Diff -- /var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/TEMPLATES/tf_twofa.html
Diff
/var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/TEMPLATES/tf_twofa.html
added on local at 2026-07-01 12:35:12
Added
+76
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to 29200829e8e9
to 29200829e8e9
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.| 1 | <div class="page-header"><div><h1>Two-factor authentication</h1><p class="subtitle">Adds a 6-digit code from your phone on top of your password.</p></div></div> | |
| 2 | ||
| 3 | [if:$has_flash]<div class="flash-msg">$flash</div>[/if] | |
| 4 | [if:$has_err]<div class="error-msg">$err</div>[/if] | |
| 5 | ||
| 6 | [if:$show_codes] | |
| 7 | <div class="card mb-3"> | |
| 8 | <div class="card-header"><h3>Save these recovery codes</h3></div> | |
| 9 | <p class="text-muted" style="font-size:13px">Each code works once if you ever lose your phone. We will NEVER show them again — print or save now.</p> | |
| 10 | <div class="recovery-codes"> | |
| 11 | [loop:@codes]<code>$loop1.code</code>[/loop] | |
| 12 | </div> | |
| 13 | <div class="mt-2 text-dim" style="font-size:12.5px">Tip: copy this whole block and paste into a password manager.</div> | |
| 14 | </div> | |
| 15 | [/if] | |
| 16 | ||
| 17 | [if:$is_enabled] | |
| 18 | [if:!$show_codes] | |
| 19 | <div class="card mb-3" style="border-color:rgba(34,197,94,.4);background:rgba(34,197,94,.04)"> | |
| 20 | <div class="card-header"><h3>2FA is ON</h3></div> | |
| 21 | <p>Your account requires a 6-digit code from your authenticator at sign-in.</p> | |
| 22 | <p class="text-dim" style="font-size:12.5px">$codes_remaining unused recovery code(s) remaining.</p> | |
| 23 | <div class="flex" style="gap:12px;flex-wrap:wrap"> | |
| 24 | <form method="POST"><input type="hidden" name="act" value="regen_codes"><button class="btn" type="submit" data-tip="Replace your recovery codes with a fresh set. The old codes stop working immediately.">Regenerate recovery codes</button></form> | |
| 25 | <form method="POST" style="display:flex;gap:8px;align-items:center" onsubmit="return confirm('Disable two-factor authentication?')"> | |
| 26 | <input type="hidden" name="act" value="disable"> | |
| 27 | <input class="input" name="code" placeholder="Current 6-digit code" inputmode="numeric" pattern="[0-9]{6}" maxlength="6" required style="max-width:140px"> | |
| 28 | <button class="btn btn-danger" type="submit">Disable 2FA</button> | |
| 29 | </form> | |
| 30 | </div> | |
| 31 | </div> | |
| 32 | [/if] | |
| 33 | [/if] | |
| 34 | ||
| 35 | [if:!$is_enabled] | |
| 36 | [if:$is_setup] | |
| 37 | <div class="card mb-3"> | |
| 38 | <div class="card-header"><h3>Step 2 — verify your code</h3></div> | |
| 39 | <p>Scan the QR or type the secret into your authenticator app (Google Authenticator, Authy, 1Password, Bitwarden, etc.).</p> | |
| 40 | <div class="row" style="gap:24px;flex-wrap:wrap;align-items:center;margin-top:6px"> | |
| 41 | <div class="col" style="max-width:240px"> | |
| 42 | <div class="qr-card"><img src="$qr_url" alt="2FA QR" loading="lazy"></div> | |
| 43 | <p class="text-dim" style="font-size:11.5px;text-align:center;margin-top:6px">QR rendered by qrserver.com</p> | |
| 44 | </div> | |
| 45 | <div class="col"> | |
| 46 | <div class="field"><label>Secret (paste if you can't scan)</label><code style="user-select:all;font-size:13px">$secret_grouped</code></div> | |
| 47 | <div class="field"><label>otpauth URL</label><input class="input" readonly value="$otpauth" onfocus="this.select()"></div> | |
| 48 | <form method="POST" style="margin-top:14px"> | |
| 49 | <input type="hidden" name="act" value="verify"> | |
| 50 | <div class="field"><label>Enter the 6-digit code your app shows</label> | |
| 51 | <input class="input" name="code" inputmode="numeric" pattern="[0-9]{6}" maxlength="6" required autofocus placeholder="123456" style="max-width:180px;font-size:18px;letter-spacing:.2em"> | |
| 52 | </div> | |
| 53 | <button class="btn btn-primary" type="submit">Verify & enable 2FA</button> | |
| 54 | </form> | |
| 55 | </div> | |
| 56 | </div> | |
| 57 | </div> | |
| 58 | [/if] | |
| 59 | [if:!$is_setup] | |
| 60 | <div class="card mb-3"> | |
| 61 | <div class="card-header"><h3>2FA is off</h3></div> | |
| 62 | <p>Click to start enrollment — we will show you a QR code and verify a test code before turning it on.</p> | |
| 63 | <form method="POST"><input type="hidden" name="act" value="enroll"><button class="btn btn-primary" type="submit">Set up two-factor authentication</button></form> | |
| 64 | </div> | |
| 65 | [/if] | |
| 66 | [/if] | |
| 67 | ||
| 68 | <div class="card"> | |
| 69 | <div class="card-header"><h3>How it works</h3></div> | |
| 70 | <ul style="font-size:13px;color:var(--col-text-muted);padding-left:18px;line-height:1.7"> | |
| 71 | <li>You scan a QR with a TOTP authenticator app on your phone.</li> | |
| 72 | <li>At sign-in, after your password, we ask for the current 6-digit code from that app.</li> | |
| 73 | <li>If you lose your phone, use a recovery code instead. Recovery codes are single-use.</li> | |
| 74 | <li>You can disable 2FA from this page (we verify a current code first).</li> | |
| 75 | </ul> | |
| 76 | </div> |