Assecutor/votianng
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1. Import

Browse Source
This commit is contained in:
Sven Carstensen
2026-03-29 10:34:57 +02:00
parent b0e00c1259
commit a1129565af
4899 changed files with 3007593 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
html/admin/GA_verification.php Normal file
View File

@@ -0,0 +1,186 @@
<?php
/*
TOTP :: Verification of the OTP-Codes
*/
include_once "../include/global.inc.php";
$authDoNotCheck2FA = true;
include_once "../include/auth.inc.php";
require_once "../include/GoogleAuthenticator.php";
getSecHttpVars("1", array("f_act", "f_2faCode", "statusMessage", "deactivateMenu"));
getLanguage(__FILE__);
$deactivateMenuStatic = "1";
$pageTitel = getLngt("[2FA]-Bestätigung");
include_once ("../admin/menu.php");
include_once ("../include/html.inc.php");
getCurrentScript(__FILE__);
$debug = false;
$statusMessage = "";
if ($debug) : echo "usr_id = " . $usr_id . "</br>"; endif;
if ($debug) : echo "hq_id = " . $hq_id . "</br>"; endif;
// The session has to be set, otherwise go back to login page!
if (isset($_SESSION['usr_id']) && isset($_SESSION['hq_id']) &&
isset($usr_id) && $usr_id != "" && is_numeric($usr_id) && $usr_id > 0 &&
isset($hq_id) && $hq_id != "" && is_numeric($hq_id) && $hq_id > 0) :
if ($f_act == "verify") :
$f_act = "";
$verificationOK = false;
if ($f_2faCode != "") :
$usrTotpSecret = getFieldValueFromId("user", "usr_id", $usr_id, "usr_totp_secret");
if ($usrTotpSecret != "") :
$ga = new GoogleAuthenticator();
$currentCode = $ga->getCode($usrTotpSecret);
if ($f_2faCode == $currentCode) :
$tmpNum = rand(0,getrandmax());
$tmpSessionHash = md5($tmpNum);
updateStmt("user", "usr_id", $usr_id, array("usr_totp_sessionkey", $tmpSessionHash));
$_SESSION["sessionkey_2fa"] = $tmpSessionHash;
$verificationOK = true;
endif;
endif;
endif;
if ($verificationOK) :
header("Location: ../admin/start.php");
else :
session_destroy();
header("Location: ../admin/login.php");
if ($debug) : echo "VERIFICATION NOT OK:</br>"; endif;
if ($debug) : echo "f_2faCode = " . $f_2faCode . "</br>"; endif;
if ($debug) : echo "currentCode = " . $currentCode . "</br>"; endif;
endif;
endif;
else :
session_destroy();
header("Location: ../admin/login.php");
endif;
?>
<?php if (true) : ?>
<html>
<head>
<title><?php echo $pageTitel ?></title>
<link rel="stylesheet" type="text/css" href="../css/phoenix.css">
<style type="text/css">
<?php include_once ("../css/navigation.css.php"); ?>
</style>
<?php include_once ("../include/js_framework.inc.php"); ?>
<script type="text/javascript">
<!--
// NAVIGATION
<?php echo $jsMenuOut; ?>
function finishPage() {
if (document.forms[0].f_2faCode.value != '') {
document.forms[0].f_act.value = 'verify';
document.forms[0].submit();
} else {
alert('<?php echo getLngt("Bitte geben Sie den 2-FA-Code ein!"); ?>');
}
};
function bodyOnLoad () {
// Key event listener
document.forms[0].addEventListener("keydown", function(event) {
// Return key (13)
if (event.keyCode === 13) {
finishPage();
}
});
// Set focus
document.forms[0].f_2faCode.focus();
};
-->
</script>
</head>
<body onLoad="<?php echo $phpCurrentNavigationOnLoad ?>bodyOnLoad();displayStatusMessage();">
<?php echo $phpMenuOut ?>
<?php echo $phpReducedMenuOut ?>
<?php echo $phpPageTitelOut ?>
<div class="maincontent" name="maincontent" id="maincontent">
<form action="../admin/GA_verification.php" method="post">
<input type="hidden" name="f_act" value="">
<input type="hidden" name="customerId" value="<?php echo $customerId ?>">
<input type="hidden" name="cscIdRoot" value="<?php echo $cscIdRoot ?>">
<input type="hidden" name="cscIdActual" value="<?php echo $cscIdActual ?>">
<?php echo $phpCurrentNavigationInputHidden ?>
<input type="hidden" name="deactivateMenu" value="<?php echo ec($deactivateMenu) ?>">
<?php echo htmlDivLineSpacer("20px"); ?>
<div>
<center>
<tableborder="0" cellpadding="0">
<tr>
<td class="f12np1" align="center"></br></br><span class="f12bp1_blue"><?php echo $pageTitel ?></span></br></br></br></br></br></td>
</tr>
<tr>
<td align="center">
<span class="f10bp1_red">&gt;&gt;</span>&nbsp;&nbsp;
<input type="text" id="f_2faCode" name="f_2faCode" value="" maxlength="6" size="6">&nbsp;&nbsp;&nbsp;&nbsp;
<span class="f10bp1_blue"><a href="javascript:finishPage();"><?php echo getLngt("Bestätigen") ?></a></span>
&nbsp;&nbsp;<span class="f10bp1_red">&lt;&lt;</span>
</br></br></br></br>
</td>
</tr>
<tr>
<td align="center">
<?php echo getLngt("Bitte geben Sie den Code ein, der in Ihrer</br>2-Faktor-Authentifikations-App</br>angezeigt wird!") ?>
</br></br></br></br></br>
</td>
</tr>
<!--
<tr>
<td align="center">
<?php echo getLngt("Sollten Sie nicht an Ihre Authentifikations-App bzw.</br>Ihren Code herankommen, können Sie sich mit dem</br>folgenden Link Ihre hinterlegte Email-Adresse schicken lassen.") ?>
</br></br>
<?php echo getLngt("In dieser Email erhalten Sie einen Einmal-Code,</br>den Sie auf der folgenden Seite eingeben können.") ?></br>
<?php echo getLngt("Nach der Eingabe und Bestätigung werden autorisierte Mitarbeiter informiert") ?></br>
</br></br>
<span class="f10bp1_blue"><a href="javascript:finishPage();"><?php echo getLngt("Bestätigen") ?></a></span>
</br></br></br></br>
</td>
</tr>
-->
</table>
</center>
</div>
<?php echo htmlDivLineSpacer("15px"); ?>
</form>
</div>
</body>
</html>
<?php else :
session_destroy();
header("Location: ../admin/login.php");
endif; ?>