From 6074c56838e430a5574453c587d3e7f230429b2f Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Sun, 24 May 2020 02:04:53 -0600
Subject: [PATCH] Update AccountController

---
 app/Http/Controllers/AccountController.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php
index a554f17d8..a18380763 100644
--- a/app/Http/Controllers/AccountController.php
+++ b/app/Http/Controllers/AccountController.php
@@ -446,12 +446,16 @@ class AccountController extends Controller
 			}
 
 			if($request->session()->has('2fa.attempts')) {
-				$count = (int) $request->session()->has('2fa.attempts');
-				$request->session()->push('2fa.attempts', $count + 1);
+				$count = (int) $request->session()->get('2fa.attempts');
+				if($count == 3) {
+					Auth::logout();
+					return redirect('/');
+				}
+				$request->session()->put('2fa.attempts', $count + 1);
 			} else {
-				$request->session()->push('2fa.attempts', 1);
+				$request->session()->put('2fa.attempts', 1);
 			}
-			return redirect()->back()->withErrors([
+			return redirect('/i/auth/checkpoint')->withErrors([
 				'code' => 'Invalid code'
 			]);
 		}