2 factor Auth

JaveTLupango · Dec 9, 2020 · 7056211 · 7056211
1 parent efb6806
commit 7056211
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 5 deletions.
diff --git a/.htaccess b/.htaccess
@@ -1,5 +1,6 @@
 RewriteEngine On
 
+RewriteRule ^home/([a-z0-9]+)/([a-z0-9]+) validate.php?data=$1&&data2=$2
 RewriteRule ^home/([a-z0-9]+) validate.php?data=$1
 RewriteRule ^home validate.php?data=home
 RewriteRule ^logout logout.php

diff --git a/controller/AuthController.php b/controller/AuthController.php
@@ -24,12 +24,52 @@ function fn_Login($conn, $username, $password)
  return "success";
  } 
  else{
- return "Failed to login " .$count;
+ return "Failed to login ";
  } 
  }
  catch (Exception $e)
  { 
  return "Failed to login " .$e->getMessage();
  }
  }
+
+ function insert_2authfactorlogs($conn,$username, $hash)
+ {
+ try
+ { 
+ $now = new DateTime();
+ $dt = $now->format('Y-m-d H:i:s');
+ $dt1 = $now->format('m-Y-d H:i:s');
+ $dt2 = $now->format('d-m-Y H:i:s');
+ $dttime = $now->format('Y-m-d H:i:s');
+ $id = round($dt).round($dt1).round($dt2).round(microtime(true));
+
+ $sql = "INSERT INTO 2authfactorlogs (2authID, username, status, dt, hash)
+ VALUES ('$id', '$username', 'active', '$dttime', $hash)";
+ $conn->exec($sql);
+ return "success";
+ }
+ catch (Exception $e)
+ { 
+ return "Failed to login " .$e->getMessage();
+ }
+ }
+
+ function insert_2authfactor_func($conn,$username, $code)
+ {
+ try
+ { 
+ $now = new DateTime();
+ $dttime = $now->format('Y-m-d H:i:s');
+ $sql = "INSERT INTO 2authfactor (userid, status, code, dt)
+ VALUES ('$username', 'active', '$code', '$dttime')";
+ $conn->exec($sql);
+ return "success";
+ }
+ catch (Exception $e)
+ { 
+ return "Failed to login " .$e->getMessage();
+ }
+ }
+
 }
diff --git a/validate.php b/validate.php
@@ -36,7 +36,8 @@
  if (strtoupper($data) == "LOGIN" || 
  strtoupper($data) == "REGISTER" ||
  strtoupper($data) == "FORGOTPASS" || 
- strtoupper($data) == "LOGOUT")
+ strtoupper($data) == "LOGOUT" || 
+ strtoupper($data) == "TWOAUTHFACTOR")
  {
  echo '<!DOCTYPE html>
  <html class="no-js">';
@@ -61,6 +62,10 @@
  else if(strtoupper($data) == "FORGOTPASS")
  {
  include "view/auth/forgotpassword.php";
+ } 
+ else if(strtoupper($data) == "TWOAUTHFACTOR")
+ {
+ include "view/auth/2authfactor.front.php";
  } 
  else if(strtoupper($data) == "LOGOUT")
  {

diff --git a/view/auth/2authfactor.front.php b/view/auth/2authfactor.front.php
@@ -0,0 +1,35 @@
+<div class="login-box">
+ <?php include 'view/auth/auth.name.jtl';
+ $s_2authF = $c_Select->fn_SingleResponse($conn, "SELECT * FROM 2authfactorlogs WHERE status='active' AND username=?", "hash", $_GET["data2"]);
+ ?>
+ <!-- /.login-logo -->
+ <div class="card">
+ <div class="card-body login-card-body">
+ <p class="login-box-msg"><b>Two Factor Authentication</b></p>
+ <p class="login-box-msg">Check email for the Verification Code</p>
+ <form method="post">
+ <div class="input-group mb-3">
+ <input type="text" class="form-control" name="twoauthfact" placeholder="Code" required>
+ <div class="input-group-append">
+ <div class="input-group-text">
+ <span class="fas fa-barcode"></span>
+ </div>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col-12">
+ <input type="submit" class="btn btn-primary btn-block" name="btntwoauthfactor" value="Click to Validate">
+ </div>
+ <!-- /.col -->
+ </div> 
+ </form>
+ <p class="mt-3 mb-1">
+ <a href="login">Login</a>
+ </p>
+ <p class="mb-0">
+ <a href="register" class="text-center">Register a new membership</a>
+ </p>
+ </div>
+ <!-- /.login-card-body -->
+ </div>
+</div>
diff --git a/view/auth/login.front.php b/view/auth/login.front.php
@@ -14,9 +14,20 @@
  $login_ret = $c_Auth->fn_Login($conn, $login_username, $login_password);
  if ($login_ret == "success")
  {
- $_SESSION["username"] = $login_username;
- echo '<button type="button" class="col-12 btn btn-success" style="margin-bottom: 15px;">Sucess</button><br>';
- header("Location: ".$url."/home");
+ $s_2authF = $c_Select->fn_SingleResponse($conn, "SELECT * FROM users WHERE username=?", "2authfactor", $_SESSION['username']);
+ if($s_2authF === "0")
+ {
+ $_SESSION["username"] = $login_username;
+ echo '<button type="button" class="col-12 btn btn-success" style="margin-bottom: 15px;">Sucess</button><br>';
+ header("Location: ".$url."/home");
+ } 
+ else
+ {
+ $c_Auth->insert_2authfactorlogs($conn, md5($login_username), $login_username);
+ $genCode = $c_Func->GenerateUsername("CODE");
+ $c_Auth->insert_2authfactor_func($conn, md5($login_username), $genCode);
+ header("Location: ".$url."/home/twoauthfactor/".md5($login_username));
+ }
  }
  else
  {