[GH#3060] when Admin Enable Two-Factor Authentication then Enable Maintenance Mode

[ioofen]

SMF 2.1 Beta 2

when  Admin  Enable Two-Factor Authentication then Enable Maintenance Mode

Admin can't login again until clear  "tfa_secret" and "tfa_backup" in table "smf_member " on Mysql

Is there someone know how to fix it?

[margarett]

Eh

Looks like an interesting bug... Tracked
https://github.com/SimpleMachines/SMF2.1/issues/3060

[Kindred]

that's new, if confirmed....   I tested TFA when it was first added and it worked perfectly well with no database changes

[margarett]

I did too (because I even added stuff to it) but I've never tried maintenance mode...

[Oldiesmann]

The problem is "logintfa" isn't in the list of allowed actions for non-admins when the forum is in maintenance mode (and, on that note, the same is true if the forum has guest access disabled).

index.php

Find

Code Select Expand

// You can only login.... otherwise, you're getting the "maintenance mode" display.
if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'login2' || $_REQUEST['action'] == 'logout'))
{
require_once($sourcedir . '/LogInOut.php');
return $_REQUEST['action'] == 'login2' ? 'Login2' : 'Logout';
}

Replace

Code Select Expand

// You can only login.... otherwise, you're getting the "maintenance mode" display.
if (isset($_REQUEST['action']) && (in_array($_REQUEST['action'], array('login2', 'logintfa', 'logout'))))
{
require_once($sourcedir . '/LogInOut.php');
return ($_REQUEST['action'] == 'login2' ? 'Login2' : ($_REQUEST['action'] == 'logintfa' ? 'LoginTFA' : 'Logout'));
}

And to fix it for guests, simply add 'logintfa' to the array on line 192 of index.php. Fix will be committed to GitHub shortly.