From 3e0a18612c787c6ce7c5db8ff70c4239fcba4739 Mon Sep 17 00:00:00 2001 From: Jave Lupango Date: Wed, 16 Dec 2020 10:58:46 +0800 Subject: [PATCH] Two Factor Authentication Validation --- class/api.authFunction.php | 6 +++- controller/AuthController.php | 4 +-- validate.php | 2 ++ view/auth/2authfactor.front.php | 53 ++++++++++++++++++++++++++++++--- view/auth/login.front.php | 7 +++-- 5 files changed, 62 insertions(+), 10 deletions(-) diff --git a/class/api.authFunction.php b/class/api.authFunction.php index 65e52e2..4848e63 100644 --- a/class/api.authFunction.php +++ b/class/api.authFunction.php @@ -8,6 +8,10 @@ $c_Del->deleteRecord($conn, "UPDATE users SET duration = 0 WHERE duration < 0 OR status='delete'"); $c_Del->deleteRecord($conn, "DELETE FROM 2authfactor WHERE status='inactive'"); +$c_Del->deleteRecord($conn, "DELETE FROM 2authfactorlogs WHERE status='inactive'"); + $c_Del->deleteRecord($conn, "UPDATE 2authfactor SET duration = duration - 300 WHERE duration > 0 AND status='active'"); $c_Del->deleteRecord($conn, "UPDATE 2authfactor SET duration = 0, status='inactive' WHERE duration <= 0"); -$c_Del->deleteRecord($conn, "DELETE FROM 2authfactorlogs WHERE status='inactive'"); \ No newline at end of file + +$c_Del->deleteRecord($conn, "UPDATE 2authfactorlogs SET duration = duration - 300 WHERE duration > 0 AND (status='active' OR status='inactive')"); +$c_Del->deleteRecord($conn, "UPDATE 2authfactorlogs SET duration = 0, status='inactive' WHERE duration <= 0"); \ No newline at end of file diff --git a/controller/AuthController.php b/controller/AuthController.php index 7d237ea..8bff096 100644 --- a/controller/AuthController.php +++ b/controller/AuthController.php @@ -44,8 +44,8 @@ function insert_2authfactorlogs($conn,$username, $hash) $dttime = $now->format('Y-m-d H:i:s'); $id = round($dt).round($dt1).round($dt2).round(microtime(true)); - $sql = "INSERT INTO 2authfactorlogs (2authID, username, status, dt, hash) - VALUES ('$id', '$username', 'active', '$dttime', $hash)"; + $sql = "INSERT INTO 2authfactorlogs (2authID, username, status, dt, hash, try, duration) + VALUES ('$id', '$username', 'active', '$dttime', '$hash', 5, 900)"; $conn->exec($sql); return "success"; } diff --git a/validate.php b/validate.php index b162888..44f647f 100644 --- a/validate.php +++ b/validate.php @@ -7,7 +7,9 @@ require 'controller/SelectController.php'; // Select Controller require 'controller/FuncController.php'; // Function Controller require 'controller/EmailController.php'; // Function Controller +require 'controller/DeleteController.php'; // Function Controller +$c_Del = new Delete_Controller(); // Delete controller declarati0n $c_con = new ClassConnection(); // connection declaration $c_InsertControl = new Insert_Controller(); // Insertion controller declaration $c_Auth = new Auth_Controller(); // Auth controller Decleration diff --git a/view/auth/2authfactor.front.php b/view/auth/2authfactor.front.php index 1cf828f..85305fe 100644 --- a/view/auth/2authfactor.front.php +++ b/view/auth/2authfactor.front.php @@ -1,9 +1,15 @@
fn_SingleResponse($conn, "SELECT * FROM 2authfactorlogs WHERE status='active' AND username=?", "hash", $_GET["data2"]); - ?> - -
+ $get_data = $_GET["data2"]; + + $c_Del->deleteRecord($conn, "UPDATE 2authfactorlogs SET status='inactive' WHERE try = 0"); + $s_2authF = $c_Select->fn_SingleResponse($conn, "SELECT * FROM 2authfactorlogs WHERE (status='active' OR status='validate') AND try > 0 AND username=?", "hash", $get_data); + if($s_2authF != "") + { + $c_Del->deleteRecord($conn, "UPDATE 2authfactorlogs SET status='validate', try= try - 1 WHERE username='$get_data'"); + ?> + +
+ fn_SingleResponse($conn, "SELECT * FROM 2authfactor WHERE status='active' AND duration > 0 AND userid = ? ORDER BY dt DESC LIMIT 1", "code", $get_data); + if(trim($_POST["twoauthfact"]) === trim($val_auth)) + { + echo "success - ". $val_auth; + } + else + { + echo "Error Code"; + } + //echo $_POST["twoauthfact"]; + } + ?>

@@ -32,4 +53,28 @@

+ + +
+ + +
+ + + \ No newline at end of file diff --git a/view/auth/login.front.php b/view/auth/login.front.php index e268c6f..ec88e5c 100644 --- a/view/auth/login.front.php +++ b/view/auth/login.front.php @@ -23,16 +23,17 @@ } else { - $c_Auth->insert_2authfactorlogs($conn, md5($login_username), $login_username); + $usernamehash = md5($login_username); + $c_Auth->insert_2authfactorlogs($conn, $usernamehash, $login_username); $genCode = $c_Func->GenerateUsername("CODE"); - $c_Auth->insert_2authfactor_func($conn, md5($login_username), $genCode); + $c_Auth->insert_2authfactor_func($conn, $usernamehash, $genCode); $g_email = $c_Select->fn_SingleResponse($conn, "SELECT * FROM users WHERE username=?", "email", $login_username); $content1 = "You’re almost there! You have now enabled Two-Factor Authentication for your account and your login code is:"; $content2 = "The code will expire in 15 minutes."; $content3 = "Having trouble to log into your account? Just relay to your upline."; $EmailContent = $c_email->email_Content_Func("Admin Panel", $login_username, $genCode, $content1, $content2, $content3); $resEmail = $c_email->sendEmailForgotPassword($g_email, $EmailContent, $login_username, "Two Factor Authentication"); - header("Location: ".$url."/home/twoauthfactor/".md5($login_username)); + header("Location: ".$url."/home/twoauthfactor/".$usernamehash); } } else