Skip to content

Commit 9445295

Browse files
ScIT-RaphaelScIT-Raphael
committed
Implement 2FA in Admin and User Backend.
1 parent ad75b42 commit 9445295

File tree

3 files changed

+58
-1
lines changed

3 files changed

+58
-1
lines changed

web/edit/user/index.php

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@
3636
$v_fname = $data[$v_username]['FNAME'];
3737
$v_lname = $data[$v_username]['LNAME'];
3838
$v_shell = $data[$v_username]['SHELL'];
39+
$v_twofa = $data[$v_username]['TWOFA'];
40+
$v_qrcode = $data[$v_username]['QRCODE'];
3941
$v_ns = $data[$v_username]['NS'];
4042
$nameservers = explode(",", $v_ns);
4143
$v_ns1 = $nameservers[0];
@@ -95,6 +97,32 @@
9597
$v_password = escapeshellarg($_POST['v_password']);
9698
}
9799

100+
// Enable twofa
101+
if ((!empty($_POST['v_twofa'])) && (empty($_SESSION['error_msg']))) {
102+
exec (HESTIA_CMD."v-add-user-2fa ".escapeshellarg($v_username), $output, $return_var);
103+
check_return_code($return_var,$output);
104+
unset($output);
105+
106+
// List user
107+
exec (HESTIA_CMD."v-list-user ".escapeshellarg($v_username)." json", $output, $return_var);
108+
check_return_code($return_var,$output);
109+
$data = json_decode(implode('', $output), true);
110+
unset($output);
111+
112+
// Parse user twofa
113+
$v_twofa = $data[$v_username]['TWOFA'];
114+
$v_qrcode = $data[$v_username]['QRCODE'];
115+
}
116+
117+
// Disable twofa
118+
if ((empty($_POST['v_twofa'])) && (!empty($v_twofa)) && (empty($_SESSION['error_msg']))) {
119+
exec (HESTIA_CMD."v-delete-user-2fa ".escapeshellarg($v_username), $output, $return_var);
120+
check_return_code($return_var,$output);
121+
unset($output);
122+
$v_twofa = '';
123+
$v_qrcode = '';
124+
}
125+
98126
// Change package (admin only)
99127
if (($v_package != $_POST['v_package']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
100128
$v_package = escapeshellarg($_POST['v_package']);
@@ -188,4 +216,4 @@
188216

189217
// Flush session messages
190218
unset($_SESSION['error_msg']);
191-
unset($_SESSION['ok_msg']);
219+
unset($_SESSION['ok_msg']);

web/templates/admin/edit_user.html

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,20 @@
6767
<input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">
6868
</td>
6969
</tr>
70+
<tr>
71+
<td class="vst-text input-label">
72+
<?php print __('2 Factor Authentication');?>
73+
</td>
74+
</tr>
75+
<tr>
76+
<td>
77+
<label><input type="checkbox" class="vst-checkbox" name="v_twofa" <?php if($v_twofa == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_twofa(this)"> <?php print __('Enable 2FA');?></label>
78+
<?php if($v_twofa == 'yes') { ?>
79+
<p><?php echo __('Please scan the code below in your 2FA application:'); ?></p>
80+
<img src="<?php echo $v_qrcode; ?>">
81+
<?php } ?>
82+
</td>
83+
</tr>
7084
<tr>
7185
<td class="vst-text input-label">
7286
<?php print __('Email');?>

web/templates/user/edit_user.html

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,21 @@
6262
<?php print __('Password');?> / <a href="javascript:randomString();" class="generate"><?php print __('generate');?></a>
6363
</td>
6464
</tr>
65+
</tr>
66+
<tr>
67+
<td class="vst-text input-label">
68+
<?php print __('2 Factor Authentication');?>
69+
</td>
70+
</tr>
71+
<tr>
72+
<td>
73+
<label><input type="checkbox" class="vst-checkbox" name="v_twofa" <?php if($v_twofa == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_twofa(this)"> <?php print __('Enable 2FA');?></label>
74+
<?php if($v_twofa == 'yes') { ?>
75+
<p><?php echo __('Please scan the code below in your 2FA application:'); ?></p>
76+
<img src="<?php echo $v_qrcode; ?>">
77+
<?php } ?>
78+
</td>
79+
</tr>
6580
<tr>
6681
<td>
6782
<input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">

0 commit comments

Comments
 (0)