User->login_user()) { $qls->redirect($qls->config['login_redirect']); } else { $qls->redirect('login.php?f=' . $qls->User->login_error); } } else { session_start(); define('QUADODO_IN_SYSTEM', true); // What language? require_once('includes/Blank.lang.php'); require_once('includes/qls.class.php'); // Start the main class $qls = new qls(SYS_CURRENT_LANG); if (isset($_POST['process'])) { // Try to login the user if ($qls->User->login_user()) { $qls->redirect($qls->config['login_redirect']); } else { $qls->redirect('login.php?f=' . $qls->User->login_error); } } else if (isset($_POST['processGAuth'])) { $gAuthCode = $_POST['gAuthCode']; $username = $_POST['username']; $user_info = $qls->User->fetch_user_info($username); $secret = $user_info['mfa_secret']; $gAuthResponse = $qls->gAuth->checkCode($secret, $gAuthCode); error_log($secret.' - '.$gAuthCode.' - '.$gAuthResponse); $mfaAuthToken = $_SESSION[$qls->config['cookie_prefix'] . 'mfa_auth_token']; unset($_SESSION[$qls->config['cookie_prefix'] . 'mfa_auth_token']); if ($gAuthResponse) { if($mfaAuthToken == $user_info['mfa_auth_token']) { if ($qls->User->login_user($username)) { $qls->redirect($qls->config['login_redirect']); } else { $qls->redirect('login.php?f=' . $qls->User->login_error); } } else { $qls->redirect('login.php?f=' . LOGIN_MFA_FAILURE_CODE); } } else { $qls->redirect('login.php?f=' . LOGIN_MFA_FAILURE_CODE); } } else { $qls->redirect('login.php'); } }