decrypt_login(); $password = $credentials[1]; $user = $_SESSION['user2factor']; if (get_preg($user, 'dn')) { $user = extractRDNValue($user); } // get serials try { $service = new TwoFactorProviderService($config); $provider = $service->getProvider(); $serials = $provider->getSerials($user, $password); } catch (\Exception $e) { logNewMessage(LOG_ERR, 'Unable to get 2-factor serials for ' . $user . ' ' . $e->getMessage()); metaRefresh("login.php?2factor=error"); die(); } $twoFactorLabelConfig = $config->getTwoFactorAuthenticationLabel(); $twoFactorLabel = empty($twoFactorLabelConfig) ? _('PIN+Token') : $twoFactorLabelConfig; if (sizeof($serials) == 0) { if ($config->getTwoFactorAuthenticationOptional()) { unset($_SESSION['2factorRequired']); unset($_SESSION['user2factor']); metaRefresh("main.php"); die(); } else { metaRefresh("login.php?2factor=noToken"); die(); } } if (isset($_POST['logout'])) { // destroy session session_destroy(); unset($_SESSION); // redirect to login page metaRefresh("login.php"); exit(); } if (isset($_POST['submit'])) { $twoFactorInput = $_POST['2factor']; $serial = $_POST['serial']; if (empty($twoFactorInput) || !in_array($serial, $serials)) { $errorMessage = _(sprintf('Please enter "%s".', $twoFactorLabel)); } else { $twoFactorValid = false; try { $twoFactorValid = $provider->verify2ndFactor($user, $password, $serial, $twoFactorInput); } catch (\Exception $e) { logNewMessage(LOG_WARNING, '2-factor verification failed: ' . $e->getMessage()); } if ($twoFactorValid) { unset($_SESSION['2factorRequired']); unset($_SESSION['user2factor']); metaRefresh("main.php"); die(); } else { $errorMessage = _(sprintf('Verification failed.', $twoFactorLabel)); } } } ?>
LDAP Account Manager |