prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$user_id]); $user = $stmt->fetch(); if (!$user) { die('User not found.'); } // Load or generate secret if (empty($user['totp_secret']) && empty($_SESSION['totp_secret_temp'])) { // First-time login: generate temp secret and store in session $_SESSION['totp_secret_temp'] = $ga->createSecret(); } $secret = $_SESSION['totp_secret'] ?? $_SESSION['totp_secret_temp'] ?? null; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $code = $_POST['code'] ?? ''; if (!$secret) { die('No secret found.'); } if ($ga->verifyCode($secret, $code, 2)) { // First-time setup: store the verified secret if (empty($user['totp_secret'])) { $stmt = $pdo->prepare("UPDATE users SET totp_secret = ? WHERE id = ?"); $stmt->execute([$secret, $user_id]); } $_SESSION['2fa_verified'] = true; $_SESSION['totp_secret'] = $secret; unset($_SESSION['totp_secret_temp']); header('Location: index.php'); exit; } else { $message = 'Invalid 2FA code.'; } } ?> 2FA Verification - SuperArc

2FA Verification

Scan this QR code in your authenticator app:

QR Code