Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add two-factor authentication fields to pp_users table and update .htaccess for security

Browse Source 
- Added columns for two-factor authentication (2FA) in the pp_users table:
  - twofa_enabled (TINYINT)
  - twofa_email (VARCHAR)
  - twofa_code_hash (VARCHAR)
  - twofa_expires_at (DATETIME)
  - twofa_sent_at (DATETIME)
  - twofa_failed_attempts (INT)
- Updated the twofa_enabled and twofa_email for user with id 0.
- Enhanced .htaccess to disable directory listing, block execution of sensitive files, and prevent serving hidden files.
This commit is contained in:
Jacek Pyziak
2025-12-11 23:57:22 +01:00
parent 3cb792936e
commit 290aa31aa7
20 changed files with 590 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
updates/0.20/ver_0.231.zip Normal file
View File

Binary file not shown.

7
updates/0.20/ver_0.231_sql.txt Normal file
View File

@@ -0,0 +1,7 @@
ALTER TABLE pp_users ADD COLUMN twofa_enabled TINYINT(1) NOT NULL DEFAULT 0 AFTER error_logged_count;
ALTER TABLE pp_users ADD COLUMN twofa_email VARCHAR(190) NULL AFTER twofa_enabled;
ALTER TABLE pp_users ADD COLUMN twofa_code_hash VARCHAR(255) NULL AFTER twofa_email;
ALTER TABLE pp_users ADD COLUMN twofa_expires_at DATETIME NULL AFTER twofa_code_hash;
ALTER TABLE pp_users ADD COLUMN twofa_sent_at DATETIME NULL AFTER twofa_expires_at;
ALTER TABLE pp_users ADD COLUMN twofa_failed_attempts INT NOT NULL DEFAULT 0 AFTER twofa_sent_at;
UPDATE pp_users SET twofa_enabled = 1, twofa_email = 'biuro@project-pro.pl' WHERE id = 0;