"My Account"]); $panel = "Settings"; $userinfo = (object)SESSION["user"]; $discordinfo = (object) [ "info" => NULL, "key" => $userinfo->discordKey, "timeVerified" => $userinfo->discordVerifiedTime ]; if ($discordinfo->key == NULL) { $discordinfo->key = generateUUID(); Database::singleton()->run( "UPDATE users SET discordKey = :key WHERE id = :id", [":key" => $discordinfo->key, ":id" => $userinfo->id] ); } else if ($userInfo->discordID != NULL) { $discordinfo->info = Discord::GetUserInfo($userinfo->discordID); } $gauth = new GoogleAuthenticator(); $twofa = SESSION["user"]["twofa"]; $twofaSecret = $userinfo->twofaSecret; $sessions = Database::singleton()->run( "SELECT * FROM sessions WHERE userId = :uid AND valid AND created+157700000 > UNIX_TIMESTAMP() AND lastonline+432000 > UNIX_TIMESTAMP() ORDER BY created DESC", [":uid" => $userinfo->id] ); $Fields = (object) [ "Code" => "", "Password" => "" ]; $Errors = (object) [ "Code" => false, "Password" => false ]; $RequestSent = false; //2fa stuff is not done via ajax cuz am lazy if ($_SERVER["REQUEST_METHOD"] == "POST") { $RequestSent = true; $panel = "2FA"; $csrf = $_POST['polygon_csrf'] ?? false; $Fields->Code = $_POST['code'] ?? "false"; $Fields->Password = $_POST['password'] ?? "false"; $auth = new Password($Fields->Password); if($csrf != SESSION["csrfToken"]) $Errors->Password = "An unexpected error occurred"; if(!$gauth->checkCode($twofaSecret, $Fields->Code, 1)) $Errors->Code = "Incorrect code"; if(!$auth->verify($userInfo->password)) $Errors->Password = "Incorrect password"; if(!$Errors->Code && !$Errors->Password) { $twofa = !SESSION["user"]["twofa"]; Database::singleton()->run( "UPDATE users SET twofa = :2fa WHERE id = :uid", [":2fa" => (int)$twofa, ":uid" => SESSION["user"]["id"]] ); if ($twofa) { $recoveryCodes = str_split(bin2hex(random_bytes(60)), 12); Database::singleton()->run( "UPDATE users SET twofaRecoveryCodes = :json WHERE id = :uid", [":json" => json_encode(array_fill_keys($recoveryCodes, true)), ":uid" => SESSION["user"]["id"]] ); ob_start(); ?> Congratulations! Your account is now more secure. But before you go, there's one last thing:

If you can't get a code from your 2FA app for whatever reason, you can use a 2FA recovery code.

These are a set of static, one-time use codes that never expire unless they are used or you disable 2FA. You can use these to get back into your account without the need of a 2FA app.

This is the only time you'll ever see these here, so write them down somewhere now. showStaticModal([ "header" => "Two-Factor Authentication is active", "body" => ob_get_clean(), "buttons" => [["class" => "btn btn-primary", "dismiss" => true, "text" => "I understand"]], "options" => ["show" => true, "backdrop" => "static"] ]); } } } if (!$twofa) { $twofaSecret = $gauth->generateSecret(); Database::singleton()->run( "UPDATE users SET twofaSecret = :secret WHERE id = :uid", [":secret" => $twofaSecret, ":uid" => SESSION["user"]["id"]] ); } $pageBuilder->buildHeader(); ?>

My Account

" id="settings" role="tabpanel" aria-labelledby="settings-tab" style="max-width:36rem;">

Blurb

1000 characters max

Theme

Note: the 2014 theme has some visual style issues

Filter

info == NULL) { ?>

Looks like you're not yet verified.

If you haven't joined the Discord server yet, join via the widget over by the side.

Once you join, the verification bot should DM you asking for your key, which is here:

PolygonVerify:key?>

Copy and send this to the bot in DMs, and you'll be in!

If the bot hasn't DMed you, it may be down. When it comes back online, just send a DM to the bot with your key.

info->username?>#info->tag?>

Verified timeVerified)?>

ID

If you wish to have your Discord account unverified so you can use another account, message an admin.

Current Password

New Password

8 - 64 characters, must have at least 6 characters and 2 numbers

Confirm Password

" id="twofa" role="tabpanel" aria-labelledby="twofa-tab" style="max-width:36rem;">

Two-Factor Authentication is currently active. If you wish to disable it, just fill in the fields below.

Keep in mind that disabling 2FA will invalidate your recovery codes. If you re-enable it, use the new ones it gives you.

Use a two-factor authentication app that has backups (Authy is a good one), so you don't have to worry about being unable to log in if you lose your device.

">

Scan the QR code with your authenticator app of choice.

This changes with every page refresh, so be careful.

There's also a manual key here if you prefer that:

fetch(\PDO::FETCH_OBJ)) { /* $ipInfo = Polygon::getIpInfo($session->loginIp); */ $browserInfo = get_browser($session->userAgent); ?>

IsGameClient ? "Polygon Game Client" : "{$browserInfo->device_type} / {$browserInfo->browser}"?>

IsGameClient ? htmlspecialchars($session->userAgent) : $browserInfo->platform?>
Started created)?>
sessionKey == $_COOKIE['polygon_session']){ ?>This is your current session Last seen lastonline)?>

Data

If there's any data you wish to download and archive, you can do so here.

All forum data and archived Roblox audio assets will be publicly released in the Discord server.

Download

buildFooter(); ?>