From 7056211fcb312de749a67958fb3aa248ab1246cf Mon Sep 17 00:00:00 2001
From: Jave Lupango <jave.lupango@rdpawnshop.com>
Date: Wed, 9 Dec 2020 19:09:49 +0800
Subject: [PATCH] 2 factor Auth

---
 .htaccess                       |  1 +
 controller/AuthController.php   | 42 ++++++++++++++++++++++++++++++++-
 validate.php                    |  7 +++++-
 view/auth/2authfactor.front.php | 35 +++++++++++++++++++++++++++
 view/auth/login.front.php       | 17 ++++++++++---
 5 files changed, 97 insertions(+), 5 deletions(-)
 create mode 100644 view/auth/2authfactor.front.php

diff --git a/.htaccess b/.htaccess
index 3e4fb32..5d64a02 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,5 +1,6 @@
 RewriteEngine On
 
+RewriteRule ^home/([a-z0-9]+)/([a-z0-9]+) validate.php?data=$1&&data2=$2
 RewriteRule ^home/([a-z0-9]+) validate.php?data=$1
 RewriteRule ^home validate.php?data=home
 RewriteRule ^logout logout.php
diff --git a/controller/AuthController.php b/controller/AuthController.php
index c2fa320..2c438f4 100644
--- a/controller/AuthController.php
+++ b/controller/AuthController.php
@@ -24,7 +24,7 @@ function fn_Login($conn, $username, $password)
 				return "success";
 		     }	
 		     else{
-		     	return "Failed to login " .$count;
+		     	return "Failed to login ";
 		     }  
 		}
 		catch (Exception $e)
@@ -32,4 +32,44 @@ function fn_Login($conn, $username, $password)
 			return "Failed to login " .$e->getMessage();
 		}
 	}
+
+	function insert_2authfactorlogs($conn,$username, $hash)
+	{
+		try
+		{  			
+			$now = new DateTime();
+			$dt = $now->format('Y-m-d H:i:s');
+			$dt1 = $now->format('m-Y-d H:i:s');
+			$dt2 = $now->format('d-m-Y H:i:s');
+			$dttime = $now->format('Y-m-d H:i:s');
+			$id = round($dt).round($dt1).round($dt2).round(microtime(true));
+
+			$sql = "INSERT INTO 2authfactorlogs (2authID, username, status, dt, hash)
+						   VALUES ('$id', '$username', 'active', '$dttime', $hash)";
+								$conn->exec($sql);
+			return "success";
+		}
+		catch (Exception $e)
+		{			
+			return "Failed to login " .$e->getMessage();
+		}
+	}
+
+	function insert_2authfactor_func($conn,$username, $code)
+	{
+		try
+		{  			
+			$now = new DateTime();
+			$dttime = $now->format('Y-m-d H:i:s');
+			$sql = "INSERT INTO 2authfactor (userid, status, code, dt)
+						   VALUES ('$username', 'active', '$code', '$dttime')";
+								$conn->exec($sql);
+			return "success";
+		}
+		catch (Exception $e)
+		{			
+			return "Failed to login " .$e->getMessage();
+		}
+	}
+
 }
\ No newline at end of file
diff --git a/validate.php b/validate.php
index f6e0046..b162888 100644
--- a/validate.php
+++ b/validate.php
@@ -36,7 +36,8 @@
             if (strtoupper($data) == "LOGIN" || 
                 strtoupper($data) == "REGISTER" ||
                 strtoupper($data) == "FORGOTPASS" || 
-                strtoupper($data) == "LOGOUT")
+                strtoupper($data) == "LOGOUT" || 
+                strtoupper($data) == "TWOAUTHFACTOR")
             {
                         echo '<!DOCTYPE html>
                         <html class="no-js">';
@@ -61,6 +62,10 @@
                             else if(strtoupper($data) == "FORGOTPASS")
                             {
                                 include "view/auth/forgotpassword.php";
+                            }  
+                            else if(strtoupper($data) == "TWOAUTHFACTOR")
+                            {
+                                include "view/auth/2authfactor.front.php";
                             }            
                             else if(strtoupper($data) == "LOGOUT")
                             {
diff --git a/view/auth/2authfactor.front.php b/view/auth/2authfactor.front.php
new file mode 100644
index 0000000..2c70014
--- /dev/null
+++ b/view/auth/2authfactor.front.php
@@ -0,0 +1,35 @@
+<div class="login-box">
+  <?php include 'view/auth/auth.name.jtl';
+   $s_2authF = $c_Select->fn_SingleResponse($conn, "SELECT * FROM 2authfactorlogs WHERE status='active' AND username=?", "hash", $_GET["data2"]);
+   ?>
+  <!-- /.login-logo -->
+  <div class="card">
+    <div class="card-body login-card-body">
+      <p class="login-box-msg"><b>Two Factor Authentication</b></p>
+      <p class="login-box-msg">Check email for the Verification Code</p>
+      <form method="post">
+        <div class="input-group mb-3">
+          <input type="text" class="form-control" name="twoauthfact" placeholder="Code" required>
+          <div class="input-group-append">
+            <div class="input-group-text">
+              <span class="fas fa-barcode"></span>
+            </div>
+          </div>
+        </div>
+        <div class="row">
+          <div class="col-12">
+            <input type="submit" class="btn btn-primary btn-block" name="btntwoauthfactor" value="Click to Validate">
+          </div>
+          <!-- /.col -->
+        </div>  
+      </form>
+      <p class="mt-3 mb-1">
+        <a href="login">Login</a>
+      </p>
+      <p class="mb-0">
+        <a href="register" class="text-center">Register a new membership</a>
+      </p>
+    </div>
+    <!-- /.login-card-body -->
+  </div>
+</div>
\ No newline at end of file
diff --git a/view/auth/login.front.php b/view/auth/login.front.php
index d314c48..61b088c 100644
--- a/view/auth/login.front.php
+++ b/view/auth/login.front.php
@@ -14,9 +14,20 @@
             $login_ret = $c_Auth->fn_Login($conn, $login_username, $login_password);
             if ($login_ret == "success")
             {
-              $_SESSION["username"] = $login_username;
-              echo '<button type="button" class="col-12 btn btn-success" style="margin-bottom: 15px;">Sucess</button><br>';
-              header("Location: ".$url."/home");
+              $s_2authF = $c_Select->fn_SingleResponse($conn, "SELECT * FROM users WHERE username=?", "2authfactor", $_SESSION['username']);
+              if($s_2authF === "0")
+              {
+                $_SESSION["username"] = $login_username;
+                echo '<button type="button" class="col-12 btn btn-success" style="margin-bottom: 15px;">Sucess</button><br>';
+                header("Location: ".$url."/home");
+              }              
+              else
+              {
+                $c_Auth->insert_2authfactorlogs($conn, md5($login_username), $login_username);
+                $genCode = $c_Func->GenerateUsername("CODE");
+                $c_Auth->insert_2authfactor_func($conn, md5($login_username), $genCode);
+                header("Location: ".$url."/home/twoauthfactor/".md5($login_username));
+              }
             }
             else
             {