FbIN/htmly
1
0
Fork 0
mirror of https://github.com/danpros/htmly.git synced 2026-04-22 05:26:22 +05:30
Code Issues Projects Releases Packages Wiki Activity

Improve MFA

Browse source 
Temporarily save username and password during MFA login to session file and not into hidden input
This commit is contained in:
Dan 2025-01-24 23:28:06 +07:00
commit 6747b0e3c5
3 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
system/admin/views/login-mfa.html.php
View file

@ -1,4 +1,8 @@
<?php if (!defined('HTMLY')) die('HTMLy'); ?>
<?php
$_SESSION["mfa_uid"] = $username;
$_SESSION["mfa_pwd"] = $password;
?>
<style>.error-message ul {margin:0;padding:0;}</style>
<?php if (isset($error)) { ?>
<div class="error-message"><?php echo $error ?></div>
@ -6,8 +10,6 @@
<h1><?php echo i18n('Login');?></h1>
<form method="POST" action="login-mfa">
<input type="hidden" name="csrf_token" value="<?php echo get_csrf() ?>">
<input type="hidden" name="user" value="<?php echo $username; ?>">
<input type="hidden" name="password" value="<?php echo $password; ?>">
<label><?php echo i18n('MFACode');?></label>
<input type="text" class="form-control" name="mfacode" placeholder="<?php echo i18n('verify_code'); ?>"/>
<br>