File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed
Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -121,7 +121,7 @@ function finish_2fa_success($msg = '') {
121121 }
122122
123123 //* 2fa success
124- if ($ _POST 'code ' ] == $ _SESSION 'otp ' ]['code ' ] ) {
124+ if (password_verify ( $ _POST 'code ' ], $ _SESSION 'otp ' ]['code_hash ' ]) ) {
125125 finish_2fa_success ();
126126 } else {
127127 //* 2fa wrong code
@@ -132,7 +132,8 @@ function finish_2fa_success($msg = '') {
132132
133133 //* set code
134134 if (!isset ($ _SESSION 'otp ' ]['code ' ]) || empty ($ _SESSION 'otp ' ]['code ' ])) {
135- $ _SESSION 'otp ' ]['code ' ] = random_int (100000 , 999999 );
135+ $ new_otp_coderandom_int (100000 , 999999 );
136+ $ _SESSION 'otp ' ]['code_hash ' ] = password_hash ($ new_otp_codePASSWORD_DEFAULT );
136137 $ _SESSION 'otp ' ]['starttime ' ] = time ();
137138 }
138139
@@ -152,7 +153,7 @@ function finish_2fa_success($msg = '') {
152153 //* send email
153154 $ email_to$ _SESSION 'otp ' ]['data ' ];
154155 $ subject'ISPConfig Login authentication ' ;
155- $ text'Your One time login code is ' . $ _SESSION [ ' otp ' ][ ' code ' ] . PHP_EOL
156+ $ text'Your One time login code is ' . $ new_otp_code PHP_EOL
156157 . 'This code is valid for 10 minutes ' . PHP_EOL ;
157158
158159 $ appfunctions ->mail ($ email_to$ subject$ text$ from
You can’t perform that action at this time.
0 commit comments