Add two-factor authentication fields to pp_users table and update .htaccess for security

- Added columns for two-factor authentication (2FA) in the pp_users table: - twofa_enabled (TINYINT) - twofa_email (VARCHAR) - twofa_code_hash (VARCHAR) - twofa_expires_at (DATETIME) - twofa_sent_at (DATETIME) - twofa_failed_attempts (INT) - Updated the twofa_enabled and twofa_email for user with id 0. - Enhanced .htaccess to disable directory listing, block execution of sensitive files, and prevent serving hidden files.
2025-12-11 23:57:22 +01:00
parent 3cb792936e
commit 290aa31aa7
20 changed files with 590 additions and 60 deletions
--- a/admin/templates/site/unlogged.php
+++ b/admin/templates/site/unlogged.php
@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>shopPro</title>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta http-equiv="content-type" content="text/html; charset=utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="author" content="www.project-pro.pl - internetowe rozwiązania dla biznesu">
+    <link rel="stylesheet" type="text/css" href="/libraries/bootstrap-4.5.2-dist/css/bootstrap.css">
+    <link rel="stylesheet" type="text/css" href="/libraries/font-awesome-4.7.0/css/font-awesome.css">
+    <link rel="stylesheet" href="/admin/layout/style-css/style.css">
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
+    <script type="text/javascript" src="/libraries/bootstrap-4.5.2-dist/js/bootstrap.min.js"></script>
+    <script type="text/javascript" src="/libraries/bootstrap-4.5.2-dist/js/bootstrap.bundle.min.js"></script>
+    <link rel="preconnect" href="https://fonts.gstatic.com">
+    <link href="https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap" rel="stylesheet">
+  </head>
+  <body>
+    <div id="main">
+      <div class="container-fluid">
+        <div class="row">
+          <div class="col-sm-8 col-md-6 col-lg-4 unlogged-panel">
+            <div class="login-panel">
+              <div class="login-panel-content">
+                <div class="login-shoppro">
+                shop<b>Pro</b>
+                </div>
+                <div class="title">
+                  Witaj ponownie!
+                </div>
+                <div class="subtitle">
+                  Zaloguj się do panelu administratora <b>shopPro</b>.
+                </div>
+                <?
+                if ( $alert = \S::get_session( 'alert' ) ):
+                  \S::alert( false );
+                  ?>
+                  <div class="alert alert-danger alert-dismissable">
+                    <button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
+                    <i class="icon fa fa-ban "></i><?= $alert;?>
+                  </div>
+                <? endif;
+                ?>
+                <?= $this -> content; ?>
+                <div class="copyright">
+                 <a href="https://www.project-pro.pl/"> &copy; <?= date( 'Y' );?> Project-Pro</a>
+                </div>
+              </div>
+            </div>
+          </div>
+          <div class="col-sm-4 col-md-6 col-lg-8 unlogged-bg">
+          </div>
+        </div>
+      </div>
+      <div class="home">
+        <a href="/"><img src="/admin/layout/images/home.svg" alt="HOME"></a>
+      </div>
+    </div>
+  </body>
+</html>