2FA added, Part 1.

2665c0c6 · Amin.MasterkinG · a66876c2 · 2665c0c6 · 2665c0c6
Commit 2665c0c6 authored Jul 28, 2020 by Amin.MasterkinG
--- a/application/config/config.php.sample
+++ b/application/config/config.php.sample
@@ -208,7 +208,6 @@ soap_2d_command
    account set 2fa {USERNAME} off
 soap_2e_command
    Command to enable 2fa.
-    account set 2fa {USERNAME} off
    account set 2fa {USERNAME} {SECRET}
 =====================================================================*/
 $config['2fa_support'] = false;

--- a/application/include/user.php
+++ b/application/include/user.php
@@ -20,6 +20,7 @@ class user
        }

        if (!empty($_POST['submit'])) {
+            self::tfa_enable();
            if (get_config('battlenet_support')) {
                self::bnet_register();
                self::bnet_changepass();
@@ -547,4 +548,60 @@ class user
        database::$auth->query("ALTER TABLE `account` ADD COLUMN `restore_key` varchar(255) NULL DEFAULT '1';");
        return true;
    }
+    
+    /**
+     * Enable 2fa
+     * @return bool
+     */
+    public static function tfa_enable()
+    {
+        global $antiXss;
+
+        if (empty(get_config('2fa_support'))) {
+            return false;
+        }
+
+        if (empty($_POST['submit']) || $_POST['submit'] != 'etfa' || empty($_POST['email']) || (empty(get_config('battlenet_support')) && empty($_POST['username']))) {
+            return false;
+        }
+
+        if (!captcha_validation()) {
+            return false;
+        }
+
+        $userinfo = self::get_user_by_email(strtoupper($_POST['email']));
+        if (empty($userinfo['id'])) {
+            error_msg('Account is not valid.');
+            return false;
+        }
+
+        if (empty(get_config('battlenet_support')) && strtolower($userinfo['username']) != strtolower($_POST['username'])) {
+            error_msg('Account is not valid.');
+            return false;
+        }
+
+        $verify_key = md5(strtolower($userinfo['email']) . "_" . time() . rand(1, 999999));
+
+        if (!isset($userinfo['restore_key'])) {
+            self::add_password_key_to_acctbl();
+        }
+
+        database::$auth->update('account', [
+            'restore_key' => $antiXss->xss_clean($verify_key)
+        ], [
+            'id[=]' => $userinfo['id']
+        ]);
+
+        $account = $userinfo['email'];
+        if(empty(get_config('battlenet_support')))
+        {
+            $account = $userinfo['username'];
+        }
+
+        $restorepass_URL = get_config('baseurl') . '/index.php?enabletfa=' . strtolower($verify_key) . '&account=' . strtolower($account);
+        $message = "Hey, to enable Two-Factor Authentication (2FA), Please open  <a href='$restorepass_URL' target='_blank'>this link</a>: <BR>$restorepass_URL";
+        send_phpmailer(strtolower($userinfo['email']), 'Enable Account 2FA', $message);
+        success_msg('Check your email, (Check SPAM/Junk too).');
+        return true;
+    }
 }