Two Factor Authentication Validation

JaveTLupango · Dec 16, 2020 · 3e0a186 · 3e0a186
1 parent ab12d4a
commit 3e0a186
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 10 deletions.
diff --git a/class/api.authFunction.php b/class/api.authFunction.php
@@ -8,6 +8,10 @@
 $c_Del->deleteRecord($conn, "UPDATE users SET duration = 0 WHERE duration < 0 OR status='delete'");
 
 $c_Del->deleteRecord($conn, "DELETE FROM 2authfactor WHERE status='inactive'");
+$c_Del->deleteRecord($conn, "DELETE FROM 2authfactorlogs WHERE status='inactive'");
+
 $c_Del->deleteRecord($conn, "UPDATE 2authfactor SET duration = duration - 300 WHERE duration > 0 AND status='active'");
 $c_Del->deleteRecord($conn, "UPDATE 2authfactor SET duration = 0, status='inactive' WHERE duration <= 0");
-$c_Del->deleteRecord($conn, "DELETE FROM 2authfactorlogs WHERE status='inactive'");
+
+$c_Del->deleteRecord($conn, "UPDATE 2authfactorlogs SET duration = duration - 300 WHERE duration > 0 AND (status='active' OR status='inactive')");
+$c_Del->deleteRecord($conn, "UPDATE 2authfactorlogs SET duration = 0, status='inactive' WHERE duration <= 0");
diff --git a/controller/AuthController.php b/controller/AuthController.php
@@ -44,8 +44,8 @@ function insert_2authfactorlogs($conn,$username, $hash)
  $dttime = $now->format('Y-m-d H:i:s');
  $id = round($dt).round($dt1).round($dt2).round(microtime(true));
 
- $sql = "INSERT INTO 2authfactorlogs (2authID, username, status, dt, hash)
- VALUES ('$id', '$username', 'active', '$dttime', $hash)";
+ $sql = "INSERT INTO 2authfactorlogs (2authID, username, status, dt, hash, try, duration)
+ VALUES ('$id', '$username', 'active', '$dttime', '$hash', 5, 900)";
  $conn->exec($sql);
  return "success";
  }

diff --git a/validate.php b/validate.php
@@ -7,7 +7,9 @@
 require 'controller/SelectController.php'; // Select Controller
 require 'controller/FuncController.php'; // Function Controller
 require 'controller/EmailController.php'; // Function Controller
+require 'controller/DeleteController.php'; // Function Controller
 
+$c_Del = new Delete_Controller(); // Delete controller declarati0n
 $c_con = new ClassConnection(); // connection declaration
 $c_InsertControl = new Insert_Controller(); // Insertion controller declaration
 $c_Auth = new Auth_Controller(); // Auth controller Decleration

diff --git a/view/auth/2authfactor.front.php b/view/auth/2authfactor.front.php
@@ -1,9 +1,15 @@
 <div class="login-box">
  <?php include 'view/auth/auth.name.jtl';
- $s_2authF = $c_Select->fn_SingleResponse($conn, "SELECT * FROM 2authfactorlogs WHERE status='active' AND username=?", "hash", $_GET["data2"]);
- ?>
- <!-- /.login-logo -->
- <div class="card">
+ $get_data = $_GET["data2"];
+
+ $c_Del->deleteRecord($conn, "UPDATE 2authfactorlogs SET status='inactive' WHERE try = 0");
+ $s_2authF = $c_Select->fn_SingleResponse($conn, "SELECT * FROM 2authfactorlogs WHERE (status='active' OR status='validate') AND try > 0 AND username=?", "hash", $get_data); 
+ if($s_2authF != "")
+ {
+ $c_Del->deleteRecord($conn, "UPDATE 2authfactorlogs SET status='validate', try= try - 1 WHERE username='$get_data'");
+ ?>
+
+<div class="card">
  <div class="card-body login-card-body">
  <p class="login-box-msg"><b>Two Factor Authentication</b></p>
  <p class="login-box-msg">Check email for the Verification Code</p>
@@ -21,6 +27,21 @@
  <input type="submit" class="btn btn-primary btn-block" name="btntwoauthfactor" value="Click to Validate">
  </div>
  <!-- /.col -->
+ <?php
+ if(isset($_POST["btntwoauthfactor"]))
+ {
+ $val_auth = $c_Select->fn_SingleResponse($conn, "SELECT * FROM 2authfactor WHERE status='active' AND duration > 0 AND userid = ? ORDER BY dt DESC LIMIT 1", "code", $get_data);
+ if(trim($_POST["twoauthfact"]) === trim($val_auth))
+ {
+ echo "success - ". $val_auth;
+ }
+ else
+ { 
+ echo "Error Code";
+ }
+ //echo $_POST["twoauthfact"];
+ }
+ ?>
  </div> 
  </form>
  <p class="mt-3 mb-1">
@@ -32,4 +53,28 @@
  </div>
  <!-- /.login-card-body -->
  </div>
+
+<?php
+ }
+ else{
+ ?>
+<div class="card">
+ <div class="card-body login-card-body">
+ <p class="login-box-msg"><b>Two Factor Authentication</b></p>
+ <p class="login-box-msg">Session Expired!</p>
+ <p class="mt-3 mb-1">
+ <a href="../login">Login</a>
+ </p>
+ <p class="mb-0">
+ <a href="../register" class="text-center">Register a new membership</a>
+ </p>
+ </div>
+ <!-- /.login-card-body -->
+ </div>
+ <?php
+ } 
+
+ ?>
+ <!-- /.login-logo -->
+
 </div>
diff --git a/view/auth/login.front.php b/view/auth/login.front.php
@@ -23,16 +23,17 @@
  } 
  else
  {
- $c_Auth->insert_2authfactorlogs($conn, md5($login_username), $login_username);
+ $usernamehash = md5($login_username);
+ $c_Auth->insert_2authfactorlogs($conn, $usernamehash, $login_username);
  $genCode = $c_Func->GenerateUsername("CODE");
- $c_Auth->insert_2authfactor_func($conn, md5($login_username), $genCode); 
+ $c_Auth->insert_2authfactor_func($conn, $usernamehash, $genCode); 
  $g_email = $c_Select->fn_SingleResponse($conn, "SELECT * FROM users WHERE username=?", "email", $login_username); 
  $content1 = "You’re almost there! You have now enabled Two-Factor Authentication for your account and your login code is:";
  $content2 = "The code will expire in 15 minutes.";
  $content3 = "Having trouble to log into your account? Just relay to your upline.";
  $EmailContent = $c_email->email_Content_Func("Admin Panel", $login_username, $genCode, $content1, $content2, $content3);
  $resEmail = $c_email->sendEmailForgotPassword($g_email, $EmailContent, $login_username, "Two Factor Authentication"); 
- header("Location: ".$url."/home/twoauthfactor/".md5($login_username));
+ header("Location: ".$url."/home/twoauthfactor/".$usernamehash);
  }
  }
  else