Sindbad~EG File Manager
<?php
/**
* Install Two-Factor Authentication System
*/
require_once 'config/config.php';
if (!isLoggedIn() || !isSuperuser()) {
die('Access denied. Superuser access required.');
}
$db = Database::getInstance()->getConnection();
$success = [];
$errors = [];
try {
// Read and execute SQL file
$sql = file_get_contents(__DIR__ . '/sql/two_factor_auth.sql');
// Split by semicolon and execute each statement
$statements = array_filter(array_map('trim', explode(';', $sql)));
$tableCount = 0;
$settingCount = 0;
foreach ($statements as $statement) {
if (!empty($statement)) {
try {
$db->exec($statement);
// Count what was created
if (stripos($statement, 'CREATE TABLE') !== false) {
$tableCount++;
} elseif (stripos($statement, 'INSERT INTO system_settings') !== false) {
$settingCount++;
}
} catch (PDOException $e) {
// Skip if already exists errors
if (strpos($e->getMessage(), 'already exists') === false &&
strpos($e->getMessage(), 'Duplicate') === false) {
throw $e;
}
}
}
}
$success[] = "✅ Created {$tableCount} database tables";
if ($settingCount > 0) {
$success[] = "✅ Added system settings";
}
// Register Security module
$stmt = $db->prepare("SELECT id FROM module_management WHERE module_name = 'Security Settings'");
$stmt->execute();
if (!$stmt->fetch()) {
$stmt = $db->prepare("
INSERT INTO module_management (
module_name, module_description, module_url, module_icon,
is_active, required_role, display_order, created_at
) VALUES (
'Security Settings',
'Manage two-factor authentication and security settings',
'modules/security/two-factor-auth.php',
'shield-alt',
1,
'superuser',
190,
NOW()
)
");
$stmt->execute();
$moduleId = $db->lastInsertId();
// Add module access
$stmt = $db->prepare("
INSERT INTO module_access_levels (module_id, access_level, is_enabled)
VALUES (?, 'superuser', 1)
");
$stmt->execute([$moduleId]);
$success[] = "✅ Security module registered";
} else {
$success[] = "ℹ️ Security module already registered";
}
echo "<h2 style='color: green;'>✅ 2FA System Installed Successfully!</h2>";
} catch (Exception $e) {
$errors[] = $e->getMessage();
echo "<h2 style='color: red;'>❌ Installation Failed</h2>";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Install Two-Factor Authentication</title>
<style>
body {
font-family: Arial, sans-serif;
max-width: 1000px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.card {
background: white;
padding: 30px;
border-radius: 16px;
box-shadow: 0 4px 12px rgba(0,0,0,0.1);
margin-bottom: 20px;
}
h1, h2, h3 {
color: #333;
}
ul {
line-height: 2;
}
.success {
color: #10B981;
}
.error {
color: #EF4444;
background: #FEE2E2;
padding: 15px;
border-radius: 8px;
margin: 10px 0;
}
table {
width: 100%;
border-collapse: collapse;
margin: 20px 0;
}
table th {
background: #f9fafb;
padding: 12px;
text-align: left;
border: 1px solid #e5e7eb;
}
table td {
padding: 10px;
border: 1px solid #e5e7eb;
}
.badge {
display: inline-block;
padding: 4px 12px;
border-radius: 12px;
font-size: 12px;
font-weight: bold;
}
.badge-blue {
background: #DBEAFE;
color: #1E40AF;
}
.badge-green {
background: #D1FAE5;
color: #059669;
}
.badge-yellow {
background: #FEF3C7;
color: #D97706;
}
code {
background: #f3f4f6;
padding: 2px 6px;
border-radius: 4px;
font-family: 'Courier New', monospace;
}
</style>
</head>
<body>
<div class="card">
<h1>🔐 Two-Factor Authentication Installation</h1>
<?php if (!empty($success)): ?>
<h3>Installation Log:</h3>
<ul>
<?php foreach ($success as $item): ?>
<li class="success"><?php echo $item; ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
<?php if (!empty($errors)): ?>
<h3 style="color: #EF4444;">Errors:</h3>
<?php foreach ($errors as $error): ?>
<div class="error"><?php echo htmlspecialchars($error); ?></div>
<?php endforeach; ?>
<?php endif; ?>
</div>
<?php if (empty($errors)): ?>
<div class="card">
<h2>📋 What Was Installed</h2>
<h3>Database Tables Created:</h3>
<table>
<tr>
<th>Table</th>
<th>Description</th>
</tr>
<tr>
<td><code>system_settings</code></td>
<td>Key-value store for system-wide settings</td>
</tr>
<tr>
<td><code>user_2fa_settings</code></td>
<td>2FA settings for admin users</td>
</tr>
<tr>
<td><code>member_2fa_settings</code></td>
<td>2FA settings for members</td>
</tr>
<tr>
<td><code>two_factor_attempts</code></td>
<td>Log of all 2FA verification attempts</td>
</tr>
<tr>
<td><code>otp_codes</code></td>
<td>Temporary OTP codes for email/SMS</td>
</tr>
</table>
<h3>System Settings Added:</h3>
<ul>
<li><code>2fa_enforced_admin</code> - Require 2FA for all admins</li>
<li><code>2fa_enforced_member</code> - Require 2FA for all members</li>
<li><code>2fa_grace_period_days</code> - Days before enforcement</li>
<li><code>2fa_backup_codes_count</code> - Number of backup codes</li>
<li><code>otp_expiry_minutes</code> - OTP code expiry time</li>
<li><code>otp_length</code> - Length of OTP codes</li>
</ul>
</div>
<div class="card">
