Reduce scope, validation state can later be stored in otp_data.

install/sql/incremental/upd_dev_collection.sql

-ALTER TABLE `sys_user` ADD `otp_enabled` SET('n', 'y','v') NOT NULL DEFAULT 'n' COMMENT 'v=waiting for validation of the chosen otp method' AFTER `lost_password_reqtime`, ADD `otp_type` SET('email') NOT NULL DEFAULT 'email' AFTER `otp_enabled`, ADD `otp_data` VARCHAR(255) NULL AFTER `otp_type`, ADD `otp_recovery` VARCHAR(64) NULL AFTER `otp_data`, ADD `otp_attempts` TINYINT NOT NULL DEFAULT '0' AFTER `otp_recovery`;
+ALTER TABLE `sys_user` ADD `otp_type` SET('email') NOT NULL DEFAULT 'email' AFTER `otp_enabled`, ADD `otp_data` VARCHAR(255) NULL AFTER `otp_type`, ADD `otp_recovery` VARCHAR(64) NULL AFTER `otp_data`, ADD `otp_attempts` TINYINT NOT NULL DEFAULT '0' AFTER `otp_recovery`;

install/sql/ispconfig3.sql

@@ -1842,7 +1842,6 @@ CREATE TABLE `sys_user` (
   `lost_password_function` tinyint(1) NOT NULL default '1',
   `lost_password_hash` VARCHAR(50) NOT NULL default '',
   `lost_password_reqtime` DATETIME NULL default NULL,
-  `otp_enabled` set('n','y','v') NOT NULL DEFAULT 'n',
   `otp_type` set('email') NOT NULL DEFAULT 'email',
   `otp_data` varchar(255) DEFAULT NULL,
   `otp_recovery` varchar(64) DEFAULT NULL,

interface/web/login/index.php

@@ -138,7 +138,7 @@ function process_login_request(app $app, &$error, $conf, $module)
 		} else {
 
 			//* Do 2FA authentication
-			if($user['otp_enabled'] == 'y') {
+			if($user['otp_type'] != 'none') {
 
 				//* Save session in pending state and destroy original session
 				$_SESSION['s_pending'] = $_SESSION['s'];