Multi Factor Authentication

rpierce · Post by **rpierce** » 2025-08-19 22:12

Hello AppGeniuses,

My company has many clients including the US government who are pushing very hard for us to implement MFA on our AppGini application. Is there a way of doing this? Any suggestions are greatly appreciated.

Thank you, Ray

ppfoong · Post by **ppfoong** » 2025-08-20 07:51

MFA is built-in in AdminLTE and Admiro by Ronnie.

onoehring · Post by **onoehring** » 2025-08-22 07:29

Hi rpierce,

see: https://github.com/meickert/appgini-googleauthenticator

Olaf

rpierce · Post by **rpierce** » 2025-08-22 15:42

Thank you both for the replies.
ppfoong, what is AdminLTE and Admiro?
Olaf, I will look at the link you provided. Thank you!

Ray

onoehring · Post by **onoehring** » 2025-08-22 16:07

Hi,
Admiro/AminLTE, see https://docs.payhero.co.ke/admiro-dashb ... tion-guide and https://docs.payhero.co.ke/admiro-dashb ... tion-guide

Olaf

rpierce · Post by **rpierce** » 2025-08-22 16:59

Hio Again Olaf,

I have just made the modifications explained in the link you provided above and get the following error message:

Parse error: syntax error, unexpected single-quoted string "totp_secrets", expecting "]" in C:\xampp\htdocs\diaryNEW-08152025\admin\incFunctions.php on line 6885.

Below is the ecode as I have it in my \admin\incFunctions.php file:

Code: Select all

					'totp_secrets' => [
						'uid' => "VARCHAR(50) NOT NULL PRIMARY KEY", 
						'secret' => "VARCHAR(30)", 
						'datetime' => "DATETIME", 
						'ip_address' => "VARCHAR(30)",
				]

Thank you,
Ray

rpierce · Post by **rpierce** » 2025-08-22 17:43

I figured it out I think...
I needed to add a comma to the closing square bracket immediately above the new code to continue the pattern...

Code: Select all

'membership_users' => [
					'memberID' => "VARCHAR(100) NOT NULL PRIMARY KEY",
					'passMD5' => "VARCHAR(255)",
					'email' => "VARCHAR(100)",
					'signupDate' => "DATE",
					'groupID' => "INT UNSIGNED",
					'isBanned' => "TINYINT",
					'isApproved' => "TINYINT",
					'custom1' => "TEXT",
					'custom2' => "TEXT",
					'custom3' => "TEXT",
					'custom4' => "TEXT",
					'comments' => "TEXT",
					'pass_reset_key' => "VARCHAR(100)",
					'pass_reset_expiry' => "INT UNSIGNED",
					'flags' => "TEXT",
					'allowCSVImport' => "TINYINT NOT NULL DEFAULT '0'",
					'data' => "LONGTEXT",
				],
				'totp_secrets' => [
					'uid' => "VARCHAR(50) NOT NULL PRIMARY KEY", 
					'secret' => "VARCHAR(30)", 
					'datetime' => "DATETIME", 
					'ip_address' => "VARCHAR(30)",
				]

rpierce · Post by **rpierce** » 2025-08-22 17:48

How do I change the language to English in the authentiocation setup?? It sems top be in German

rpierce · Post by **rpierce** » 2025-08-22 18:05

Also, this authenticator seems to be optional for users. Is there a way to force authentication every time a user logs on?

onoehring · Post by **onoehring** » 2025-08-23 07:57

Hi,

the file setup_googleauth.php does load

Code: Select all

include("{$hooks_dir}/../language.php");

Thus, the language could be english.

If you want to "translate" it, I suggest going the correct way.

In the file language.phg mentioned above are the text strings defined like this:

Code: Select all

$Translation = [
	'language' => 'english',
	'membership management' => 'Membership Management',
	'password mismatch' => "Password doesn't match.",
	'error' => 'Error',

So, if you want to output "Password doesn't match.", you need to use this in the code:

Code: Select all

echo $Translation['password mismatch']

So, to translate from german to an(y)other language, you need two things:
a) add something like this

Code: Select all

echo $Translation['twofactorauthentication']

to the setup_googleauth.php in the specific positions.

b) add

Code: Select all

'twofactorauthentication'='Zwei Faktor Prüfung'

to the language.php.

Take care: language.php MAY be replaced when you regenerate your application. So: make a copy and paste it back after generation.

Currently I am not sure how to force users (in an easy way) to use 2FA. Probably after signing in, check if 2FA is used, if not, set a PHP variable, forward them to setup 2FA and sign them out afterwards (if that php variable is set). Then, they need to sign in again - this time using 2FA.

Olaf

ppfoong · Post by **ppfoong** » 2025-08-23 08:04

rpierce wrote: ↑
2025-08-22 15:42
Thank you both for the replies.
ppfoong, what is AdminLTE and Admiro?
Olaf, I will look at the link you provided. Thank you!

Ray

AdminLTE is a Plugin, with its discussion thread here:
https://forums.appgini.com/phpbb/viewto ... =12&t=4792

Admiro is a newer Plugin similar to AdminLTE, with its discussion thread here:
https://forums.appgini.com/phpbb/viewto ... =12&t=5500

AppGini Community Forums

Multi Factor Authentication

Multi Factor Authentication

Re: Multi Factor Authentication

Re: Multi Factor Authentication

Re: Multi Factor Authentication

Re: Multi Factor Authentication

Re: Multi Factor Authentication

Re: Multi Factor Authentication

Re: Multi Factor Authentication

Re: Multi Factor Authentication

Re: Multi Factor Authentication

Re: Multi Factor Authentication