prepare("SELECT * FROM sessions WHERE userId = :uid AND valid AND created+157700000 > UNIX_TIMESTAMP() AND lastonline+432000 > UNIX_TIMESTAMP() ORDER BY created DESC"); $sessions->bindParam(":uid", $userinfo->id, PDO::PARAM_INT); $sessions->execute(); $twofa = SESSION["2fa"]; $twofaSecret = $userinfo->twofaSecret; //2fa stuff is not done dynamically cause 1. its less hassle and 2. because the 2fa panel is the default panel shown in the security area its basically seamless anyway so ehh if(isset($_POST["2fa"])) { $csrf = $_POST['polygon_csrf'] ?? false; $code = $_POST['code'] ?? false; $password = $_POST['password'] ?? false; if($csrf != SESSION["csrfToken"]) { pageBuilder::showStaticNotification("error", "Invalid CSRF token"); goto pb; } if(!$gauth->checkCode($twofaSecret, $code, 1)) { pageBuilder::showStaticNotification("error", "Incorrect code"); goto pb; } if(!password_verify($password, $userinfo->password)) { pageBuilder::showStaticNotification("error", "Incorrect password"); goto pb; } twofa::toggle(); $twofa = !SESSION["2fa"]; if($twofa) { $recoveryCodes = twofa::generateRecoveryCodes(); ob_start(); ?> Congratulations! Your account is now more secure. But, before you go there's one last thing which is really important.

If all else fails, if you just cannot regain access to your 2FA app codes, you can use a 2FA recovery code.

These are a set of static, one-time use codes that never expire unless they are used or you re-enable 2FA. You can use these to get back into your account without the need of a 2FA app.

This is the only time you'll ever see these here, so write them down somewhere now. twofa) { $twofaSecret = $gauth->generateSecret(); $query = $pdo->prepare("UPDATE users SET twofaSecret = :secret WHERE id = :uid"); $query->bindParam(":uid", $userinfo->id, PDO::PARAM_INT); $query->bindParam(":secret", $twofaSecret, PDO::PARAM_STR); $query->execute(); } pb: pageBuilder::$pageConfig["title"] = "My Account"; pageBuilder::buildHeader(); ?>

My Account

Settings

Blurb

1000 characters max, Markdown is supported

Filter

filter?' checked':''?> value="true">

[ this replaces words with baba booey ]

Transitions

pageanim?' checked':''?> value="true">

[ this plays a sliding transition on page loading ]

Security

Two-Factor Authentication is currently active. If you wish to disable it, just fill in the fields below.

If you disable 2FA your old recovery codes will be invalidated, so just be mindful of that.

It is highly recommended to use a two-factor authentication app that supports backups so that in the event that you lose access to the app or something, you can still get your codes back. Authy is an excellent one.

">

Scan the QR code with your authenticator app of choice.

This changes with every page refresh, so be careful.

There's also a manual key here if you prefer that:

Current Password

New Password

8 - 64 characters, must have at least 6 characters and 2 numbers

Confirm New Password

fetch(PDO::FETCH_OBJ)) { $ipInfo = general::getIpInfo($session->loginIp); $browserInfo = get_browser($session->userAgent); ?>

device_type?> / browser?>

platform?> - unofficial_names[0]?>
Started created)?>
sessionKey == $_COOKIE['polygon_session']){ ?>This is your current session Last seen: lastonline)?>