mirror/postfixadmin
0
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2024-09-19 19:22:14 +02:00
Code

if totp is not enabled, nuke the session and redirect to login.php

Browse Source
This commit is contained in:
David Goodwin 2024-01-01 22:41:36 +00:00
parent b53fa74fdb
commit 600e45fe66
No known key found for this signature in database
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
public/login-mfa.php
View File

@ -33,6 +33,12 @@ $CONF = Config::getInstance()->getAll();
$smarty = PFASmarty::getInstance();
$error = '';
if (Config::bool('totp') === false) {
session_destroy();
session_start();
header("Location: login.php");
exit(0); // shouldn't really be here?
}
if (authentication_has_role("admin")) {
header("Location: main.php");
exit(0);
@ -55,7 +61,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
die('Invalid token! (CSRF check failed)');
}
$totppf = new TotpPf('admin');
$totppf = new TotpPf('admin', new Login('admin'));
$fTotp = safepost('fTOTP_code');
$h = new AdminHandler();