/js/mfa.js"></script>
</body>
</html>