Verification $mfa_method = intval(hesk_POST('mfa-method')); if ($mfa_method === 1) { $verification_code = generate_mfa_code(); hash_and_store_mfa_verification_code($_SESSION['id'], $verification_code); $mfa_email_sent = send_mfa_email($_SESSION['name'], $_SESSION['email'], $verification_code); $display_step = 2; } elseif ($mfa_method === 2) { $_SESSION['tfa_secret'] = $tfa->createSecret(); $display_step = 2; } elseif ($mfa_method === 0 && $hesk_settings['require_mfa'] === 0) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `mfa_enrollment` = 0 WHERE `id` = " . intval($_SESSION['id'])); delete_mfa_codes($_SESSION['id']); delete_mfa_backup_codes($_SESSION['id']); $_SESSION['mfa_enrollment'] = 0; $display_step = 3; } else { hesk_process_messages($hesklang['mfa_invalid_method'], 'manage_mfa.php'); } } elseif ($current_step === 2) { $mfa_method = intval(hesk_POST('mfa-method')); if ($mfa_method === 1) { $verification_code = hesk_POST('verification-code'); if (is_mfa_email_code_valid($_SESSION['id'], $verification_code)) { //-- Enable MFA for the user and delete the verification code hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `mfa_enrollment` = 1 WHERE `id` = " . intval($_SESSION['id'])); $_SESSION['mfa_enrollment'] = 1; $_SESSION['mfa_backup_codes'] = generate_and_store_mfa_backup_codes($_SESSION['id']); $display_step = 3; } else { //-- Invalid code entered hesk_process_messages($hesklang['mfa_invalid_verification_code'], 'NOREDIRECT'); $display_step = 2; } } elseif ($mfa_method === 2) { $secret = $_SESSION['tfa_secret']; if (is_mfa_app_code_valid($_SESSION['id'], hesk_POST('verification-code'), $secret)) { hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `mfa_enrollment` = 2, `mfa_secret` = '" . hesk_dbEscape($secret) . "' WHERE `id` = " . intval($_SESSION['id'])); $_SESSION['mfa_backup_codes'] = generate_and_store_mfa_backup_codes($_SESSION['id']); unset($_SESSION['tfa_secret']); $_SESSION['mfa_enrollment'] = 2; $display_step = 3; } else { hesk_process_messages($hesklang['mfa_invalid_verification_code'], 'NOREDIRECT'); $display_step = 2; } } else { hesk_process_messages($hesklang['mfa_invalid_method'], 'manage_mfa.php'); } } elseif (hesk_POST('delete_codes') === 'Y') { hesk_token_check(); delete_mfa_backup_codes($_SESSION['id']); hesk_process_messages($hesklang['mfa_del_codes2'], 'NOREDIRECT', 'SUCCESS'); $display_step = 1; $output_at_top = 1; } elseif (hesk_POST('new_codes') === 'Y') { hesk_token_check(); delete_mfa_backup_codes($_SESSION['id']); $new_mfa_backup_codes = generate_and_store_mfa_backup_codes($_SESSION['id']); $backup_codes = implode("\n", array_map(function($code, $key) { return str_pad(($key+1), 2, ' ', STR_PAD_LEFT) . '. ' . substr($code, 0, 4) . '-' . substr($code, 4); }, $new_mfa_backup_codes, array_keys($new_mfa_backup_codes))); hesk_process_messages($hesklang['mfa_new_codes2'] . '

'.$hesklang['mfa_backup_codes_description'].'

'.$backup_codes.'
', 'NOREDIRECT', 'SUCCESS'); $display_step = 1; $output_at_top = 1; } /* Print header */ require_once(HESK_PATH . 'inc/header.inc.php'); /* Print main manage users page */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); ?>


 
>
>
>

QR Code

 


 

 

 

' . $hesklang['mfa_configured'], ' ', false); hesk_show_info('

'.$hesklang['mfa_backup_codes_description'].'

'.$backup_codes.'
', $hesklang['mfa_backup_codes_header'] . '
', false); } else { hesk_show_info($hesklang['mfa_removed'], ' ', false); } ?>