<?php
//    MyDMS. Document Management System
//    Copyright (C) 2002-2005  Markus Westphal
//    Copyright (C) 2006-2008 Malcolm Cowe
//    Copyright (C) 2009-2012 Uwe Steinmann
//
//    This program is free software; you can redistribute it and/or modify
//    it under the terms of the GNU General Public License as published by
//    the Free Software Foundation; either version 2 of the License, or
//    (at your option) any later version.
//
//    This program is distributed in the hope that it will be useful,
//    but WITHOUT ANY WARRANTY; without even the implied warranty of
//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//    GNU General Public License for more details.
//
//    You should have received a copy of the GNU General Public License
//    along with this program; if not, write to the Free Software
//    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

include("../inc/inc.Settings.php");
include("../inc/inc.LogInit.php");
include("../inc/inc.Language.php");
include("../inc/inc.Init.php");
include("../inc/inc.Extension.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
include("../inc/inc.ClassPasswordStrength.php");
include("../inc/inc.ClassPasswordHistoryManager.php");

if ($user->isGuest()) {
	UI::exitError(getMLText("2_factor_auth"),getMLText("access_denied"));
}

$action = !empty($_POST['action']) ? $_POST['action'] : '';
switch($action) {
	case "test":
		if($user->getSecret()) {
			$tfa = new \RobThree\Auth\TwoFactorAuth(new \RobThree\Auth\Providers\Qr\BaconQrCodeProvider());
			header('Content-Type: application/json');
			if($tfa->verifyCode($user->getSecret(), $_POST['code']) !== true) {
				echo json_encode(array('success'=>false, 'message'=>getMLText("2_factor_auth_test_failed"), 'data'=>$_POST['code']));
			} else {
				echo json_encode(array('success'=>true, 'message'=>getMLText("2_factor_auth_test_succeeded")));
			}
			exit;
		}
		break;
	case "removesecret":
		if(!checkFormKey('removesecret')) {
			UI::exitError(getMLText("2_factor_auth"),getMLText("invalid_request_token"));
		}
		if(empty($_POST['confirm'])) {
			$session->setSplashMsg(array('type'=>'error', 'msg'=>getMLText('2_factor_auth_rm_secret_no_confirm')));
		} else {
			$user->setSecret('');
		}
		header("Location:../out/out.Setup2Factor.php");
		break;
	default:
		$secret = $_POST["secret"];

		$user->setSecret($secret);

		header("Location:../out/out.Setup2Factor.php");
}