CanDoOperation('security_otp_settings_read'); $canWrite = $USER->CanDoOperation('security_otp_settings_write'); if(!$canRead && !$canWrite) $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED")); $aTabs = array( array( "DIV" => "main", "TAB" => GetMessage("SEC_OTP_NEW_MAIN_TAB"), "ICON"=>"main_user_edit", "TITLE"=>GetMessage("SEC_OTP_NEW_MAIN_TAB_TITLE"), ), array( "DIV" => "params", "TAB" => GetMessage("SEC_OTP_PARAMETERS_TAB"), "ICON"=>"main_user_edit", "TITLE"=>GetMessage("SEC_OTP_NEW_PARAMETERS_TAB_TITLE"), ), ); $tabControl = new CAdminTabControl("tabControl", $aTabs, true, true); $_GET["return_url"] = $_GET["return_url"] ?? ""; $returnUrl = $_GET["return_url"]? "&return_url=".urlencode($_GET["return_url"]): ""; if($_SERVER["REQUEST_METHOD"] == "POST" && (isset($_REQUEST["save"]) || isset($_REQUEST["apply"]) || isset($_REQUEST["otp_siteb"])) && $canWrite && check_bitrix_sessid()) { if(isset($_REQUEST["otp_siteb"]) && $_REQUEST["otp_siteb"] != "") CSecurityUser::setActive($_POST["otp_active"]==="Y"); $hotp_user_window = intval($_POST["window_size"]); if($hotp_user_window <= 0) $hotp_user_window = 10; COption::SetOptionString("security", "hotp_user_window", $hotp_user_window); COption::SetOptionString("security", "otp_allow_remember", isset($_POST["otp_allow_remember"]) && $_POST["otp_allow_remember"]==="Y"? "Y": "N"); COption::SetOptionString("security", "otp_allow_recovery_codes", isset($_POST["otp_allow_recovery_codes"]) && $_POST["otp_allow_recovery_codes"]==="Y"? "Y": "N"); COption::SetOptionString("security", "otp_log", ($_POST["otp_log"] === "Y"? "Y": "N")); if ($_POST['otp_default_type']) Bitrix\Security\Mfa\Otp::setDefaultType($_POST['otp_default_type']); if (isset($_POST['otp_mandatory_skip_days']) && is_numeric($_POST['otp_mandatory_skip_days'])) Bitrix\Security\Mfa\Otp::setSkipMandatoryDays($_POST['otp_mandatory_skip_days']); Bitrix\Security\Mfa\Otp::setMandatoryUsing(isset($_POST['otp_mandatory_using']) && $_POST['otp_mandatory_using'] === 'Y'); if (isset($_POST['otp_mandatory_rights']) && is_array($_POST['otp_mandatory_rights'])) Bitrix\Security\Mfa\Otp::setMandatoryRights($_POST['otp_mandatory_rights']); if(isset($_REQUEST["save"]) && $_GET["return_url"] != "") LocalRedirect($_GET["return_url"]); else LocalRedirect("/bitrix/admin/security_otp.php?lang=".LANGUAGE_ID.$returnUrl."&".$tabControl->ActiveTabParam()); } $availableTypes = \Bitrix\Security\Mfa\Otp::getAvailableTypes(); $availableTypesDescription = \Bitrix\Security\Mfa\Otp::getTypesDescription(); $defaultType = \Bitrix\Security\Mfa\Otp::getDefaultType(); $targetRights = \Bitrix\Security\Mfa\Otp::getMandatoryRights(); $access = new CAccess(); $targetRightsNames = $access->GetNames($targetRights); CJSCore::Init(array('access')); $APPLICATION->AddHeadScript('/bitrix/js/security/admin/page/otp.js'); $APPLICATION->SetTitle(GetMessage("SEC_OTP_NEW_TITLE")); require($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_after.php"); if (CSecurityUser::isActive()) { $messageType = "OK"; $messageText = GetMessage("SEC_OTP_NEW_ON"); } else { $messageType = "ERROR"; $messageText = GetMessage("SEC_OTP_NEW_OFF"); } CAdminMessage::ShowMessage(array( "MESSAGE" => $messageText, "TYPE" => $messageType, "HTML" => true )); ?>