Add two-factor authentication fields to pp_users table and update .htaccess for security

- Added columns for two-factor authentication (2FA) in the pp_users table: - twofa_enabled (TINYINT) - twofa_email (VARCHAR) - twofa_code_hash (VARCHAR) - twofa_expires_at (DATETIME) - twofa_sent_at (DATETIME) - twofa_failed_attempts (INT) - Updated the twofa_enabled and twofa_email for user with id 0. - Enhanced .htaccess to disable directory listing, block execution of sensitive files, and prevent serving hidden files.
2025-12-11 23:57:22 +01:00
parent 3cb792936e
commit 290aa31aa7
20 changed files with 590 additions and 60 deletions
--- a/admin/index.php
+++ b/admin/index.php
@@ -85,5 +85,22 @@ $user = \S::get_session( 'user', true );
 \admin\Site::update();
 \admin\Site::special_actions();

+$domain       = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
+$cookie_name  = str_replace( '.', '-', $domain );
+
+if ( isset( $_COOKIE[$cookie_name] ) && !isset( $_SESSION['user'] ) )
+{
+  $obj      = json_decode( $_COOKIE[$cookie_name] );
+  $login    = $obj -> {'login'};
+  $password = $obj -> {'hash'};
+
+  if ( $mdb -> get( 'pp_users', '*', [ 'AND' => [ 'login' => $login, 'status' => 1, 'password' => $password ] ] ) )
+  {
+    \S::set_session( 'user', \admin\factory\Users::details( $login ) );
+    header( 'Location: /admin/articles/view_list/' );
+    exit;
+  }
+}
+
 echo \admin\view\Page::show();
 ?>