Diff -- /var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/TEMPLATES/tf_twofa.html

O Operator
Diff

/var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/TEMPLATES/tf_twofa.html

added on local at 2026-07-01 12:35:12

Added
+76
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to 29200829e8e9
Restore this content →
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.
1<div class="page-header"><div><h1>Two-factor authentication</h1><p class="subtitle">Adds a 6-digit code from your phone on top of your password.</p></div></div>
2
3[if:$has_flash]<div class="flash-msg">$flash</div>[/if]
4[if:$has_err]<div class="error-msg">$err</div>[/if]
5
6[if:$show_codes]
7<div class="card mb-3">
8 <div class="card-header"><h3>Save these recovery codes</h3></div>
9 <p class="text-muted" style="font-size:13px">Each code works once if you ever lose your phone. We will NEVER show them again — print or save now.</p>
10 <div class="recovery-codes">
11 [loop:@codes]<code>$loop1.code</code>[/loop]
12 </div>
13 <div class="mt-2 text-dim" style="font-size:12.5px">Tip: copy this whole block and paste into a password manager.</div>
14</div>
15[/if]
16
17[if:$is_enabled]
18[if:!$show_codes]
19<div class="card mb-3" style="border-color:rgba(34,197,94,.4);background:rgba(34,197,94,.04)">
20 <div class="card-header"><h3>2FA is ON</h3></div>
21 <p>Your account requires a 6-digit code from your authenticator at sign-in.</p>
22 <p class="text-dim" style="font-size:12.5px">$codes_remaining unused recovery code(s) remaining.</p>
23 <div class="flex" style="gap:12px;flex-wrap:wrap">
24 <form method="POST"><input type="hidden" name="act" value="regen_codes"><button class="btn" type="submit" data-tip="Replace your recovery codes with a fresh set. The old codes stop working immediately.">Regenerate recovery codes</button></form>
25 <form method="POST" style="display:flex;gap:8px;align-items:center" onsubmit="return confirm('Disable two-factor authentication?')">
26 <input type="hidden" name="act" value="disable">
27 <input class="input" name="code" placeholder="Current 6-digit code" inputmode="numeric" pattern="[0-9]{6}" maxlength="6" required style="max-width:140px">
28 <button class="btn btn-danger" type="submit">Disable 2FA</button>
29 </form>
30 </div>
31</div>
32[/if]
33[/if]
34
35[if:!$is_enabled]
36[if:$is_setup]
37<div class="card mb-3">
38 <div class="card-header"><h3>Step 2 &mdash; verify your code</h3></div>
39 <p>Scan the QR or type the secret into your authenticator app (Google Authenticator, Authy, 1Password, Bitwarden, etc.).</p>
40 <div class="row" style="gap:24px;flex-wrap:wrap;align-items:center;margin-top:6px">
41 <div class="col" style="max-width:240px">
42 <div class="qr-card"><img src="$qr_url" alt="2FA QR" loading="lazy"></div>
43 <p class="text-dim" style="font-size:11.5px;text-align:center;margin-top:6px">QR rendered by qrserver.com</p>
44 </div>
45 <div class="col">
46 <div class="field"><label>Secret (paste if you can't scan)</label><code style="user-select:all;font-size:13px">$secret_grouped</code></div>
47 <div class="field"><label>otpauth URL</label><input class="input" readonly value="$otpauth" onfocus="this.select()"></div>
48 <form method="POST" style="margin-top:14px">
49 <input type="hidden" name="act" value="verify">
50 <div class="field"><label>Enter the 6-digit code your app shows</label>
51 <input class="input" name="code" inputmode="numeric" pattern="[0-9]{6}" maxlength="6" required autofocus placeholder="123456" style="max-width:180px;font-size:18px;letter-spacing:.2em">
52 </div>
53 <button class="btn btn-primary" type="submit">Verify &amp; enable 2FA</button>
54 </form>
55 </div>
56 </div>
57</div>
58[/if]
59[if:!$is_setup]
60<div class="card mb-3">
61 <div class="card-header"><h3>2FA is off</h3></div>
62 <p>Click to start enrollment &mdash; we will show you a QR code and verify a test code before turning it on.</p>
63 <form method="POST"><input type="hidden" name="act" value="enroll"><button class="btn btn-primary" type="submit">Set up two-factor authentication</button></form>
64</div>
65[/if]
66[/if]
67
68<div class="card">
69 <div class="card-header"><h3>How it works</h3></div>
70 <ul style="font-size:13px;color:var(--col-text-muted);padding-left:18px;line-height:1.7">
71 <li>You scan a QR with a TOTP authenticator app on your phone.</li>
72 <li>At sign-in, after your password, we ask for the current 6-digit code from that app.</li>
73 <li>If you lose your phone, use a recovery code instead. Recovery codes are single-use.</li>
74 <li>You can disable 2FA from this page (we verify a current code first).</li>
75 </ul>
76</div>