Login($_POST['login'], $_POST['password']) !== true) { if($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) { $CAPTCHA_CODE = $APPLICATION->CaptchaGetCode(); echo "{'captchaCode': '".$CAPTCHA_CODE."'};"; } CHTTP::SetStatus("401 Unauthorized"); die(); } if(!CModule::IncludeModule("security")) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die(); } if(!\Bitrix\Security\Mfa\Otp::isOtpEnabled()) { CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die(); } if($_POST['action']!='register') $_POST['secret']=""; $isUpdated = CSecurityUser::update(array( "USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y", "TYPE" => \Bitrix\Security\Mfa\Otp::TYPE_HOTP // Bitrix.OTP use HOTP )); if(!$isUpdated) { //print_r($APPLICATION->GetException()); CHTTP::SetStatus("403 Forbidden"); $USER->Logout(); die(); } $USER->Logout(); ?>