Verified Commit f30ba514 authored by Helmo's avatar Helmo
Browse files

Reduce scope, validation state can later be stored in otp_data.

parent 792764fe
ALTER TABLE `sys_user` ADD `otp_enabled` SET('n', 'y','v') NOT NULL DEFAULT 'n' COMMENT 'v=waiting for validation of the chosen otp method' AFTER `lost_password_reqtime`, ADD `otp_type` SET('email') NOT NULL DEFAULT 'email' AFTER `otp_enabled`, ADD `otp_data` VARCHAR(255) NULL AFTER `otp_type`, ADD `otp_recovery` VARCHAR(64) NULL AFTER `otp_data`, ADD `otp_attempts` TINYINT NOT NULL DEFAULT '0' AFTER `otp_recovery`;
ALTER TABLE `sys_user` ADD `otp_type` SET('email') NOT NULL DEFAULT 'email' AFTER `otp_enabled`, ADD `otp_data` VARCHAR(255) NULL AFTER `otp_type`, ADD `otp_recovery` VARCHAR(64) NULL AFTER `otp_data`, ADD `otp_attempts` TINYINT NOT NULL DEFAULT '0' AFTER `otp_recovery`;
......@@ -1842,7 +1842,6 @@ CREATE TABLE `sys_user` (
`lost_password_function` tinyint(1) NOT NULL default '1',
`lost_password_hash` VARCHAR(50) NOT NULL default '',
`lost_password_reqtime` DATETIME NULL default NULL,
`otp_enabled` set('n','y','v') NOT NULL DEFAULT 'n',
`otp_type` set('email') NOT NULL DEFAULT 'email',
`otp_data` varchar(255) DEFAULT NULL,
`otp_recovery` varchar(64) DEFAULT NULL,
......
......@@ -138,7 +138,7 @@ function process_login_request(app $app, &$error, $conf, $module)
} else {
//* Do 2FA authentication
if($user['otp_enabled'] == 'y') {
if($user['otp_type'] != 'none') {
//* Save session in pending state and destroy original session
$_SESSION['s_pending'] = $_SESSION['s'];
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment