OATH Two Factor Authentication

[Dr. McKay]

This free module provides OATH-based two-factor authentication to WHMCS.

 

See the readme for more information.

 

Report an issue

 

Download

[wsa]

look nice all u need to do is the admin section it better then paying a fee

[WebCraker]

Installed, and 2-factor activated from admin CP and activated for a client test account but when logging in with that client account it didn't ask for the verification code and logged in normally as if not installed at all !!!

[Dr. McKay]

Installed, and 2-factor activated from admin CP and activated for a client test account but when logging in with that client account it didn't ask for the verification code and logged in normally as if not installed at all !!!

 

If you are logged into the admin panel, client area 2-factor authentication is bypassed.

[ceosammy]

Can you set this up for admins please?

[Dr. McKay]

Version 1.1.0 has been released, adding support for admin area authentication.

 

Sorry for the long wait.

[jetdino]

nice

thank you for making this free addon

[WebCraker]

If you are logged into the admin panel, client area 2-factor authentication is bypassed.

 

Thnx bro, I realized that and it's working like charm

 

Thank you

[ivaserver]

Thank you, all working nicely for admin only.

 

If lost my phone how would I login?

 

Thanks

[Dr. McKay]

Thank you, all working nicely for admin only.

 

If lost my phone how would I login?

 

Thanks

 

There's currently no way to reset it for admins, but you could disable it by going into the database (using phpMyAdmin or similar) and deleting the row in mod_oath_client matching your adminid. You can get your adminid from the tbladmins table.

[WTCOI]

Brilliant thank you!

[WorldWideWebDev]

Dr Mckay, wish i had of found this before i had payed for it... Thanks.. i will keep your number for future use....Cheers

[EhsanCh]

i get error on displaying qr codes :

The image “http://xxxx.com/index.php?m=oath&qr=1&secret=VFFT6GHHD5BL5XS1” cannot be displayed because it contains errors.

 

PS: solved. there was a new line in begin of my template that cause error.

Edited December 13, 2013 by EhsanCh

[elijahpaul]

how could I configure the

clientareaoath.tpl

for different templates?

[stuntnmore]

This is what i have implemented for my clients into mine using this addon.

Edited January 12, 2014 by stuntnmore

[PixelPaul]

simply does not work.

i have tried and tried. i install it. i activate it. i scan the QR code with the google app. i enter the code, and it says it is not valid. i have tried sooo many times. i have removed the module, re added it. nothing i do gets it to work.

[neo2shyalien]

simply does not work.

i have tried and tried. i install it. i activate it. i scan the QR code with the google app. i enter the code, and it says it is not valid. i have tried sooo many times. i have removed the module, re added it. nothing i do gets it to work.

 

Work fine Update your WHMCS.

 

 

PPL I append multi language support for this nice plugin, checkout bitbuket for latests commits. If somebody make new translation will really nice to share it.

[Gibby13]

I have it working for clients, but I can not find where an admin needs to go to enable....

[wsa]

look nice stuntnmore

[wsa]

This free module provides OATH-based two-factor authentication to WHMCS.

 

Can you look at Ticket #261518

[RainbowTrail]

Hi, I've installed this and enabled for admin 2FA for my site.

However, I've factory reset my phone (with Google Authenticator).

How do I go about disabling the OTP for admin user?

[Dr. McKay]

Hi, I've installed this and enabled for admin 2FA for my site.

However, I've factory reset my phone (with Google Authenticator).

How do I go about disabling the OTP for admin user?

 

I guess I don't have email notifications enabled for this thread.

 

To disable it for an admin, login to your database with something like phpMyAdmin (most hosts have this installed by default), switch to your WHMCS database, and enter the tbladmins table. From there, find the row with your admin username and note its ID. Finally, go to mod_oath_admin and delete the row with the same adminid.

 

Also, I've just released version 1.3.0 which adds a checkbox to the admin interface's client profile page to disable two-factor authentication for specific users.

[stuntnmore]

Hello, i get white blank page when i load my admin area when 2 factor enabled

 

If i go to orders.php then it shows to input the code but on main index.php it doesnt work

[ricardo777]

Issue Solved it was a Server time issue SYNC with NTP pool.ntp.org and solved the problem.

 

--

 

I have same issue as some other people always getting the error: Your code was incorrect.

 

I have the latest version of WHMCS.

Edited October 4, 2014 by ricardo777

[sherwin_flight]

I have this installed and working correctly, with one problem,

 

Some add-ons send out verification links that a user must click in their email to verify a product/service.

 

Such a link could be:

https://my.example.com/index.php?m=docsaway

 

For a user using this 2 factor plugin they wouldn't be able to visit this page from an email link.

 

After clicking it they are asked to log in, then asked to verify their two-factor auth code. After this they are taken to the Client Area overview page, NOT https://my.example.com/index.php?m=docsaway

 

Is there any way to have this plugin redirect to the originally requested page after the user enters the correct code?

Edited October 10, 2014 by sherwin_flight
clarification