+- UserSpice (https://userspice.com/forums)
+-- Forum: Miscellaneous (https://userspice.com/forums/forumdisplay.php?fid=28)
+--- Forum: Modifications and Hackery (https://userspice.com/forums/forumdisplay.php?fid=29)
+--- Thread: 2-Factor Authentication (2FA - Done) (/showthread.php?tid=839)
2-Factor Authentication (2FA - Done) - Trioxin - 11-20-2017
/api/?action=verify2FA&twoCode=blabla
2-Factor Authentication (2FA - Done) - Jamie - 11-20-2017
It says it's been validated, also states it within dev tools http://prntscr.com/hd2odk
2-Factor Authentication (2FA - Done) - Trioxin - 11-20-2017
you sent it blabla or the code from your phone?
2-Factor Authentication (2FA - Done) - Trioxin - 11-20-2017
you got it working?
2-Factor Authentication (2FA - Done) - Trioxin - 11-20-2017
Code updated again. I added an if statement to the API: https://hastebin.com/oxohagajel.xml
2-Factor Authentication (2FA - Done) - Jamie - 11-20-2017
There's an extra
Quote:}
on line 31 in /api/index.php
2-Factor Authentication (2FA - Done) - Trioxin - 11-20-2017
Updated to fix that: https://hastebin.com/afejuquqoc.xml
2-Factor Authentication (2FA - Done) - Jamie - 11-20-2017
The changes you made to /api/ fixed the issue (I checked on database to see that 2-factor auth is enabled for the user), but attempt to sign in without an auth code and it allows the user with just their user and pass.
Any idea why?
2-Factor Authentication (2FA - Done) - Jamie - 11-20-2017
Also
Quote:PHP Fatal error: Cannot use isset() on the result of an expression (you can use "null !== expression" instead)
To fix it I did
Quote: $currentUser = $user->data();
if(isset($currentUser)) {
2-Factor Authentication (2FA - Done) - Trioxin - 11-20-2017
You can rework how you want the API to detect logged in users however you want. I just changed mine a bit after you said that.