query(" UPDATE users_main SET PublicKey = '".db_string($_POST['publickey'])."' WHERE ID = $UserID"); $Message = 'Public key '.(empty($_POST['publickey']) ? 'removed' : 'updated') ; } } if ($Type == '2FA-E') { if ($TwoFA->verifyCode($_POST['twofasecret'], $_POST['twofa'])) { $DB->query(" UPDATE users_main SET TwoFactor='".db_string($_POST['twofasecret'])."' WHERE ID = $UserID"); $Message = "Two Factor Authentication enabled"; } else { $Error = "Invalid 2FA verification code"; } } if ($Type == '2FA-D') { $DB->query(" UPDATE users_main SET TwoFactor = NULL WHERE ID = $UserID"); $Message = "Two Factor Authentication disabled"; } if ($Type == 'U2F-E') { try { $U2FReg = $U2F->doRegister(json_decode($_POST['u2f-request']), json_decode($_POST['u2f-response'])); $DB->query(" INSERT INTO u2f (UserID, KeyHandle, PublicKey, Certificate, Counter, Valid) Values ($UserID, '".db_string($U2FReg->keyHandle)."', '".db_string($U2FReg->publicKey)."', '".db_string($U2FReg->certificate)."', '".db_string($U2FReg->counter)."', '1')"); $Message = "U2F token registered"; } catch(Exception $e) { $Error = "Failed to register U2F token"; } } if ($Type == 'U2F-D') { $DB->query(" DELETE FROM u2f WHERE UserID = $UserID"); $Message = 'U2F tokens deregistered'; } } $U2FRegs = []; $DB->query(" SELECT KeyHandle, PublicKey, Certificate, Counter FROM u2f WHERE UserID = $UserID"); // Needs to be an array of objects, so we can't use to_array() while (list($KeyHandle, $PublicKey, $Certificate, $Counter) = $DB->next_record()) { $U2FRegs[] = (object)['keyHandle'=>$KeyHandle, 'publicKey'=>$PublicKey, 'certificate'=>$Certificate, 'counter'=>$Counter]; } $DB->query(" SELECT PublicKey, TwoFactor FROM users_main WHERE ID = $UserID"); list($PublicKey, $TwoFactor) = $DB->next_record(); list($U2FRequest, $U2FSigs) = $U2F->getRegisterData($U2FRegs); View::show_header("Two-factor Authentication Settings", 'u2f'); ?>

Additional Account Security Options

PGP Public Key
0) { ?> You have a form of 2FA enabled but no PGP key associated with your account. If you lose access to your 2FA device, you will permanently lose access to your account.

When setting up any form of second factor authentication, it is strongly recommended that you add your PGP public key as a form of secure recovery in the event that you lose access to your second factor device.

After adding a PGP public key to your account, you will be able to disable your account's second factor protection by solving a challenge that only someone with your private key could solve.

Additionally, being able to solve such a challenge when given manually by staff will suffice to provide proof of ownership of your account, provided no revocation certificate has been published for your key.

Before adding your PGP public key, please make sure that you have taken the necessary precautions to protect it from loss (backup) or theft (revocation certificate).

The PGP public key associated with your account is shown below.

This key can be used to create challenges that are only solvable by the holder of the related private key. Successfully solving these challenges is necessary for disabling any form of second factor authentication or proving ownership of this account to staff when you are unable to login.

Public Key:

Two-Factor Authentication (2FA-TOTP)
createSecret() : $TwoFactor; if (empty($TwoFactor)) { if (sizeof($U2FRegs) == 0) { ?>

Two Factor Authentication is not currently enabled for this account.

To enable it, add the secret key below to your 2FA client either manually or by scanning the QR code, then enter a verification code generated by your 2FA client and click the "Enable 2FA" button.





Two Factor Authentication is not currently enabled for this account.

To enable 2FA, you must first disable U2F below.

2FA is enabled for this account with the following secret:




To disable 2FA, click the button below.

Universal Two Factor (FIDO U2F)

Universal Two Factor is not currently enabled for this account.

To enable Universal Two Factor, plug in your U2F token and press the button on it.

Universal Two Factor is not currently enabled for this account.

To enable Universal Two Factor, you must first disable normal 2FA above.

Universal Two Factor is enabled.

To add an additional U2F token, plug it in and press the button on it

To disable U2F completely and deregister all tokens, press the button below