-
-
Notifications
You must be signed in to change notification settings - Fork 552
/
Copy pathself-unlock.php
81 lines (70 loc) · 2.23 KB
/
self-unlock.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
declare(strict_types=1);
/**
* Teampass - a collaborative passwords manager.
* ---
* This file is part of the TeamPass project.
*
* TeamPass is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3 of the License.
*
* TeamPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* Certain components of this file may be under different licenses. For
* details, see the `licenses` directory or individual file headers.
* ---
* @file 2fa.js.php
* @author Nils Laumaillé (nils@teampass.net)
* @copyright 2009-2024 Teampass.net
* @license GPL-3.0
* @see https://www.teampass.net
*/
use Symfony\Component\HttpFoundation\Request as SymfonyRequest;
// Load functions
require_once __DIR__. '/includes/config/include.php';
require_once __DIR__.'/sources/main.functions.php';
// init
loadClasses();
// Get username and OTP from GET parameters
$request = SymfonyRequest::createFromGlobals();
$username = $request->query->get('login', '');
$otp = $request->query->get('otp', '');
// Redirect user to teampass if username or otp is not provided
if (empty($username) || empty($otp)) {
header('Location: ./index.php');
exit;
}
// Check for existing lock
$result = DB::queryFirstField(
'SELECT 1
FROM ' . prefixTable('auth_failures') . '
WHERE unlock_at = (
SELECT MAX(unlock_at)
FROM ' . prefixTable('auth_failures') . '
WHERE unlock_at > %s
AND source = %s AND value = %s)
AND unlock_code = %s',
date('Y-m-d H:i:s', time()),
'login',
$username,
$otp
);
// Delete all logs for this user if provided OTP is correct
if ($result) {
DB::delete(
prefixTable('auth_failures'),
'source = %s AND value = %s',
'login',
$username
);
}
// Redirect user to teampass
header('Location: ./index.php');
exit;