FbIN/htmly
1
0
Fork 0
mirror of https://github.com/danpros/htmly.git synced 2026-04-19 03:56:21 +05:30
Code Issues Projects Releases Packages Wiki Activity

Improve MFA

Browse source 
Temporarily save username and password during MFA login to session file and not into hidden input
This commit is contained in:
Dan 2025-01-24 23:28:06 +07:00
commit 6747b0e3c5
3 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
system/htmly.php
View file

@ -221,8 +221,8 @@ post('/login', function () {
post('/login-mfa', function () {
$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
$user = from($_REQUEST, 'user');
$pass = from($_REQUEST, 'password');
$user = $_SESSION["mfa_uid"];
$pass = $_SESSION["mfa_pwd"];
$mfacode = from($_REQUEST, 'mfacode');
$mfa_secret = user('mfa_secret', $user);
$google2fa = new Google2FA();