fix 2fa code verification if method==email for changing system-critic…

…al settings Signed-off-by: Michael Kaufmann <[email protected]>
froxlor · Nov 8, 2023 · 0dd20bc · 0dd20bc
1 parent f71ee9f
commit 0dd20bc
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/lib/Froxlor/CurrentUser.php b/lib/Froxlor/CurrentUser.php
@@ -187,7 +187,8 @@ public static function sendOtpEmail()
 		if (self::getField('type_2fa') == 1) {
 			// generate code
 			$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
-			$code = $tfa->getCode($tfa->createSecret());
+			$secret = $tfa->createSecret();
+			$code = $tfa->getCode($secret);
 			// set code for user
 			$table = TABLE_PANEL_CUSTOMERS;
 			$uid = 'customerid';
@@ -197,7 +198,7 @@ public static function sendOtpEmail()
 			}
 			$stmt = Database::prepare("UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid");
 			Database::pexecute($stmt, [
-				"d2fa" => $code,
+				"d2fa" => $secret,
 				"uid" => self::getField($uid)
 			]);
 			// build up & send email