Add two-factor authentication fields to pp_users table and update .htaccess for security
- Added columns for two-factor authentication (2FA) in the pp_users table: - twofa_enabled (TINYINT) - twofa_email (VARCHAR) - twofa_code_hash (VARCHAR) - twofa_expires_at (DATETIME) - twofa_sent_at (DATETIME) - twofa_failed_attempts (INT) - Updated the twofa_enabled and twofa_email for user with id 0. - Enhanced .htaccess to disable directory listing, block execution of sensitive files, and prevent serving hidden files.
This commit is contained in:
20
plugins/.htaccess
Normal file
20
plugins/.htaccess
Normal file
@@ -0,0 +1,20 @@
|
||||
# Wyłącz listowanie
|
||||
Options -Indexes
|
||||
|
||||
# Domyślnie blokujemy wszystko…
|
||||
Require all denied
|
||||
|
||||
# …a dopiero potem pozwalamy na pliki statyczne
|
||||
<FilesMatch "\.(css|js|map|mjs|png|jpe?g|gif|svgz?|webp|ico|woff2?|woff|ttf|eot)$">
|
||||
Require all granted
|
||||
</FilesMatch>
|
||||
|
||||
# Twardo blokuj cokolwiek, co mogłoby się wykonać
|
||||
<FilesMatch "\.(php|phtml|php[0-9]?|phar|pht|cgi|pl|py|sh)$">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
# Nie serwuj plików ukrytych (.env itp.)
|
||||
<FilesMatch "^\.(.*)$">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
Reference in New Issue
Block a user