From c9e556fcd57dde4527a75d4af036c575546a640e Mon Sep 17 00:00:00 2001
From: kanoi <gitkanoi@k1k2.com>
Date: Sun, 9 Aug 2015 17:12:53 +1000
Subject: [PATCH] php - add a note about the 2fa device clock needs to be
 accurate

---
 pool/page_2fa.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pool/page_2fa.php b/pool/page_2fa.php
index 530c9346..7648bd12 100644
--- a/pool/page_2fa.php
+++ b/pool/page_2fa.php
@@ -103,6 +103,8 @@ function set_2fa($data, $user, $tfa, $ans, $err)
  $pg .= 'Your 2FA device would be, for example, your phone or tablet.<br><br>';
  $pg .= 'Each time you need a 2FA code, you use your device to generate a number<br>';
  $pg .= 'that you type into the "<span class=st1>*</span>2nd Authentication:" field on any page that has it.<br><br>';
+ $pg .= '<b>IMPORTANT:</b> the TOTP algorithm uses the time on your device,<br>';
+ $pg .= "so it is important that your device's clock is accurate within a few seconds.<br><br>";
  $pg .= '<span class=urg>WARNING:</span> once you have successfully tested and enabled 2FA,<br>';
  $pg .= 'you will be unable to access or even reset your account without 2FA.<br>';
  $pg .= 'There is no option to recover your 2FA from the web site,<br>';