From b0ac4a3da15ab0d917171317101392cd2e8772ce Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Sun, 10 Mar 2019 16:58:49 +0100
Subject: [PATCH] Moved some 2FA stuff into functions.

---
 public/settings.php | 26 ++++----------------------
 src/Users/user.php  | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/public/settings.php b/public/settings.php
index f19ff62d..53c22508 100644
--- a/public/settings.php
+++ b/public/settings.php
@@ -11,14 +11,7 @@ $errors = [];
 $currentUserId = user_session_current('user_id');
 $currentEmail = user_email_get($currentUserId);
 $isRestricted = user_warning_check_restriction($currentUserId);
-
-$getTwoFactorInfo = db_prepare('
-    SELECT `username`, `user_totp_key` IS NOT NULL AS `totp_enabled`
-    FROM `msz_users`
-    WHERE `user_id` = :user_id
-');
-$getTwoFactorInfo->bindValue('user_id', $currentUserId);
-$twoFactorInfo = db_fetch($getTwoFactorInfo);
+$twoFactorInfo = user_totp_info($currentUserId);
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (!csrf_verify('settings', $_POST['csrf'] ?? '')) {
@@ -79,13 +72,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         }
 
         if (isset($_POST['tfa']['enable']) && (bool)$twoFactorInfo['totp_enabled'] !== (bool)$_POST['tfa']['enable']) {
-            $updateTotpKey = db_prepare('
-                UPDATE `msz_users`
-                SET `user_totp_key` = :key
-                WHERE `user_id` = :user_id
-            ');
-            $updateTotpKey->bindValue('user_id', $currentUserId);
-
             if ((bool)$_POST['tfa']['enable']) {
                 $tfaKey = totp_generate_key();
 
@@ -102,16 +88,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                     )),
                 ]);
 
-                $updateTotpKey->bindValue('key', $tfaKey);
+                user_totp_update($currentUserId, $tfaKey);
             } else {
-                $updateTotpKey->bindValue('key', null);
+                user_totp_update($currentUserId, null);
             }
 
-            if ($updateTotpKey->execute()) {
-                $twoFactorInfo['totp_enabled'] = !$twoFactorInfo['totp_enabled'];
-            } else {
-                $errors[] = 'Failed to save Two Factor Authentication state.';
-            }
+            $twoFactorInfo['totp_enabled'] = !$twoFactorInfo['totp_enabled'];
         }
 
         if (!empty($_POST['current_password'])) {
diff --git a/src/Users/user.php b/src/Users/user.php
index d7467459..b2e594f0 100644
--- a/src/Users/user.php
+++ b/src/Users/user.php
@@ -119,6 +119,40 @@ function user_password_set(int $userId, string $password): bool
     return $updatePassword->execute();
 }
 
+function user_totp_info(int $userId): array
+{
+    if ($userId < 1) {
+        return [];
+    }
+
+    $getTwoFactorInfo = db_prepare('
+        SELECT `username`, `user_totp_key` IS NOT NULL AS `totp_enabled`
+        FROM `msz_users`
+        WHERE `user_id` = :user_id
+    ');
+    $getTwoFactorInfo->bindValue('user_id', $userId);
+
+    return db_fetch($getTwoFactorInfo);
+}
+
+function user_totp_update(int $userId, ?string $key): void
+{
+    if ($userId < 1) {
+        return;
+    }
+
+    $key = empty($key) ? null : $key;
+
+    $updateTotpKey = db_prepare('
+        UPDATE `msz_users`
+        SET `user_totp_key` = :key
+        WHERE `user_id` = :user_id
+    ');
+    $updateTotpKey->bindValue('user_id', $userId);
+    $updateTotpKey->bindValue('key', $key);
+    $updateTotpKey->execute();
+}
+
 function user_email_get(int $userId): string
 {
     if ($userId < 1) {