Sindbad~EG File Manager
<?php
/**
* Update 2FA System to Support Multiple Methods
*/
require_once 'config/config.php';
if (!isLoggedIn() || !isSuperuser()) {
die('Access denied. Superuser access required.');
}
$db = Database::getInstance()->getConnection();
$updates = [];
$errors = [];
try {
// Check and add new columns to user_2fa_settings
$stmt = $db->query("SHOW COLUMNS FROM user_2fa_settings LIKE 'totp_enabled'");
if ($stmt->rowCount() == 0) {
$db->exec("
ALTER TABLE user_2fa_settings
ADD COLUMN primary_method ENUM('totp', 'email', 'sms') DEFAULT 'totp' COMMENT 'Preferred method' AFTER is_enabled,
ADD COLUMN totp_enabled TINYINT(1) DEFAULT 0 AFTER primary_method,
ADD COLUMN email_enabled TINYINT(1) DEFAULT 0 AFTER totp_enabled,
ADD COLUMN sms_enabled TINYINT(1) DEFAULT 0 AFTER email_enabled,
ADD COLUMN last_used_method VARCHAR(20) NULL AFTER last_used_at
");
// Migrate existing data
$db->exec("
UPDATE user_2fa_settings
SET primary_method = method,
totp_enabled = IF(method = 'totp', 1, 0),
email_enabled = IF(method = 'email', 1, 0),
sms_enabled = IF(method = 'sms', 1, 0)
WHERE method IS NOT NULL
");
$updates[] = "✅ Updated user_2fa_settings table with multi-method support";
} else {
$updates[] = "ℹ️ user_2fa_settings already has multi-method columns";
}
// Check and add new columns to member_2fa_settings
$stmt = $db->query("SHOW COLUMNS FROM member_2fa_settings LIKE 'totp_enabled'");
if ($stmt->rowCount() == 0) {
$db->exec("
ALTER TABLE member_2fa_settings
ADD COLUMN primary_method ENUM('totp', 'email', 'sms') DEFAULT 'totp' COMMENT 'Preferred method' AFTER is_enabled,
ADD COLUMN totp_enabled TINYINT(1) DEFAULT 0 AFTER primary_method,
ADD COLUMN email_enabled TINYINT(1) DEFAULT 0 AFTER totp_enabled,
ADD COLUMN sms_enabled TINYINT(1) DEFAULT 0 AFTER email_enabled,
ADD COLUMN last_used_method VARCHAR(20) NULL AFTER last_used_at
");
// Migrate existing data
$db->exec("
UPDATE member_2fa_settings
SET primary_method = method,
totp_enabled = IF(method = 'totp', 1, 0),
email_enabled = IF(method = 'email', 1, 0),
sms_enabled = IF(method = 'sms', 1, 0)
WHERE method IS NOT NULL
");
$updates[] = "✅ Updated member_2fa_settings table with multi-method support";
} else {
$updates[] = "ℹ️ member_2fa_settings already has multi-method columns";
}
echo "<h2 style='color: green;'>✅ Multi-Method 2FA Update Complete!</h2>";
} catch (Exception $e) {
$errors[] = $e->getMessage();
echo "<h2 style='color: red;'>❌ Update Failed</h2>";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Update 2FA - Multi-Method Support</title>
<style>
body {
font-family: Arial, sans-serif;
max-width: 900px;
margin: 50px auto;
padding: 20px;
background: #f5f5f5;
}
.card {
background: white;
padding: 30px;
border-radius: 16px;
box-shadow: 0 4px 12px rgba(0,0,0,0.1);
margin-bottom: 20px;
}
h2, h3 {
color: #333;
}
ul {
line-height: 2;
}
.success {
color: #10B981;
}
.error {
color: #EF4444;
background: #FEE2E2;
padding: 15px;
border-radius: 8px;
margin: 10px 0;
}
.feature {
background: #EEF2FF;
border-left: 4px solid #6366F1;
padding: 15px;
margin: 10px 0;
}
</style>
</head>
<body>
<div class="card">
<h1>🔐 Multi-Method 2FA Update</h1>
<?php if (!empty($updates)): ?>
<h3>Update Log:</h3>
<ul>
<?php foreach ($updates as $update): ?>
<li class="success"><?php echo $update; ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
<?php if (!empty($errors)): ?>
<h3 style="color: #EF4444;">Errors:</h3>
<?php foreach ($errors as $error): ?>
<div class="error"><?php echo htmlspecialchars($error); ?></div>
<?php endforeach; ?>
<?php endif; ?>
</div>
<?php if (empty($errors)): ?>
<div class="card">
<h2>🎉 What's New</h2>
<div class="feature">
<h3>✨ Multiple 2FA Methods at Once!</h3>
<p>Users can now enable <strong>all three methods</strong> simultaneously:</p>
<ul>
<li><strong>TOTP</strong> (Authenticator App) - Primary method</li>
<li><strong>Email OTP</strong> - Backup method</li>
<li><strong>SMS OTP</strong> - Backup method</li>
</ul>
<p>If one method fails (lost phone, no email access), users can switch to another!</p>
</div>
<div class="feature">
<h3>🔄 Seamless Method Switching</h3>
<p>During login verification:</p>
<ul>
<li>Choose which method to use with one click</li>
<li>Switch between methods if one isn't working</li>
<li>Each method verified independently</li>
</ul>
</div>
<div class="feature">
<h3>🛡️ Enhanced Security & Reliability</h3>
<ul>
