From 3dcd04a72443f6828e9c7cf056c3e5ad5250c470 Mon Sep 17 00:00:00 2001 From: Marcus Hill Date: Sun, 9 Jun 2024 12:57:42 +0100 Subject: [PATCH] 2FA - Set the 2FA number input field to only accept 6 characters max - Revoke existing remember-me tokens when 2FA is re-enabled --- login.php | 2 +- post/profile.php | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/login.php b/login.php index 54d06fddc..7bdda3670 100644 --- a/login.php +++ b/login.php @@ -230,7 +230,7 @@ // HTML code for the token input field $token_field = "
- +
diff --git a/post/profile.php b/post/profile.php index d03a53ef6..0ae146609 100644 --- a/post/profile.php +++ b/post/profile.php @@ -208,6 +208,9 @@ mysqli_query($mysqli,"UPDATE users SET user_token = '$token' WHERE user_id = $session_user_id"); + // Delete any existing 2FA tokens - these browsers should be re-validated + mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id"); + //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Settings', log_action = 'Modify', log_description = '$session_name enabled 2FA on their account', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");