diff options
| author | Mario <mario@mariovavti.com> | 2023-03-11 20:24:56 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2023-03-11 20:24:56 +0000 |
| commit | ac9c33fb3b31f4a3801fbdf7c723b923d699964d (patch) | |
| tree | edc1f7bad40238e4150709bc5cd6f58cdc012443 /Zotlabs | |
| parent | 641b1c2e1b5be0d5b7b94ea6566238baa830ebe4 (diff) | |
| download | volse-hubzilla-ac9c33fb3b31f4a3801fbdf7c723b923d699964d.tar.gz volse-hubzilla-ac9c33fb3b31f4a3801fbdf7c723b923d699964d.tar.bz2 volse-hubzilla-ac9c33fb3b31f4a3801fbdf7c723b923d699964d.zip | |
check form security token and require password to enable/diable mfa
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Module/Settings/Multifactor.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/Zotlabs/Module/Settings/Multifactor.php b/Zotlabs/Module/Settings/Multifactor.php index 191055e2c..4df718c6a 100644 --- a/Zotlabs/Module/Settings/Multifactor.php +++ b/Zotlabs/Module/Settings/Multifactor.php @@ -12,10 +12,24 @@ use ParagonIE\ConstantTime\Base32; class Multifactor { public function post() { + check_form_security_token_redirectOnErr('/settings/multifactor', 'settings_mfa'); + $account = App::get_account(); if (!$account) { return; } + + if (empty($_POST['password'])) { + notice(t('Password is required') . EOL); + return; + } + + $password = trim($_POST['password']); + if(!account_verify_password($account['account_email'], $password)) { + notice(t('The provided password is not correct') . EOL); + return; + } + $enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false; AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa); if ($enable_mfa) { @@ -67,6 +81,7 @@ class Multifactor { t('Logging in will require you to be in possession of your smartphone with an authenticator app'), [t('No'), t('Yes')] ], + '$password' => ['password', t('Please enter your password'), '', t('Required')], '$submit' => t('Submit'), '$test' => t('Test') ] |