AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bugfix: credentials 

Fix an edge-case bug causing the user_encryption_session_key session cookie to not be set due to error output (when display PHP errors in browser is enabled). This means login credentials are still encrypted but cannot be decrypted properly by other users.
Prevent users creating new credentials if they do not have the correct cookie set.
This commit is contained in:
wrongecho 2024-08-19 19:56:12 +01:00
parent 86e3f377ab
commit 3f772f5a2f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client_logins.php
View File

@ -44,7 +44,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<h3 class="card-title mt-2"><i class="fa fa-fw fa-key mr-2"></i>Credentials</h3>
<div class="card-tools">
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addLoginModal" <?php if (!isset($_COOKIE['user_encryption_session_key'])) { echo "disabled"; } ?>>
<i class="fas fa-plus mr-2"></i>New Credential
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>

2
login.php
View File

@ -145,7 +145,7 @@ if (isset($_POST['login'])) {
}
// Validate MFA code
if (TokenAuth6238::verify($token, $current_code)) {
if (!empty($current_code) && TokenAuth6238::verify($token, $current_code)) {
$mfa_is_complete = true;
$extended_log = 'with 2FA';
}