search

antonioribeiro / google2fa

A One Time Password Authentication package, compatible with Google Authenticator.
MIT License
1.83k stars 199 forks source link

Secret key is too short. Must be at least 16 base32 characters #191

Closed NaysKutzu closed 7 months ago

NaysKutzu commented 9 months ago 

<?php
require("requirements/page.php");

use BaconQrCode\Renderer\Image\ImagickImageBackEnd;
use BaconQrCode\Renderer\ImageRenderer;
use BaconQrCode\Renderer\RendererStyle\RendererStyle;
use BaconQrCode\Writer;
use PragmaRX\Google2FA\Google2FA;
use MythicalClient\Handlers\ConfigHandler;

if ($session->getUserInfo("2fa_enabled") == "true") {
    header('location: /dashboard');
    die();
}

$google2fa = new Google2FA();
//Check if the key is in the database
if ($session->getUserInfo("2fa_secret") == null) {
    $secretKey = $google2fa->generateSecretKey(32);
    if (!$session->updateRowEncrypted($_COOKIE['token'], "2fa_secret", $secretKey)) {
        header('location: /dashboard?e=db_error');
        die();
    }
} else {
    $secretKey = $session->getUserInfoEncrypted("2fa_secret");
}

$g2faUrl = $google2fa->getQRCodeUrl(
    ConfigHandler::get('app', 'name'),
    $session->getUserInfoEncrypted("email"),
    $secretKey
);

$writer = new Writer(
    new ImageRenderer(
        new RendererStyle(400),
        new ImagickImageBackEnd()
    )
);
?>```