CSecurityUser::update

static function update($arFields)
{
	global $USER;
	$userId = intval($arFields['USER_ID']);
	$result = null;

	if (!$userId)
		return true;

	$otp = Otp::getByUser($userId);
	$canAdminOtp =
		!Otp::isMandatoryUsing() && $userId == $USER->GetID()
		|| $USER->CanDoOperation('security_edit_user_otp')
	;

	try
	{
		if (
			$arFields['ACTIVE'] !== 'Y'
			&& $otp->isActivated()
		)
		{
			if ($canAdminOtp)
			{
				$otp->deactivate();
				return true;
			}
			return false;
		}

		if (
			$arFields['DEACTIVATE_UNTIL'] > 0
			&& $otp->isActivated()
		)
		{
			if ($canAdminOtp)
			{
				$otp->deactivate((int) $arFields['DEACTIVATE_UNTIL']);
				return true;
			}
			return false;
		}

		$secret = mb_substr(trim($arFields['SECRET']), 0, 64);
		if (!$secret)
		{
			if ($canAdminOtp)
			{
				$otp->delete();
				return true;
			}
			return false;
		}

		if ($otp->getHexSecret() != $secret)
		{
			// We want to connect new device
			$binarySecret = pack('H*', $secret);
			$otp->regenerate($binarySecret);
		}
		if ($arFields['TYPE'])
		{
			$otp->setType($arFields['TYPE']);
		}

		$sync1 = trim($arFields['SYNC1']);
		$sync2 = trim($arFields['SYNC2']);

		if ($sync1 || $sync2)
		{
			$otp->syncParameters($sync1, $sync2);
		}

		$otp
			->setActive(true)
			->save();
	}
	catch (OtpException $e)
	{
		/** @global CMain $APPLICATION */
		global $APPLICATION;
		$ex = array();
		$ex[] = array(
			'id' => 'security_otp',
			'text' => $e->getMessage()
		);

		$APPLICATION->ThrowException(
			new CAdminException($ex)
		);
		return false;
	}

	return true;
}