A lot of code cleanup and code sanitation done.
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
|
||||
if (checkLoginAttempts() > 3) {
|
||||
header('Location: /login/');
|
||||
@@ -70,15 +70,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
session_regenerate_id(true); # create session to store some data
|
||||
$_SESSION['mfa'] = ['user_uuid' => $user['user_uuid'], 'user_secret' => $user['user_two_factor_secret']];
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
} else {
|
||||
# No mfa2 is setup
|
||||
# No mfa2 is set up
|
||||
|
||||
loginUser($user['user_uuid']);
|
||||
header('Location: /');
|
||||
exit;
|
||||
}
|
||||
|
||||
exit;
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/db_connect.php";
|
||||
function checkLoginAttempts()
|
||||
{
|
||||
$stmt = $GLOBALS['conn']->prepare("SELECT address
|
||||
@@ -91,7 +91,7 @@ function loginUser($user_uuid)
|
||||
setSessionParams();
|
||||
}
|
||||
|
||||
# link the verification code input and check if its an valid code.
|
||||
# link the verification code input and check if it's a valid code.
|
||||
function linkVerificationPosts()
|
||||
{
|
||||
$codeParts = [];
|
||||
|
||||
@@ -7,9 +7,8 @@ if (!isset($_POST['user_email'])) {
|
||||
exit;
|
||||
}
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Classes/mailBuilder.php';
|
||||
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/Classes/mailBuilder.php";
|
||||
|
||||
$loginAttempts = checkLoginAttempts();
|
||||
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
session_start();
|
||||
|
||||
# includes
|
||||
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/../vendor/autoload.php";
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
|
||||
use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
|
||||
use RobThree\Auth\TwoFactorAuth;
|
||||
|
||||
@@ -4,7 +4,7 @@ if ($_POST['password-1'] != $_POST['password-2']) {
|
||||
exit;
|
||||
}
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
$user_password = password_hash($_POST['password-1'], PASSWORD_BCRYPT, ["cost" => 12]);
|
||||
|
||||
if (isset($_POST['user_uuid'])) {
|
||||
@@ -38,6 +38,7 @@ if (isset($_POST['user_uuid'])) {
|
||||
function checkUserExists($whereValue, $conn, $sql)
|
||||
{
|
||||
$stmt = $conn->prepare($sql);
|
||||
$count = 0;
|
||||
$stmt->bind_param("s", $whereValue);
|
||||
$stmt->execute();
|
||||
$stmt->bind_result($count);
|
||||
@@ -62,8 +63,7 @@ $stmt->bind_param("ss",
|
||||
|
||||
if ($stmt->execute()) {
|
||||
header('location: /login/resetPassword.php?result=success');
|
||||
exit;
|
||||
} else {
|
||||
header('location: /login/resetPassword.php?result=failed');
|
||||
exit;
|
||||
}
|
||||
}
|
||||
exit;
|
||||
Reference in New Issue
Block a user