<li><strong>No lockouts:</strong> Multiple fallback options</li>
<li><strong>Flexibility:</strong> Use whichever method is convenient</li>
<li><strong>Redundancy:</strong> If email is down, use TOTP or SMS</li>
<li><strong>Still have backup codes:</strong> Last resort recovery</li>
</ul>
</div>
</div>
<div class="card">
<h2>👥 User Experience</h2>
<h3>Setting Up Multiple Methods:</h3>
<ol>
<li>Go to Security Settings</li>
<li><strong>Enable TOTP</strong> (scan QR code)</li>
<li><strong>Enable Email OTP</strong> (verify email)</li>
<li><strong>Enable SMS OTP</strong> (verify phone)</li>
<li>All three are now active!</li>
</ol>
<h3>Login Flow with Multiple Methods:</h3>
<ol>
<li>Enter username & password</li>
<li>See verification page with <strong>method selector</strong></li>
<li>Choose: Authenticator | Email | SMS</li>
<li>Enter code from chosen method</li>
<li>Login complete!</li>
</ol>
<h3>Visual Method Selector:</h3>
<pre style="background: #f3f4f6; padding: 15px; border-radius: 8px;">
┌────────────────────────────────────────────────┐
│ Choose Verification Method: │
├────────────────────────────────────────────────┤
│ [📱 Authenticator] [📧 Email OTP] [📱 SMS OTP] │
└────────────────────────────────────────────────┘
</pre>
</div>
<div class="card">
<h2>🔧 Database Changes</h2>
<h3>New Columns Added:</h3>
<table border="1" cellpadding="10" style="width: 100%; border-collapse: collapse;">
<tr style="background: #f9fafb;">
<th>Column</th>
<th>Type</th>
<th>Purpose</th>
</tr>
<tr>
<td><code>primary_method</code></td>
<td>ENUM</td>
<td>User's preferred method (default choice)</td>
</tr>
<tr>
<td><code>totp_enabled</code></td>
<td>TINYINT</td>
<td>Is TOTP method enabled?</td>
</tr>
<tr>
<td><code>email_enabled</code></td>
<td>TINYINT</td>
<td>Is Email OTP enabled?</td>
</tr>
<tr>
<td><code>sms_enabled</code></td>
<td>TINYINT</td>
<td>Is SMS OTP enabled?</td>
</tr>
<tr>
<td><code>last_used_method</code></td>
<td>VARCHAR</td>
<td>Track which method was last used</td>
</tr>
</table>
<p><strong>Old 'method' column:</strong> Still exists for backward compatibility, migrated to new columns.</p>
</div>
<div class="card">
<h2>📊 Example Scenarios</h2>
<h3>Scenario 1: Comprehensive Setup</h3>
<p><strong>User enables:</strong> TOTP + Email + SMS</p>
<ul>
<li>✅ Normally uses TOTP (fastest)</li>
<li>✅ If phone dies → Use Email OTP</li>
<li>✅ If no email access → Use SMS OTP</li>
<li>✅ If all fail → Use backup code</li>
</ul>
<h3>Scenario 2: TOTP + Email Only</h3>
<p><strong>User enables:</strong> TOTP + Email</p>
<ul>
<li>✅ Primary: TOTP from phone</li>
<li>✅ Backup: Email OTP</li>
<li>✅ Recovery: Backup codes</li>
</ul>
<h3>Scenario 3: Email + SMS (No TOTP)</h3>
<p><strong>User enables:</strong> Email + SMS</p>
<ul>
<li>✅ No authenticator app needed</li>
<li>✅ Choose email or SMS each time</li>
<li>✅ Good for non-technical users</li>
</ul>
</div>
<div class="card">
<h2>🎯 Next Steps</h2>
<h3>For Existing Users with 2FA:</h3>
<p>✅ <strong>Nothing required!</strong> Their existing method has been automatically migrated.</p>
<p>They can now add additional methods anytime.</p>
<h3>To Add More Methods:</h3>
<ol>
<li>Go to Security Settings</li>
<li>See current enabled methods</li>
<li>Click "Enable [Method]" for additional methods</li>
<li>Complete verification</li>
<li>Done!</li>
</ol>
<h3>To Disable a Method:</h3>
<ol>
<li>Go to Security Settings</li>
<li>Click "Disable [Method]"</li>
<li>Must keep at least one method active</li>
</ol>
</div>
<hr style="margin: 40px 0;">
<p style="text-align: center;">
<a href="modules/security/two-factor-auth.php"
style="display: inline-block; background: linear-gradient(135deg, #1E40AF 0%, #9333EA 100%); color: white; padding: 12px 24px; border-radius: 8px; text-decoration: none; font-weight: bold; margin-right: 10px;">
<i class="fas fa-shield-alt"></i> My Security Settings
</a>
<a href="dashboard.php"
style="display: inline-block; background: linear-gradient(135deg, #10B981 0%, #059669 100%); color: white; padding: 12px 24px; border-radius: 8px; text-decoration: none; font-weight: bold;">
<i class="fas fa-home"></i> Go to Dashboard
</a>
</p>
<p style="color: #666; margin-top: 30px; text-align: center; font-size: 14px;">
<strong>Note:</strong> You can delete this file (update_2fa_multi_method.php) after successful update.
</p>
<?php endif; ?>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists