Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

setting rate limiting higher
Deploy / deploy (push) Successful in 37s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-06 09:43:10 +02:00
parent a6968d7f71
commit 5e0b8a2fe8
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/account/update_2fa.php
+1 -1
View File
@@ -47,7 +47,7 @@ if($data->enable_2fa==true){
exit(); exit();
} }
check_rate_limit($conn, 'setup_2fa', 5, 10 * 60, (string)$id); check_rate_limit($conn, 'setup_2fa', 5, 60, (string)$id);
$twofa_secret = $_SESSION["pending_2fa_secret"] ?? ""; $twofa_secret = $_SESSION["pending_2fa_secret"] ?? "";
if ($twofa_secret === "" || !hash_equals(generateTOTP($twofa_secret), $twofa_pin)) { if ($twofa_secret === "" || !hash_equals(generateTOTP($twofa_secret), $twofa_pin)) {
echo json_encode(['success' => false, 'message' => 'Invalid 2FA code.']); echo json_encode(['success' => false, 'message' => 'Invalid 2FA code.']);
app-code/api/login/check_mfa.php
+1 -1
View File
@@ -14,7 +14,7 @@ include "../utils/generate_pin.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE); $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
$username=$_SESSION["username"]; $username=$_SESSION["username"];
check_rate_limit($conn, 'login_mfa', 5, 10 * 60, $username); check_rate_limit($conn, 'login_mfa', 5, 60, $username);
$sql="SELECT 2fa FROM users WHERE username = ?"; $sql="SELECT 2fa FROM users WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql); $stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 's', $username); mysqli_stmt_bind_param($stmt, 's', $username);