From 5cfdccdc2a11880dd9b1fb00c7aa2122d61b2e33 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Thu, 27 Apr 2023 01:14:06 -0600
Subject: [PATCH] [bug] base32 encoded TOTP secret

Some applications rejected the TOTP secret. Use the Base2n class to create a better base32 encoded TOTP secret.
---
 core/users/user_edit.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/core/users/user_edit.php b/core/users/user_edit.php
index 1f0f8acef3..7ae29ed218 100644
--- a/core/users/user_edit.php
+++ b/core/users/user_edit.php
@@ -1104,11 +1104,13 @@
 		echo "</td>\n";
 		echo "<td class='vtable' align='left' valign='top'>\n";
 		echo "	<input type='hidden' class='formfld' style='width: 250px;' name='user_totp_secret' id='user_totp_secret' value=\"".escape($user_totp_secret)."\" >";
-		if (strlen($user_totp_secret) == 0) {
+		if (empty($user_totp_secret)) {
+			$base32 = new base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE);
+			$user_totp_secret = $base32->encode(generate_password(20,3));
 			echo button::create(['type'=>'button',
 			'label'=>$text['button-setup'],
 			'icon'=>'key',
-			'onclick'=>"document.getElementById('user_totp_secret').value = '".strtoupper(generate_password(32,3))."';
+			'onclick'=>"document.getElementById('user_totp_secret').value = '".$user_totp_secret."';
 			document.getElementById('frm').submit();"]);
 		}
 		else {