Current Path : /var/www/www-root/data/webdav/www/www.monolith-realty.ru/bitrix/otp/ws/ |
Current File : /var/www/www-root/data/webdav/www/www.monolith-realty.ru/bitrix/otp/ws/index.php |
<? header('Access-Control-Allow-Origin: *'); if($_SERVER["REQUEST_METHOD"]=="OPTIONS") { header('Access-Control-Allow-Methods: POST, OPTIONS'); header('Access-Control-Max-Age: 60'); //header('Access-Control-Allow-Headers: *'); header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept'); die(''); } define("NOT_CHECK_PERMISSIONS", true); define("ADMIN_SECTION",false); require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php"); if(($_POST['action']!='register' && $_POST['action']!='unregister') || $_POST['secret']=="") { CHTTP::SetStatus("403 Forbidden"); die(); } if($USER->Login($_POST['login'], $_POST['password']) !== true) { if($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) { $CAPTCHA_CODE = $APPLICATION->CaptchaGetCode(); echo "{'captchaCode': '".$CAPTCHA_CODE."'};"; } CHTTP::SetStatus("401 Unauthorized"); die(); } if(!CModule::IncludeModule("security")) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die(); } if(!\Bitrix\Security\Mfa\Otp::isOtpEnabled()) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die(); } if($_POST['action']!='register') $_POST['secret']=""; $isUpdated = CSecurityUser::update(array( "USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y", "TYPE" => \Bitrix\Security\Mfa\Otp::TYPE_HOTP // Bitrix.OTP use HOTP )); if(!$isUpdated) { //print_r($APPLICATION->GetException()); CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die(); } $USER->Logout(); ?>