mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
if totp is not enabled, nuke the session and redirect to login.php
This commit is contained in:
parent
b53fa74fdb
commit
600e45fe66
@ -33,6 +33,12 @@ $CONF = Config::getInstance()->getAll();
|
||||
$smarty = PFASmarty::getInstance();
|
||||
$error = '';
|
||||
|
||||
if (Config::bool('totp') === false) {
|
||||
session_destroy();
|
||||
session_start();
|
||||
header("Location: login.php");
|
||||
exit(0); // shouldn't really be here?
|
||||
}
|
||||
if (authentication_has_role("admin")) {
|
||||
header("Location: main.php");
|
||||
exit(0);
|
||||
@ -55,7 +61,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
die('Invalid token! (CSRF check failed)');
|
||||
}
|
||||
|
||||
$totppf = new TotpPf('admin');
|
||||
$totppf = new TotpPf('admin', new Login('admin'));
|
||||
$fTotp = safepost('fTOTP_code');
|
||||
$h = new AdminHandler();
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user