<h2>🎯 2FA Methods Available</h2>
<table>
<tr>
<th>Method</th>
<th>Type</th>
<th>Description</th>
<th>Recommended For</th>
</tr>
<tr>
<td>
<i class="fas fa-mobile-alt"></i> <strong>Authenticator App (TOTP)</strong>
<span class="badge badge-blue">Primary</span>
</td>
<td>Time-based OTP</td>
<td>Google Authenticator, Authy, Microsoft Authenticator</td>
<td>All users - Most secure</td>
</tr>
<tr>
<td>
<i class="fas fa-envelope"></i> <strong>Email OTP</strong>
<span class="badge badge-green">Backup</span>
</td>
<td>Email code</td>
<td>Receive 6-digit code via email</td>
<td>Users without smartphone</td>
</tr>
<tr>
<td>
<i class="fas fa-sms"></i> <strong>SMS OTP</strong>
<span class="badge badge-green">Backup</span>
</td>
<td>Text message</td>
<td>Receive 6-digit code via SMS</td>
<td>Users without smartphone</td>
</tr>
<tr>
<td>
<i class="fas fa-key"></i> <strong>Backup Codes</strong>
<span class="badge badge-yellow">Recovery</span>
</td>
<td>One-time codes</td>
<td>10 single-use recovery codes</td>
<td>Emergency access</td>
</tr>
</table>
</div>
<div class="card">
<h2>🚀 How to Enable 2FA</h2>
<h3>For Admin Users:</h3>
<ol>
<li>Go to <strong>Dashboard → Security Settings</strong></li>
<li>Choose your preferred 2FA method</li>
<li>Follow the setup wizard</li>
<li>Save your backup codes securely</li>
<li>Test login with 2FA enabled</li>
</ol>
<h3>For Members:</h3>
<ol>
<li>Login to member portal</li>
<li>Go to <strong>Account Settings → Security</strong></li>
<li>Enable two-factor authentication</li>
<li>Choose method and complete setup</li>
<li>Save backup codes</li>
</ol>
</div>
<div class="card">
<h2>🔄 Login Flow with 2FA</h2>
<table>
<tr>
<th>Step</th>
<th>Action</th>
<th>What Happens</th>
</tr>
<tr>
<td>1</td>
<td>Enter username & password</td>
<td>Normal login validation</td>
</tr>
<tr>
<td>2</td>
<td>System checks if 2FA enabled</td>
<td>Redirects to verification page if enabled</td>
</tr>
<tr>
<td>3</td>
<td>Enter 6-digit code</td>
<td>TOTP from app, or OTP from email/SMS</td>
</tr>
<tr>
<td>4</td>
<td>Code verification</td>
<td>Access granted if code is valid</td>
</tr>
<tr>
<td>Alternative</td>
<td>Use backup code</td>
<td>Single-use 8-character code</td>
</tr>
</table>
</div>
<div class="card">
<h2>⚙️ Next Steps</h2>
<h3>1. Integrate Login Pages</h3>
<p>Update <code>login.php</code> and <code>members/login.php</code> to check for 2FA after successful password verification.</p>
<h3>2. Test the System</h3>
<ol>
<li>Enable 2FA on a test account</li>
<li>Logout and login again</li>
<li>Verify that 2FA verification page appears</li>
<li>Test with authenticator app</li>
<li>Test with backup code</li>
<li>Test with email OTP</li>
</ol>
<h3>3. Configure SMS Provider (Optional)</h3>
<p>Edit <code>classes/TwoFactorAuth.php</code> method <code>sendSMSOTP()</code> to integrate with your SMS provider (Twilio, etc.)</p>
<h3>4. Enforce 2FA (Optional)</h3>
<p>Go to <strong>System Settings</strong> and enable:</p>
<ul>
<li><code>2fa_enforced_admin</code> - Require all admins to use 2FA</li>
<li><code>2fa_enforced_member</code> - Require all members to use 2FA</li>
</ul>
</div>
<div class="card">
<h2>📱 Recommended Authenticator Apps</h2>
<ul>
<li><strong>Google Authenticator</strong> - iOS & Android</li>
<li><strong>Microsoft Authenticator</strong> - iOS & Android</li>
<li><strong>Authy</strong> - iOS, Android, Desktop</li>
<li><strong>1Password</strong> - Premium with TOTP support</li>
<li><strong>LastPass Authenticator</strong> - iOS & Android</li>
</ul>
</div>
<div class="card">
<h2>🛡️ Security Best Practices</h2>
<ul>
<li>✅ Use TOTP (Authenticator App) as primary method</li>
<li>✅ Always save backup codes in a secure location</li>
<li>✅ Use email OTP as fallback option</li>
<li>✅ Enable 2FA for all admin accounts</li>
<li>✅ Regularly review 2FA attempt logs</li>
<li>✅ Educate users about 2FA importance</li>
<li>❌ Never share backup codes</li>
<li>❌ Don't screenshot QR codes and share them</li>
</ul>
</div>
<hr style="margin: 40px 0;">
<p style="text-align: center;">
<a href="modules/security/two-factor-auth.php"
style="display: inline-block; background: linear-gradient(135deg, #1E40AF 0%, #9333EA 100%); color: white; padding: 12px 24px; border-radius: 8px; text-decoration: none; font-weight: bold; margin-right: 10px;">
<i class="fas fa-shield-alt mr-2"></i>Set Up My 2FA
</a>
<a href="dashboard.php"
style="display: inline-block; background: linear-gradient(135deg, #10B981 0%, #059669 100%); color: white; padding: 12px 24px; border-radius: 8px; text-decoration: none; font-weight: bold;">
<i class="fas fa-home mr-2"></i>Go to Dashboard
</a>
</p>
<p style="color: #666; margin-top: 30px; text-align: center; font-size: 14px;">
<strong>Note:</strong> You can delete this file (install_2fa.php) after successful installation.
</p>
<?php endif; ?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists