openfactory-ch / whmcs-oath-addon Goto Github PK

Can this module be used alongside with the new WHMCS Sign-In Integrations?
https://blog.whmcs.com/132509/feature-spotlight-sign-in-integrations

When configuring 2FA for the client. Once you try to log in, and ask for the 6-digit token, simply click on any of the registered client-side services, which will no longer be requested token (even if it has never been typed).

The token is only requested on the login screen, and no other token is requested (even though you have not typed in the access before).

There is a remember me option in WHMCS Admin area but If you close browser and reopen then it ask for OATH code.

Please provide a option for people who wish to use Remember me option so code will be not asked to them.
Same feature as Google Gmail uses, If you do not remove cookies then it does not ask for code and only ask for auth for first time singing, If cookie removed then you will need to provide auth code but If you only close browser then gmail does not ask for 2fa code.

I have set correction content in Authenticator App, First Line Company and bottom of code your User name

• Replace this code in line 46, 47

$user = get_query_val('tblclients', 'email', "id = ".$_SESSION['uid']); $company = get_query_val('tblconfiguration', 'value', "setting = 'CompanyName'"); QRcode::png('otpauth://totp/' . $user . '?issuer=' . urlencode($company) . '&secret=' . $_GET['secret']);

• Replace this code in line 170,171

$user = get_query_val('tbladmins', 'username', "id = ".$_SESSION['adminid']); $company = get_query_val('tblconfiguration', 'value', "setting = 'CompanyName'"); QRcode::png('otpauth://totp/' . $user . '?issuer=' . urlencode($company) . '&secret=' . $_GET['secret']);

Full download project correction: https://github.com/aminmahdi/whmcs-oath-addon

Hi,
is it possible to integrate it directly into WHMCS Login mask?
As with this, i am theoretically already inside of WHMCS.
I could see open tickets/ Invoices etc.
Or maybe just change Layout instead of not loading whole admin Template/ Sidebar etc.
Just have Passwort Field with some Text above. nothing else.

Currently when disabling the 2FA on client side there is no step asking for the code a last time -> it directly disables. So for disabling 2FA only a valid session required. I think that this is not enough. Disabling the 2FA should be the same security as like the normal login.

Should disabling the 2FA need the a valid Code for confirmation? Discussion open :)

Hello,
Im using WHMCS 7.1 Updated version and when im trying to scan QR code on my phone the following error shows on Google Authenticator app "Cannot interpret QR code" only at Admin panel, Client area version is working.

I have tried the following solutions:

1. Open the clientareaoath.tpl with notepad++

Find This Line :

Change TO :

2. Open the oath.php with notepad++ v.b

Find This Line : echo '';

Change TO : echo '';

Also i pressed ctrl + f5 to refresh multiple times.

None of above tips are working, kindly guide me through.
Screenshot attached.

4 years ago I asked to obtain maintainership of this addon from the former developer but I haven't touched the code for some time. Meanwhile issues and PR keep coming, but I have no way to test any change nor resources to keep the repository in a healthy state. While the organisation probably still uses this addon, it seems no-one can step in an keep maintaining it.

I'd like to give this this project in new hands.

When enabling for admin users the title of the 2fa code on googles app is "Untitled"
Any ideas on where to set the site id or name for admin users?

Please find below the text for the Portuguese - Portugal (portuguese-pt.php) translation:

`<?php

$_ADDONLANG['incorrect']='O seu código estava incorreto.';
$_ADDONLANG['enterCodeNote']='Digite o código gerado pela sua aplicação móvel.';
$_ADDONLANG['enterCode']='Insira o seu código';
$_ADDONLANG['btnLogin']='Validar Autenticação';
$_ADDONLANG['enterEmCode']='Digite o seu código de emergência';
$_ADDONLANG['emLogin']='Acesso de Emergência';
$_ADDONLANG['lostDevice']='Perdeu o seu dispositivo móvel?';
$_ADDONLANG['inactive']='O suporte a Autenticação de 2 Factores está desactivado.';
$_ADDONLANG['disabled']='A Autenticação de 2 Factores está descativada.';
$_ADDONLANG['btnEnable']='Activar a Autenticação de 2 Factores';
$_ADDONLANG['scanNote']='Por favor digitalize este código QR com a sua aplicação de autenticação móvel.';
$_ADDONLANG['unableScan']='Se não for possível fazer scan do QR code, use este código:';
$_ADDONLANG['verify']='Código de Verificação';
$_ADDONLANG['recomApp']='App Recomendada';
$_ADDONLANG['enabled']='Autenticação de 2 Factores está activa de momento.';
$_ADDONLANG['emCode']='O seu código de emergência é';
$_ADDONLANG['emCodeNote']='Poderá usar este código se perder o seu dispositivo móvel.';
$_ADDONLANG['btnSecret']='Ver Código';
$_ADDONLANG['emCodeNote2']='Anote esta informação. Não será exibida novamente.';
$_ADDONLANG['btnDisable']='Desactivar Autenticação de 2 Factores';
$_ADDONLANG['note']='Nota: Quaisquer sub-utilizadores com acesso à sua conta terão que fornecer um token de autenticação de 2 factores.';

?>
`

one of my users got the error message from Google Authenticator that "Is unable to interpret this code"

In German, it was "Code kann nicht ausgewertet werden"

My WHMCS version is the newest 7.1

entering the code from hand worked

After I logged in like an customer link index.php?m=oath simply doesn't work. Anny suggestions?

For admins configuration works fine

@dionysius
I have add Persian (Farsi) language file.
https://github.com/aminmahdi/whmcs-oath-addon
Good Like 👍

There is no translation of the page title in the clientarea:

['pagetitle'] = 'Two-Factor Login Verification';

Line 66,67,88

Hello, my server index is broken and when always you try to access it, you get returned to the client area. There is anyway to redirect this to the client area directly, any way to allow my customers to use this without redirecting them to index?
Or you can help me fixing this index error I have with whmcs, thanks.

Hello thank you for this great module I translated it into my language so I share it for you.
https://pastebin.com/dYukM19j

I found a bug affecting sub-accounts. If the client with the user id "1234" activates 2FA, when someone with the sub-account id "1234" tries to login, it will be requested to pass the 2FA.

Hello, I'm using WHMCS 7.1 and always I try to read a code it says it's weong, and whne I type it manually it says that that's not the code.

Hello I created a file with Portuguese-br.php name with translation and did not work.
portuguese-br.zip

The name of the WHMCS site is blank so there is no way to know if the code belong to WHMCS or not. I have attached a screenshot and you can see via the arrows that Wordpress appears and Amazon in my Google Authenticator

but no name for WHMCS

Hello,

Authenticator working for me but a little problem.

I'm verifying with Google Authenticator.

But when I enter the code it says wrong code.

Fixed : Your phone needs to be connected to the internete and get the date and time of the google authenticator online.