i need help with two way authentication ?

The recommended method of customizing your AppGini-generated application is through hooks. But sometimes you might need to add functionality not accessible through hooks. You can discuss this here.
Post Reply
xbox2007
Veteran Member
Posts: 129
Joined: 2016-12-16 16:49

i need help with two way authentication ?

Post by xbox2007 » 2020-05-27 23:34

i try to make two way authentication

i already make it but need help to improve code
i am not professional i only use my little experience to make this code , i need someone to help me to make professional code
qq.png
qq.png (111.34 KiB) Viewed 3787 times
this is my code

Code: Select all

function logInMember() {		
			if($_POST['Code1'] != '') {
			if($_POST['username'] != '' && $_POST['password'] != '') {
				$username = makeSafe(strtolower($_POST['username']));
				$password = $_POST['password'];
				$hash = sqlValue("select passMD5 from membership_users where lcase(memberID)='{$username}' and isApproved=1 and isBanned=0");
			if(password_match($password, $hash)) {					
				$key  = mt_rand(100000,999999);	
				$ts1 = date("Y-m-d H:i:s");
				sql("INSERT INTO `auth` (`email`, `key`, `expDate`)VALUES ('".$username."', '".$key."', '".$ts1."');", $eo);
				} else {
					echo "Wrong Password";
				}
			}
			}
							
		$redir = 'index.php';
		if($_POST['signIn'] != '') {
			if($_POST['username'] != '' && $_POST['password'] != '' && $_POST['Code'] != '') {
				$Code   = $_POST['Code'];
				$username = makeSafe(strtolower($_POST['username']));
				$hash = sqlValue("select passMD5 from membership_users where lcase(memberID)='{$username}' and isApproved=1 and isBanned=0");
				$password = $_POST['password'];
				$key = sqlValue("select `key` from auth where email ='{$username}' ORDER BY id DESC LIMIT 1");		
				
				if(password_match($password, $hash) && $Code  == $key) {										
					$_SESSION['memberID'] = $username;
					$_SESSION['memberGroupID'] = sqlValue("SELECT `groupID` FROM `membership_users` WHERE LCASE(`memberID`)='{$username}'");

					if($_POST['rememberMe'] == 1) {
						RememberMe::login($username);
					}else{
						RememberMe::delete();
					}

					// harden user's password hash
					password_harden($username, $password, $hash);

					// hook: login_ok
					if(function_exists('login_ok')) {
						$args=array();
						if(!$redir=login_ok(getMemberInfo(), $args)) {
							$redir='index.php';
						}
					}					
					sql("DELETE from auth where email ='{$username}'", $eo); 
					redirect($redir);
					exit;
				}
			}

code need to improve

Post Reply