[Bug] Issue with yescrypt/2fa login not working

[ledoktre]

Describe the bug

When you try to login to fresh install of HestiaCP and have 2fa enabled, it fails on 2fa page, complaining about an invalid username/password error.

In the logs, it shows Undefined array key "password" error.

If you verify 2fa from CLI, it works fine (no output). If you use incorrect code, CLI correctly generates an error.

If you upgrade older HestiaCP to 1.6.0, 2fa works fine. The only thing I see different is that older versions use sha-512 as default, not yescrypt.

Tell us how to replicate the bug

1. Install HestiaCP v1.6.0 fresh (not upgrade)
2. Login as admin, and enable 2fa
3. Logout, attempt to login to webui. When you submit on 2fa page it will fail with invalid username/password error.

Which components are affected by this bug?

Control Panel Web Interface

Hestia Control Panel Version

1.6.0

Operating system

Debian 11

Log capture

2022/06/16 21:43:48 [error] 808#0: *76 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
2022/06/16 21:43:58 [error] 808#0: *76 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
2022/06/16 21:44:02 [error] 808#0: *76 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
2022/06/16 21:44:52 [error] 808#0: *83 FastCGI sent in stderr: "PHP message: PHP Warning:  session_destroy(): Trying to destroy uninitialized session in /usr/local/hestia/web/login/index.php on line 288" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
2022/06/16 21:44:55 [error] 808#0: *89 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
2022/06/16 21:45:02 [error] 808#0: *89 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined array key "password" in /usr/local/hestia/web/login/index.php on line 135" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
2022/06/16 21:46:35 [error] 808#0: *99 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
2022/06/16 21:46:39 [error] 808#0: *99 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined array key "password" in /usr/local/hestia/web/login/index.php on line 303PHP message: PHP Warning:  Undefined array key "password" in /usr/local/hestia/web/login/index.php on line 135" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
2022/06/16 21:47:37 [error] 808#0: *108 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined variable $v_twofa in /usr/local/hestia/web/login/index.php on line 191" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"
2022/06/16 21:47:40 [error] 808#0: *108 FastCGI sent in stderr: "PHP message: PHP Warning:  Undefined array key "password" in /usr/local/hestia/web/login/index.php on line 135" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: _, request: "POST /login/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/hestia-php.sock:", host: "web.domain.com:8083", referrer: "https://web.domain.com:8083/login/"