From 00456a35e54f147b1dde6aaca34906fc8577f2df Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Wed, 13 Dec 2023 16:20:28 +0100
Subject: [PATCH] fix 2fa login when using email validation, thx to wysiwtf;
 adjusting row-format of larger tables

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 index.php                                  | 19 +++++++++----------
 install/froxlor.sql.php                    |  6 +++---
 install/updates/froxlor/update_2.1.inc.php | 11 +++++++++++
 lib/Froxlor/Froxlor.php                    |  2 +-
 4 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/index.php b/index.php
index 17554a95e8..5cccab8f86 100644
--- a/index.php
+++ b/index.php
@@ -74,27 +74,26 @@
 	$code = isset($_POST['2fa_code']) ? $_POST['2fa_code'] : null;
 	// verify entered code
 	$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
-	$result = ($_SESSION['secret_2fa'] == 'email' ? true : $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3));
 	// get user-data
 	$table = $_SESSION['uidtable_2fa'];
 	$field = $_SESSION['uidfield_2fa'];
 	$uid = $_SESSION['uid_2fa'];
 	$isadmin = $_SESSION['unfo_2fa'];
+	if ($_SESSION['secret_2fa'] == 'email') {
+		// verify code set to user's data_2fa field
+		$sel_stmt = Database::prepare("SELECT `data_2fa` FROM " . $table . " WHERE `" . $field . "` = :uid");
+		$userinfo_code = Database::pexecute_first($sel_stmt, ['uid' => $uid]);
+		$result = $tfa->verifyCode($userinfo_code['data_2fa'], $code);
+	} else {
+		$result = $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3);
+	}
 	// either the code is valid when using authenticator-app, or we will select userdata by id and entered code
 	// which is temporarily stored for the customer when using email-2fa
 	if ($result) {
 		$sel_param = [
 			'uid' => $uid
 		];
-		if ($_SESSION['secret_2fa'] == 'email') {
-			// verify code by selecting user by id and the temp. stored code,
-			// so only if it's the correct code, we get the user-data
-			$sel_stmt = Database::prepare("SELECT * FROM " . $table . " WHERE `" . $field . "` = :uid AND `data_2fa` = :code");
-			$sel_param['code'] = $code;
-		} else {
-			// Authenticator-verification has already happened at this point, so just get the user-data
-			$sel_stmt = Database::prepare("SELECT * FROM " . $table . " WHERE `" . $field . "` = :uid");
-		}
+		$sel_stmt = Database::prepare("SELECT * FROM " . $table . " WHERE `" . $field . "` = :uid");
 		$userinfo = Database::pexecute_first($sel_stmt, $sel_param);
 		// whoops, no (valid) user? Start again
 		if (empty($userinfo)) {
diff --git a/install/froxlor.sql.php b/install/froxlor.sql.php
index eb05ea49f7..2b881fc659 100644
--- a/install/froxlor.sql.php
+++ b/install/froxlor.sql.php
@@ -157,7 +157,7 @@
   `api_allowed` tinyint(1) NOT NULL default '1',
    PRIMARY KEY  (`adminid`),
    UNIQUE KEY `loginname` (`loginname`)
-) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
+) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;
 
 
 DROP TABLE IF EXISTS `panel_customers`;
@@ -299,7 +299,7 @@
   KEY `customerid` (`customerid`),
   KEY `parentdomain` (`parentdomainid`),
   KEY `domain` (`domain`)
-) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
+) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;
 
 
 DROP TABLE IF EXISTS `panel_ipsandports`;
@@ -727,7 +727,7 @@
 	('panel', 'settings_mode', '0'),
 	('panel', 'menu_collapsed', '1'),
 	('panel', 'version', '2.1.1'),
-	('panel', 'db_version', '202312100');
+	('panel', 'db_version', '202312120');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
diff --git a/install/updates/froxlor/update_2.1.inc.php b/install/updates/froxlor/update_2.1.inc.php
index 07f96d0076..b16b147cc5 100644
--- a/install/updates/froxlor/update_2.1.inc.php
+++ b/install/updates/froxlor/update_2.1.inc.php
@@ -38,6 +38,7 @@
 
 if (Froxlor::isFroxlorVersion('2.0.24')) {
 	Update::showUpdateStep("Cleaning domains table");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ROW_FORMAT=DYNAMIC;");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` DROP COLUMN `ismainbutsubto`;");
 	Update::lastStepStatus(0);
 
@@ -253,3 +254,13 @@
 	}
 	Froxlor::updateToDbVersion('202312100');
 }
+
+if (Froxlor::isDatabaseVersion('202312100')) {
+
+	Update::showUpdateStep("Adjusting table row format of larger tables");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_ADMINS . "` ROW_FORMAT=DYNAMIC;");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ROW_FORMAT=DYNAMIC;");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202312120');
+}
diff --git a/lib/Froxlor/Froxlor.php b/lib/Froxlor/Froxlor.php
index 88d6a6e661..8c2ebc48ee 100644
--- a/lib/Froxlor/Froxlor.php
+++ b/lib/Froxlor/Froxlor.php
@@ -34,7 +34,7 @@ final class Froxlor
 	const VERSION = '2.1.1';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '202312100';
+	const DBVERSION = '202312120';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';