Home Explore Help
Register Sign In
NSHkD
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Allow for 2FA to be disabled

spaghetti 8 years ago
parent
b6b2095d52
commit
9a7f3673dd
2 changed files with 24 additions and 1 deletions
Split View Show Diff Stats
  1. 6
    1
      sections/user/edit.php
  2. 18
    0
      sections/user/take_edit.php

+ 6
- 1
sections/user/edit.php View File 

@@ -784,7 +784,7 @@ list($ArtistsAdded) = $DB->next_record();
784 784 
           <? $TwoFASecret = empty($TwoFactor) ? $TwoFA->createSecret() : $TwoFactor; ?>
785 785 
           <div class="field_div">
786 786 
             <? if (!empty($TwoFactor)) { ?>
787 
-            <p>2FA is enabled for this account with the following secret:</p>
787 
+            <p class="min_padding">2FA is enabled for this account with the following secret:</p>
788 788 
             <? } ?>
789 789 
             <img src="<?=$TwoFA->getQRCodeImageAsDataUri(SITE_NAME, $TwoFASecret)?>">
790 790 
             <input type="text" size="20" name="twofasecret" id="twofasecret" value="<?=$TwoFASecret?>" readonly><br>
 
@@ -792,6 +792,11 @@ list($ArtistsAdded) = $DB->next_record();
792 792 
             <input type="text" size="20" maxlength="6" name="twofa" id="twofa" placeholder="Verification Code">
793 793 
             <p class="min_padding">To enable 2FA, scan the above QR code (or add the secret below it) to your 2FA client of choice, and enter a verification code it generates. Note that the verification code must not have expired when you save your profile.</p>
794 794 
             <p class="min_padding">When setting up 2FA, you must enter your current password in the "Current password" field before saving your changes.</p>
795 
+            <p class="min_padding"><strong class="important_text">WARNING</strong>: Losing your 2FA key can make your account unrecoverable. Only enable it if you're sure you can handle it.
796 
+            <? } else { ?>
797 
+            <label><input type="checkbox" name="disable2fa" id="disable2fa" />
798 
+            Disable 2FA</label>
799 
+            <p class="min_padding">When disabling 2FA, you must enter your current password in the "Current Password" field before saving your changes</p>
795 800 
             <? } ?>
796 801 
           </div>
797 802 
         </td>

+ 18
- 0
sections/user/take_edit.php View File 

@@ -207,6 +207,24 @@ if (!empty($_POST['twofa'])) {
207 207 
     }
208 208 
   }
209 209 
 }
210 
+
211 
+//2FA deactivation
212 
+if (isset($_POST['disable2fa'])) {
213 
+  $DB->query("
214 
+    SELECT PassHash
215 
+    FROM users_main
216 
+    WHERE ID = $UserID");
217 
+  list($PassHash) = $DB->next_record();
218 
+  if (!Users::check_password($_POST['cur_pass'], $PassHash)) {
219 
+      error('You did not enter the correct password.');
220 
+      header("Location: user.php?action=edit&userid=$UserID");
221 
+      die();
222 
+  }
223 
+  $DB->query("
224 
+    UPDATE users_main
225 
+    SET TwoFactor=NULL
226 
+    WHERE ID = $UserID");
227 
+}
210 228 
 //End 2FA
211 229
212 230 
 if (!$Err && ($_POST['cur_pass'] || $_POST['new_pass_1'] || $_POST['new_pass_2'])) {

Write Preview
Loading…
Cancel
Save