blob: c292279a3123327c67c2ad376506a37172053501 [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
Adrià Vilanova Martínez5af86512023-12-02 20:44:16 +01002/*
3 * hores
4 * Copyright (c) 2023 Adrià Vilanova Martínez
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
15 *
16 * You should have received a copy of the GNU Affero General Public
17 * License along with this program.
18 * If not, see http://www.gnu.org/licenses/.
19 */
20
Copybara botbe50d492023-11-30 00:16:42 +010021require_once("core.php");
22security::checkType(security::WORKER, security::METHOD_NOTFOUND);
23security::checkWorkerUIEnabled();
24secondFactor::checkAvailability();
25
26if (!secondFactor::isEnabled()) {
27 security::notFound();
28}
29
30if (!security::checkParams("POST", [
31 ["id", security::PARAM_ISSET]
32])) {
33 security::go("security.php?msg=empty");
34}
35
36$id = (int)$_POST["id"];
37
38$url = ((security::isAllowed(security::ADMIN) && $id != people::userData("id")) ? "users.php" : "security.php");
39
40if (!security::isAllowed(security::ADMIN)) {
41 if ($id != people::userData("id")) security::notFound();
42
43 if (!security::checkParams("POST", [
44 ["password", security::PARAM_ISSET]
45 ])) {
46 security::go($url."?msg=empty");
47 }
48
49 $password = (string)$_POST["password"];
50
51 if (!security::isUserPassword(false, $password)) security::go($url."?msg=wrongpassword");
52}
53
54if (secondFactor::disable($id)) {
55 security::go($url."?msg=disabledsecondfactor");
56} else {
57 security::go($url."?msg=unexpected");
58}