FbIN/htmly
1
0
Fork 0
mirror of https://github.com/danpros/htmly.git synced 2026-04-17 11:16:00 +05:30
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #854 from KuJoe/master

Browse source 
Cleaned up MFA by @KuJoe
This commit is contained in:
Dan 2025-01-16 08:56:24 +07:00 committed by GitHub
commit fdfb97ed48
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 92 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

9
system/admin/views/edit-mfa.html.php
View file

@ -8,6 +8,9 @@ use PragmaRX\Google2FA\Google2FA;
use BaconQrCode\Renderer\GDLibRenderer;
use BaconQrCode\Writer;
$domain = site_url();
$domain = str_replace("https://", "", $domain);
$domain = rtrim($domain, "/");
$mfa_state = user('mfa_secret', $user);
if (is_null($mfa_state) || $mfa_state == 'disabled') {
@ -19,7 +22,7 @@ if (is_null($mfa_state) || $mfa_state == 'disabled') {
$g2faUrl = $google2fa->getQRCodeUrl(
$user,
site_url(),
$domain,
$mfasecret
);
@ -60,7 +63,7 @@ if (is_null($mfa_state) || $mfa_state == 'disabled') {
</div>
</div>
<input type="hidden" name="mfa_secret" value="<?php echo $mfasecret;?>">
<input type="submit" class="btn btn-primary" style="width:100px;" value="<?php echo i18n('Save');?>">'
<input type="submit" class="btn btn-primary" style="width:100px;" value="<?php echo i18n('Save');?>">
<?php } else { ?>
<input type="hidden" name="mfa_secret" value="disabled">
<div class="form-group row">
@ -70,5 +73,5 @@ if (is_null($mfa_state) || $mfa_state == 'disabled') {
</div>
</div>
<input type="submit" class="btn btn-primary" value="<?php echo i18n('disablemfa');?>">
<?php } ?>
<?php } ?>
</form>

15
system/admin/views/login-mfa.html.php Normal file
View file

@ -0,0 +1,15 @@
<?php if (!defined('HTMLY')) die('HTMLy'); ?>
<style>.error-message ul {margin:0;padding:0;}</style>
<?php if (isset($error)) { ?>
<div class="error-message"><?php echo $error ?></div>
<?php } ?>
<h1><?php echo i18n('Login');?></h1>
<form method="POST" action="login-mfa">
<input type="hidden" name="csrf_token" value="<?php echo get_csrf() ?>">
<input type="hidden" name="user" value="<?php echo $username; ?>">
<input type="hidden" name="password" value="<?php echo $password; ?>">
<label><?php echo i18n('MFACode');?></label>
<input type="text" class="form-control" name="mfacode" placeholder="<?php echo i18n('verify_code'); ?>"/>
<br>
<input type="submit" class="btn btn-primary" name="submit" value="<?php echo i18n('Login');?>"/>
</form>

7
system/admin/views/login.html.php
View file

@ -21,11 +21,6 @@
} ?>" name="password" placeholder="<?php echo i18n('Password'); ?>"/>
<br>
<input type="hidden" name="csrf_token" value="<?php echo get_csrf() ?>">
<?php if (config('mfa.state') === 'true'): ?>
<label><?php echo i18n('MFACode');?></label>
<input type="text" class="form-control" name="mfacode" placeholder="<?php echo i18n('verify_code'); ?>"/>
<br>
<?php endif; ?>
<?php if (config('login.protect.system') === 'google'): ?>
<script src='https://www.google.com/recaptcha/api.js'></script>
<div class="g-recaptcha" data-sitekey="<?php echo config("login.protect.public"); ?>"></div>
@ -33,7 +28,7 @@
<?php endif; ?>
<?php if (config('login.protect.system') === 'cloudflare'): ?>
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" defer></script>
<div style="text-align:center;" class="cf-turnstile" data-sitekey="<?php echo config("login.protect.public"); ?>"></div>
<div style="text-align:center;" class="cf-turnstile" data-sitekey="<?php echo config("login.protect.public"); ?>"></div>
<br/>
<?php endif; ?>
<input type="submit" class="btn btn-primary" name="submit" value="<?php echo i18n('Login');?>"/>

