fix: corrected check on 2FA token (#2943)

thorsten · May 6, 2024 · 5a2b537 · 5a2b537
1 parent 6a0a17a
commit 5a2b537
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/phpmyfaq/admin/index.php b/phpmyfaq/admin/index.php
@@ -138,12 +138,11 @@
 $faqusername = Filter::filterInput(INPUT_POST, 'faqusername', FILTER_SANITIZE_SPECIAL_CHARS);
 $faqpassword = Filter::filterInput(INPUT_POST, 'faqpassword', FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);
 $faqremember = Filter::filterInput(INPUT_POST, 'faqrememberme', FILTER_SANITIZE_SPECIAL_CHARS);
-
 $token = Filter::filterInput(INPUT_POST, 'token', FILTER_SANITIZE_SPECIAL_CHARS);
 $userid = Filter::filterInput(INPUT_POST, 'userid', FILTER_VALIDATE_INT);
 
 //
-// Logging user in if twofactor is enabled and token is given and validated, if not: returns error message
+// Logging user in if 2FA is enabled and token is given and validated, if not: returns error message
 //
 if (!is_null($token) && !is_null($userid)) {
     $user = new CurrentUser($faqConfig);

diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php
@@ -144,12 +144,12 @@
 }
 
 //
-// Validating token from 2FA if given; else: returns error message
+// Logging user in if 2FA is enabled and token is given and validated, if not: returns error message
 //
-if ($token !== '' && !is_null($userid)) {
+if (!is_null($token) && !is_null($userid)) {
+    $user = new CurrentUser($faqConfig);
+    $user->getUserById($userid);
     if (strlen((string) $token) === 6 && is_numeric((string) $token)) {
-        $user = new CurrentUser($faqConfig);
-        $user->getUserById($userid);
         $tfa = new TwoFactor($faqConfig);
         $res = $tfa->validateToken($token, $userid);
         if (!$res) {