<%
include("language.html")
if _SESSION["username"] ~= nil then
local secretcode = _POST["secretcode"] or nil
local digitalcode = _POST["digitalcode"] or nil
local mainpage = "main.html"
local loginpage = "login.html"
local isSmartPhone = false
local strUserAgent = string.match(strHead,"User%-Agent:%s?(%s[^\r\n]*)")
if strUserAgent ~= nil then
strUserAgent = string.lower(strUserAgent)
if string.find(strUserAgent, "android") or string.find(strUserAgent, "iphone") then
isSmartPhone = true
end
end
if isSmartPhone == true then
mainpage = "main_m.html"
end
if _SESSION["currentpath"] ~= nil then
print("")
else
if secretcode ~= nil and digitalcode~= nil then
local enableTwoFactor, twoFactorCode = c_GetSecretCode(_SESSION["username"])
if secretcode == "" then
if enableTwoFactor ~= nil and enableTwoFactor == true then
if twoFactorCode ~= nil and twoFactorCode ~= "" and c_TotpCode(twoFactorCode) == digitalcode and _SESSION["logintime"] ~= nil and (os.time() - tonumber(_SESSION["logintime"])) >= 2 then
rawset(_SESSION,"currentpath","/")
SessionModule.save(_SESSION_ID)
c_AddConnection(_SESSION["username"],"/",_REMOTE_IP,_SESSION_ID,"LOGIN OK")
c_AddWebLog("User '".._SESSION["username"].."' logged in ok! (IP:".._REMOTE_IP..")",_SESSION_ID,DOMAIN_LOG_WEB_RESPOND)
c_DoWebEvent(WEB_USER_LOGIN_EVENT,_SESSION_ID)
print("")
else
print("")
end
else
print("")
end
else
if enableTwoFactor ~= nil and enableTwoFactor == true and twoFactorCode ~= nil and twoFactorCode == "" then
local totp_randomkey = _SESSION["totp_randomkey"] or secretcode
if c_TotpCode(totp_randomkey) == digitalcode and _SESSION["logintime"] ~= nil and string.len(totp_randomkey) == 16 and (os.time() - tonumber(_SESSION["logintime"])) >= 2 then
c_ChangeSecretCode(_SESSION["username"], totp_randomkey)
rawset(_SESSION,"currentpath","/")
rawset(_SESSION,"totp_randomkey","")
SessionModule.save(_SESSION_ID)
c_AddConnection(_SESSION["username"],"/",_REMOTE_IP,_SESSION_ID,"LOGIN OK")
c_AddWebLog("User '".._SESSION["username"].."' logged in ok! (IP:".._REMOTE_IP..")",_SESSION_ID,DOMAIN_LOG_WEB_RESPOND)
c_AddWebLog("User '".._SESSION["username"].."' updated the TOTP secret code.",_SESSION_ID,DOMAIN_LOG_WEB_RESPOND)
c_DoWebEvent(WEB_USER_LOGIN_EVENT,_SESSION_ID)
print("")
else
print("")
end
end
end
end
end
else
print("")
end
%>