Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add two-factor authentication fields to pp_users table and update .htaccess for security

Browse Source 
- Added columns for two-factor authentication (2FA) in the pp_users table:
  - twofa_enabled (TINYINT)
  - twofa_email (VARCHAR)
  - twofa_code_hash (VARCHAR)
  - twofa_expires_at (DATETIME)
  - twofa_sent_at (DATETIME)
  - twofa_failed_attempts (INT)
- Updated the twofa_enabled and twofa_email for user with id 0.
- Enhanced .htaccess to disable directory listing, block execution of sensitive files, and prevent serving hidden files.
This commit is contained in:
Jacek Pyziak
2025-12-11 23:57:22 +01:00
parent 3cb792936e
commit 290aa31aa7
20 changed files with 590 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
admin/templates/users/user-2fa.php Normal file
View File

@@ -0,0 +1,18 @@
<form method="POST" action="/admin/" class="form-horizontal" rol="form">
<input type="hidden" name="s-action" value="user-2fa-verify">
<div class="form-group row">
<label class="col col-sm-4 control-label" for="login">Kod z e-maila:</label>
<div class="col col-sm-8">
<input type="text" name="twofa" id="twofa" class="form-control" inputmode="numeric" pattern="\d{6}" maxlength="6" autocomplete="one-time-code" required>
</div>
</div>
<div class="form-group row">
<div class="col col-sm-12">
<button class="btn btn-primary btn-block">Potwierdź</button>
</div>
</div>
</form>
<form method="POST" action="/admin/" style="margin-top:10px">
<input type="hidden" name="s-action" value="user-2fa-resend">
<button class="btn btn-danger">Wyślij kod ponownie</button>
</form>

29
admin/templates/users/user-edit.php
View File

@@ -18,7 +18,7 @@ $grid -> fields = [
'type' => 'hidden',
'value' => '1'
],
[
[
'name' => 'Login',
'db' => 'login',
'type' => 'text',
@@ -30,8 +30,17 @@ $grid -> fields = [
'db' => 'status',
'type' => 'input_switch',
'checked' => $this -> user['status'] ? true : false
],
[
], [
'db' => 'twofa_enabled',
'name' => 'Dwustopniowe uwierzytelnianie (2FA)',
'type' => 'input_switch',
'checked' => $this -> user['twofa_enabled'] ? true : false,
], [
'db' => 'twofa_email',
'name' => 'E-mail do 2FA',
'type' => 'text',
'value' => $this -> user['twofa_email'],
], [
'name' => 'Hasło',
'db' => 'password',
'type' => 'text',
@@ -44,9 +53,9 @@ $grid -> fields = [
'params' => [ 'class' => $password_param, 'min' => 5, 'equal' => 'password', 'error_txt' => 'Podane hasła są różne' ]
]
];
$grid -> actions = [
'save' => [ 'url' => '/admin/users/user_save/', 'back_url' => '/admin/users/view_list/' ],
'cancel' => [ 'url' => '/admin/users/view_list/' ]
$grid -> actions = [
'save' => [ 'url' => '/admin/users/user_save/', 'back_url' => '/admin/users/view_list/' ],
'cancel' => [ 'url' => '/admin/users/view_list/' ]
];
echo $grid -> draw();
?>
@@ -55,11 +64,11 @@ echo $grid -> draw();
{
disable_menu();
});
function check_login()
function check_login()
{
var response = null;
$.ajax({
type: 'POST',
cache: false,
@@ -77,5 +86,5 @@ echo $grid -> draw();
}
});
return response;
}
}
</script>