2FA

- Set the 2FA number input field to only accept 6 characters max - Revoke existing remember-me tokens when 2FA is re-enabled
2026-02-28 19:04:52 +00:00 · 2024-06-09 12:57:42 +01:00
parent 51710f886c
commit 3dcd04a724
2 changed files with 4 additions and 1 deletions
--- a/post/profile.php
+++ b/post/profile.php
@@ -208,6 +208,9 @@ if(isset($_POST['enable_2fa'])){

    mysqli_query($mysqli,"UPDATE users SET user_token = '$token' WHERE user_id = $session_user_id");

+    // Delete any existing 2FA tokens - these browsers should be re-validated
+    mysqli_query($mysqli, "DELETE FROM remember_tokens WHERE remember_token_user_id = $session_user_id");
+
    //Logging
    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'User Settings', log_action = 'Modify', log_description = '$session_name enabled 2FA on their account', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");