close();
header("Location: .");
exit();
}
if (!isset($_SESSION['totp_user_id'])) {
$db->close();
header("Location: login.php");
exit();
}
$theme = "light";
$updateThemeSettings = false;
if (isset($_COOKIE['theme'])) {
$theme = $_COOKIE['theme'];
} else {
$updateThemeSettings = true;
}
$colorTheme = "blue";
if (isset($_COOKIE['colorTheme'])) {
$colorTheme = $_COOKIE['colorTheme'];
}
$demoMode = getenv('DEMO_MODE');
$cookieExpire = time() + (30 * 24 * 60 * 60);
$invalidTotp = false;
if (isset($_POST['one-time-code'])) {
$totp_code = $_POST['one-time-code'];
$statement = $db->prepare('SELECT totp_secret, backup_codes FROM totp WHERE user_id = :id');
$statement->bindValue(':id', $_SESSION['totp_user_id'], SQLITE3_INTEGER);
$result = $statement->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
$totp_secret = $row['totp_secret'];
$backupCodes = json_decode($row['backup_codes'], true);
require_once 'libs/OTPHP/FactoryInterface.php';
require_once 'libs/OTPHP/Factory.php';
require_once 'libs/OTPHP/ParameterTrait.php';
require_once 'libs/OTPHP/OTPInterface.php';
require_once 'libs/OTPHP/OTP.php';
require_once 'libs/OTPHP/TOTPInterface.php';
require_once 'libs/OTPHP/TOTP.php';
require_once 'libs/Psr/Clock/ClockInterface.php';
require_once 'libs/OTPHP/InternalClock.php';
require_once 'libs/constant_time_encoding/Binary.php';
require_once 'libs/constant_time_encoding/EncoderInterface.php';
require_once 'libs/constant_time_encoding/Base32.php';
$clock = new OTPHP\InternalClock();
$totp = OTPHP\TOTP::createFromSecret($totp_secret, $clock);
$totp->setPeriod(30);
$valid = $totp->verify($totp_code, null, 15);
// If totp is not valid check backup codes
if (!$valid) {
if (in_array($totp_code, $backupCodes)) {
$key = array_search($totp_code, $backupCodes);
unset($backupCodes[$key]);
$backupCodes = array_values($backupCodes);
$statement = $db->prepare('UPDATE totp SET backup_codes = :backup_codes WHERE user_id = :id');
$statement->bindValue(':backup_codes', json_encode($backupCodes), SQLITE3_TEXT);
$statement->bindValue(':id', $_SESSION['totp_user_id'], SQLITE3_INTEGER);
$statement->execute();
$valid = true;
} else {
$invalidTotp = true;
}
} else {
$statement = $db->prepare('UPDATE totp SET last_totp_used = :last_totp_used WHERE user_id = :id');
$statement->bindValue(':last_totp_used', time(), SQLITE3_INTEGER);
$statement->bindValue(':id', $_SESSION['totp_user_id'], SQLITE3_INTEGER);
$statement->execute();
}
if ($valid) {
$query = "SELECT id, username, main_currency, language FROM user WHERE id = :id";
$stmt = $db->prepare($query);
$stmt->bindValue(':id', $_SESSION['totp_user_id'], SQLITE3_INTEGER);
$result = $stmt->execute();
$user = $result->fetchArray(SQLITE3_ASSOC);
$_SESSION['username'] = $user['username'];
$_SESSION['loggedin'] = true;
$_SESSION['main_currency'] = $user['main_currency'];
$_SESSION['userId'] = $user['id'];
setcookie('language', $user['language'], [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
if (!isset($_COOKIE['sortOrder'])) {
setcookie('sortOrder', 'next_payment', [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
}
$query = "SELECT color_theme FROM settings WHERE user_id = :id";
$stmt = $db->prepare($query);
$stmt->bindValue(':id', $_SESSION['totp_user_id'], SQLITE3_INTEGER);
$result = $stmt->execute();
$settings = $result->fetchArray(SQLITE3_ASSOC);
setcookie('colorTheme', $settings['color_theme'], [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
unset($_SESSION['totp_user_id']);
$db->close();
header("Location: .");
exit();
}
}
?>
" id="theme-color" />
Wallos - Subscription Tracker
>
>
>
>
>