Almost have my two-factor authentication working...

[veryveryinteresting]

Hi all,

I taught myself PHP and MySQL primarily to hack some two-factor authentication via Authy www.authy.com into Zen Cart. I am getting close. I am nearly there, a couple observers and registration away. I have my API's working (through another observer), I am hoping that someone else can look over my registration code and see what I am missing? It isn't executing all the way through. I don't think it is the API's as they work for requiring Authy on login (another page I created, editing a new template for the default login). I'm hoping there is a simple error here.

PHP Code:

if (!defined('IS_ADMIN_FLAG')) {
  die('Illegal Access');
}

require(DIR_WS_MODULES . zen_get_module_directory('require_languages.php'));

$breadcrumb->add(NAVBAR_TITLE);

if ($_SESSION['customer_authy_token']) {
    zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', $request_type));
}

require(DIR_WS_MODULES . zen_get_module_directory('require_languages.php'));

$api = new Authy_Api();
$error = false;

if (isset($_POST['action']) && ($_POST['action'] == 'process')) {
  $process = true;
  $authy_email = zen_db_prepare_input($_POST['authy-email']);
  $authy_country = zen_db_prepare_input($_POST['authy-countries']);
  $authy_cellphone = zen_db_prepare_input($_POST['authy-cellphone']);

  $check_customer_query = "SELECT customers_id, customers_firstname, customers_lastname, customers_password,
                          customers_email_address, customers_default_address_id,
                          customers_authorization, customers_referral, customers_authy_id
                          FROM " . TABLE_CUSTOMERS . "
                          WHERE customers_email_address = :emailAddress";

  $check_customer_query  =$db->bindVars($check_customer_query, ':emailAddress', $authy_email, 'string');
  $check_customer = $db->Execute($check_customer_query);
  
  if (!$check_customer->RecordCount()) {
    $error = true;
    $messageStack->add('two-factor', TEXT_AUTHY_EMAIL_ERROR);
  } elseif ($check_customer->fields['customers_authy_id'] != NULL) {
    // Check if customer is already registered with Authy and my site
    $error = true;
    $messageStack->add('two-factor', TEXT_AUTHY_EMAIL_ERROR);
    } else {
      // Run Authy registration
      $user = $api->registerUser($authy_email, $authy_cellphone, $authy_country);
      if (!$user->ok()) {
        $error = true;
        $messageStack->add('two-factor', TEXT_AUTHY_REGISTER_ERROR);
        } else {
          if ($user->ok()) {
            $sql = "update " . TABLE_CUSTOMERS . "
                     set customers_authy_id = '" . (int)$user->id() . "'
                   where customers_id = '" . (int)$_SESSION['customer_id'] . "'";
                   
            $db->Execute($sql);
               $_SESSION['customer_authy_token'] = $check_customer->fields['customers_authy_id'];
            zen_redirect(zen_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, '', 'SSL'));
          }  
        }
    }
} 


Thanks.

[veryveryinteresting]

Should I post this in a different section?

[stevesh]

Probably the right forum, but there are relatively few people here who are coder enough to dissect your code, so you may have to wait for a while. Is this for the admin login, or customer login ?

[veryveryinteresting]

Probably the right forum, but there are relatively few people here who are coder enough to dissect your code, so you may have to wait for a while. Is this for the admin login, or customer login ?

Thanks, I am still pretty new so any advice is good. It's for the customer login. I created a special form to register with my two-factor authentication provider and it isn't going through, I know the form itself is correct so I was hoping I was missing a simple "else" issue or something that someone could see quickly.