We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Admin second step authentication? [ Plugin development needed] | Forum

Marcus
Marcus Nov 14 '16
is there a way to add second step authentication for admins and moderators like a secret pin?

Can someone just tell me how to hook up at a login function or whatever it's called?

It's easy to do but I am not familiar with the way oxwall works.

Add a setting with a pin.
On login check cookies if not found show a popup for admins and moderators where they will have to enter pin that will be compared with the one on settings.
If correct set cookie that will expire after 24h.
The Forum post is edited by Aliya Nov 25 '16
ross Team
ross Nov 15 '16
Topic was moved from General Questions.
dave Leader
dave Nov 15 '16
Its really not that easy.  


First you have to determine if the user logging in is a mod or admin which means tapping into the users table class


Then you have to grab their stored pin which would mean adding a new table to store the data. 


Then you have to add the admin section in order to set their pin in the first place. 


Then you have to find a login hook. 


Then you have to provide an error control logic


Then you have to provide the user side login to allow them to change their pin. 


So its not that easy to do... And i would never use a cookie to do that anyway, cookies are not that secure. 

Marcus
Marcus Nov 16 '16
Could you develop a plugin for it many will buy it case it's like really need one. Admin access has to be better protected.
dave Leader
dave Nov 16 '16
I will add it on my list of considerations.  
Marcus
Marcus Nov 17 '16
Let me know when it's ready gonna buy it.
Mike
Mike Nov 29 '16
Hey,

it sounds like the Two Factor Authentication Plugin would solve the problem.
It works like your idea with one diffrence.
The pin will be generated on your smartphone every 30 seconds new.
You can also save the verification so you dont have to verify the login again on this pc