A lot of code cleanup and code sanitation done.

This commit is contained in:
2026-06-20 00:31:32 +02:00
parent be392b8149
commit d781078c0d
100 changed files with 733 additions and 2097 deletions

View File

@@ -1,7 +1,7 @@
<?php
session_start();
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
if (checkLoginAttempts() > 3) {
header('Location: /login/');
@@ -70,15 +70,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
session_regenerate_id(true); # create session to store some data
$_SESSION['mfa'] = ['user_uuid' => $user['user_uuid'], 'user_secret' => $user['user_two_factor_secret']];
header('Location: /login/');
exit;
} else {
# No mfa2 is setup
# No mfa2 is set up
loginUser($user['user_uuid']);
header('Location: /');
exit;
}
exit;
}

View File

@@ -1,6 +1,6 @@
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/db_connect.php";
function checkLoginAttempts()
{
$stmt = $GLOBALS['conn']->prepare("SELECT address
@@ -91,7 +91,7 @@ function loginUser($user_uuid)
setSessionParams();
}
# link the verification code input and check if its an valid code.
# link the verification code input and check if it's a valid code.
function linkVerificationPosts()
{
$codeParts = [];

View File

@@ -7,9 +7,8 @@ if (!isset($_POST['user_email'])) {
exit;
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Classes/mailBuilder.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/Classes/mailBuilder.php";
$loginAttempts = checkLoginAttempts();

View File

@@ -2,8 +2,8 @@
session_start();
# includes
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/../vendor/autoload.php";
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
use RobThree\Auth\TwoFactorAuth;

View File

@@ -4,7 +4,7 @@ if ($_POST['password-1'] != $_POST['password-2']) {
exit;
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
$user_password = password_hash($_POST['password-1'], PASSWORD_BCRYPT, ["cost" => 12]);
if (isset($_POST['user_uuid'])) {
@@ -38,6 +38,7 @@ if (isset($_POST['user_uuid'])) {
function checkUserExists($whereValue, $conn, $sql)
{
$stmt = $conn->prepare($sql);
$count = 0;
$stmt->bind_param("s", $whereValue);
$stmt->execute();
$stmt->bind_result($count);
@@ -62,8 +63,7 @@ $stmt->bind_param("ss",
if ($stmt->execute()) {
header('location: /login/resetPassword.php?result=success');
exit;
} else {
header('location: /login/resetPassword.php?result=failed');
exit;
}
}
exit;