Instructions

Add-on Details

The Two-factor Authentication add-on will require the user to provide a code if the IP address has changed, this code is sent to the user's email address.

How To Add

In phpMyAdmin select the "phplogin" database and import the "twofactor.sql" SQL file.

Copy both the "twofactor.html" and "twofactor.php" files to your "phplogin" directory.

Edit the "authenticate.php" file and find this line:

echo 'Please activate your account to login! Click <a href="resendactivation.php">here</a> to resend the activation email.';

Add After:

} else if ($_SERVER['REMOTE_ADDR'] != $account['ip']) {
	// Two-factor authentication required
	$_SESSION['tfa_code'] = uniqid();
	$_SESSION['tfa_email'] = $account['email'];
	$_SESSION['tfa_id'] = $account['id'];
	echo 'tfa: twofactor.php';

Edit the "index.php" file and find this line:

window.location.href = "home.php";

Add after:

} else if (result.includes("tfa:")) {
    window.location.href = result.replace("tfa: ", "");

Edit the "register-process.php" file and find this line:

$stmt = $pdo->prepare('INSERT INTO accounts (username, password, email, activation_code, role, registered, last_seen) VALUES (?, ?, ?, ?, ?, ?, ?)');

Replace with:

$stmt = $pdo->prepare('INSERT INTO accounts (username, password, email, activation_code, role, registered, last_seen, ip) VALUES (?, ?, ?, ?, ?, ?, ?, ?)');

Find this line:

$stmt->execute([ $_POST['username'], $password, $_POST['email'], $uniqid, $role, $date, $date ]);

Replace with:

$ip = $_SERVER['REMOTE_ADDR'];
$stmt->execute([ $_POST['username'], $password, $_POST['email'], $uniqid, $role, $date, $date, $ip ]);