adding ratelimiting with reddis db

app-code/account/index.php

@@ -192,7 +192,11 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
           <!-- Success message will go here -->
         </div>
 	<div id="qrcode"></div>
+	<div class="p-3">
+	  <input type="text" id="twofa-confirm-pin" class="form-control" placeholder="Current 2FA code">
+	</div>
         <div class="modal-footer">
+          <button type="button" class="btn btn-primary" onclick="confirm2FaEnrollment()">Confirm 2FA</button>
           <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
         </div>
       </div>
@@ -362,8 +366,12 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
           // Handle success
           if(isEnabled==false){
 		showSuccessModal(result.message || (isEnabled ? '2FA enabled successfully.' : '2FA disabled successfully.'));
-          }else{
-	  	show2FaModal(result.message, result.token);
+	  }else{
+		if (result.pending) {
+		  show2FaModal(result.message, result.token);
+		} else {
+		  showSuccessModal(result.message || '2FA enabled successfully.');
+		}
 	  }
 	} else {
           // Handle error
@@ -427,11 +435,41 @@ if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
       }
       function show2FaModal(message,secret) {
         document.getElementById('twofaModalMessage').textContent = message;
+        document.getElementById('qrcode').innerHTML = '';
+        document.getElementById('twofa-confirm-pin').value = '';
         const errorModal = new bootstrap.Modal(document.getElementById('twofaModal'));
         generate2FAQRCode("Jakach Login",'<?php echo($_SESSION["username"]) ?>',secret);
 	errorModal.show();
       }
 
+      async function confirm2FaEnrollment() {
+        const pin = document.getElementById('twofa-confirm-pin').value.trim();
+        if (!pin) {
+          showErrorModal('Enter the current 2FA code.');
+          return;
+        }
+
+        const response = await fetch('/api/account/update_2fa.php', {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'X-CSRF-Token': window.csrfToken,
+          },
+          body: JSON.stringify({
+            enable_2fa: true,
+            twofa_pin: pin
+          }),
+        });
+        const result = await response.json();
+        if (response.ok && result.success) {
+          bootstrap.Modal.getInstance(document.getElementById('twofaModal')).hide();
+          document.getElementById('2fa-switch').checked = true;
+          showSuccessModal(result.message || '2FA enabled successfully.');
+        } else {
+          showErrorModal(result.message || 'Invalid 2FA code.');
+        }
+      }
+
 function generate2FAQRCode(issuer, accountName, secret) {
     // Create the OTP URI
     const uri = `otpauth://totp/${encodeURIComponent(issuer)}:${encodeURIComponent(accountName)}?secret=${secret}&issuer=${encodeURIComponent(issuer)}`;