113
system/htmly.php
View file

@ -79,7 +79,7 @@ get('/index', function () {
} else {
$pview = 'main';
}
$tblog = new stdClass;
$tblog->title = blog_tagline();
$tblog->url = site_url();
@ -147,49 +147,22 @@ post('/login', function () {
$user = from($_REQUEST, 'user');
$pass = from($_REQUEST, 'password');
$mfa_secret = user('mfa_secret', $user);
if ($proper && $captcha && !empty($user) && !empty($pass)) {
if ($proper && $captcha && !empty($user) && !empty($pass)) {
if (!is_null($mfa_secret) && $mfa_secret !== "disabled") {
$mfacode = from($_REQUEST, 'mfacode');
$google2fa = new Google2FA();
if ($google2fa->verifyKey($mfa_secret, $mfacode, '1')) {
session($user, $pass);
$log = session($user, $pass);
config('views.root', 'system/admin/views');
if (!empty($log)) {
config('views.root', 'system/admin/views');
render('login', array(
'title' => generate_title('is_default', i18n('Login')),
'description' => i18n('Login') . ' ' . blog_title(),
'canonical' => site_url(),
'metatags' => generate_meta(null, null),
'error' => '<ul>' . $log . '</ul>',
'type' => 'is_login',
'is_login' => true,
'bodyclass' => 'in-login',
'breadcrumb' => '<a href="' . site_url() . '">' . config('breadcrumb.home') . '</a> &#187; ' . i18n('Login')
));
}
} else {
$message['error'] = '';
$message['error'] .= '<li class="alert alert-danger">' . i18n('MFA_Error') . '</li>';
config('views.root', 'system/admin/views');
render('login', array(
'title' => generate_title('is_default', i18n('Login')),
'description' => i18n('Login') . ' ' . blog_title(),
'canonical' => site_url(),
'metatags' => generate_meta(null, null),
'error' => '<ul>' . $message['error'] . '</ul>',
'username' => $user,
'password' => $pass,
'type' => 'is_login',
'is_login' => true,
'bodyclass' => 'in-login',
'breadcrumb' => '<a href="' . site_url() . '">' . config('breadcrumb.home') . '</a> &#187; ' . i18n('Login')
));
}
render('login-mfa', array(
'title' => generate_title('is_default', i18n('Login')),
'description' => i18n('Login') . ' ' . blog_title(),
'canonical' => site_url(),
'metatags' => generate_meta(null, null),
'username' => $user,
'password' => $pass,
'type' => 'is_login',
'is_login' => true,
'bodyclass' => 'in-login',
'breadcrumb' => '<a href="' . site_url() . '">' . config('breadcrumb.home') . '</a> &#187; ' . i18n('Login')
));
} else {
session($user, $pass);
$log = session($user, $pass);
@ -244,6 +217,60 @@ post('/login', function () {
}
});
// Verify MFA
post('/login-mfa', function () {
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
$user = from($_REQUEST, 'user');
$pass = from($_REQUEST, 'password');
$mfacode = from($_REQUEST, 'mfacode');
$mfa_secret = user('mfa_secret', $user);
$google2fa = new Google2FA();
if ($proper && $google2fa->verifyKey($mfa_secret, $mfacode, '1')) {
session($user, $pass);
$log = session($user, $pass);
if (!empty($log)) {
config('views.root', 'system/admin/views');
render('login', array(
'title' => generate_title('is_default', i18n('Login')),
'description' => i18n('Login') . ' ' . blog_title(),
'canonical' => site_url(),
'metatags' => generate_meta(null, null),
'error' => '<ul>' . $log . '</ul>',
'type' => 'is_login',
'is_login' => true,
'bodyclass' => 'in-login',
'breadcrumb' => '<a href="' . site_url() . '">' . config('breadcrumb.home') . '</a> &#187; ' . i18n('Login')
));
}
} else {
$message['error'] = '';
if (!$proper) {
$message['error'] .= '<li class="alert alert-danger">' . i18n('Token_Error') . '</li>';
} else {
$message['error'] .= '<li class="alert alert-danger">' . i18n('MFA_Error') . '</li>';
}
config('views.root', 'system/admin/views');
render('login-mfa', array(
'title' => generate_title('is_default', i18n('Login')),
'description' => i18n('Login') . ' ' . blog_title(),
'canonical' => site_url(),
'metatags' => generate_meta(null, null),
'error' => '<ul>' . $message['error'] . '</ul>',
'username' => $user,
'password' => $pass,
'type' => 'is_login',
'is_login' => true,
'bodyclass' => 'in-login',
'breadcrumb' => '<a href="' . site_url() . '">' . config('breadcrumb.home') . '</a> &#187; ' . i18n('Login')
));
}
});
// Show the author page
get('/author/:name', function ($name) {
@ -3984,7 +4011,7 @@ get('/:static', function ($static) {
} else {
$pview = 'main';
}
$tblog = new stdClass;
$tblog->title = blog_string();
$tblog->url = site_url() . blog_path();