Jump to content

OATH Two Factor Authentication

Recommended Posts

  • 4 weeks later...
Installed, and 2-factor activated from admin CP and activated for a client test account but when logging in with that client account it didn't ask for the verification code and logged in normally as if not installed at all !!!


If you are logged into the admin panel, client area 2-factor authentication is bypassed.

Link to comment
Share on other sites

  • 3 weeks later...
  • 4 weeks later...
Thank you, all working nicely for admin only.


If lost my phone how would I login?




There's currently no way to reset it for admins, but you could disable it by going into the database (using phpMyAdmin or similar) and deleting the row in mod_oath_client matching your adminid. You can get your adminid from the tbladmins table.

Link to comment
Share on other sites

  • 1 month later...
  • 2 weeks later...
  • 3 weeks later...
  • 3 weeks later...
simply does not work.

i have tried and tried. i install it. i activate it. i scan the QR code with the google app. i enter the code, and it says it is not valid. i have tried sooo many times. i have removed the module, re added it. nothing i do gets it to work.


Work fine ;) Update your WHMCS.



PPL I append multi language support for this nice plugin, checkout bitbuket for latests commits. If somebody make new translation will really nice to share it.

Link to comment
Share on other sites

  • 6 months later...
  • 4 weeks later...
  • 3 weeks later...
Hi, I've installed this and enabled for admin 2FA for my site.

However, I've factory reset my phone (with Google Authenticator).

How do I go about disabling the OTP for admin user?


I guess I don't have email notifications enabled for this thread.


To disable it for an admin, login to your database with something like phpMyAdmin (most hosts have this installed by default), switch to your WHMCS database, and enter the tbladmins table. From there, find the row with your admin username and note its ID. Finally, go to mod_oath_admin and delete the row with the same adminid.


Also, I've just released version 1.3.0 which adds a checkbox to the admin interface's client profile page to disable two-factor authentication for specific users.

Link to comment
Share on other sites

I have this installed and working correctly, with one problem,


Some add-ons send out verification links that a user must click in their email to verify a product/service.


Such a link could be:



For a user using this 2 factor plugin they wouldn't be able to visit this page from an email link.


After clicking it they are asked to log in, then asked to verify their two-factor auth code. After this they are taken to the Client Area overview page, NOT https://my.example.com/index.php?m=docsaway


Is there any way to have this plugin redirect to the originally requested page after the user enters the correct code?

Edited by sherwin_flight
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated