blob: 7ee3460ff5c94e8070f8eff41522fe6b7036534a [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
2require_once("core.php");
3security::checkType(security::WORKER, security::METHOD_NOTFOUND);
4security::checkWorkerUIEnabled();
5secondFactor::checkAvailability();
6
7if (!secondFactor::isEnabled()) {
8 security::notFound();
9}
10
11if (!security::checkParams("POST", [
12 ["id", security::PARAM_ISSET]
13])) {
14 security::go("security.php?msg=empty");
15}
16
17$id = (int)$_POST["id"];
18
19$url = ((security::isAllowed(security::ADMIN) && $id != people::userData("id")) ? "users.php" : "security.php");
20
21if (!security::isAllowed(security::ADMIN)) {
22 if ($id != people::userData("id")) security::notFound();
23
24 if (!security::checkParams("POST", [
25 ["password", security::PARAM_ISSET]
26 ])) {
27 security::go($url."?msg=empty");
28 }
29
30 $password = (string)$_POST["password"];
31
32 if (!security::isUserPassword(false, $password)) security::go($url."?msg=wrongpassword");
33}
34
35if (secondFactor::disable($id)) {
36 security::go($url."?msg=disabledsecondfactor");
37} else {
38 security::go($url."?msg=unexpected");
39}