diff --git a/install/structure.sql b/install/structure.sql index 3775ee0..637dbc4 100644 --- a/install/structure.sql +++ b/install/structure.sql @@ -7,6 +7,7 @@ CREATE TABLE IF NOT EXISTS `lc_administrators` ( `email` VARCHAR(128) NOT NULL DEFAULT '', `password_hash` VARCHAR(255) NOT NULL DEFAULT '', `apps` VARCHAR(4096) NOT NULL DEFAULT '', + `permissions` CHAR(3) NOT NULL DEFAULT '', `widgets` VARCHAR(512) NOT NULL DEFAULT '', `two_factor_auth` TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', `login_attempts` INT(10) UNSIGNED NOT NULL DEFAULT '0', @@ -242,4 +243,4 @@ CREATE TABLE `lc_translations` ( KEY `frontend` (`frontend`), KEY `backend` (`backend`), KEY `created_at` (`created_at`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE utf8mb4_general_ci; \ No newline at end of file +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE utf8mb4_general_ci; diff --git a/public_html/backend/pages/login.inc.php b/public_html/backend/pages/login.inc.php index 27ab262..7401482 100644 --- a/public_html/backend/pages/login.inc.php +++ b/public_html/backend/pages/login.inc.php @@ -126,7 +126,7 @@ } if (!empty($administrator['last_ip_address']) && $administrator['last_ip_address'] != $_SERVER['REMOTE_ADDR']) { - notices::add('warnings', strtr(t('warning_account_previously_used_by_another_ip', 'Your account was previously used by another IP address {ip_address} ({hostname}). If this was not you then your login credentials might be compromised.'), [ + notices::add('warnings', strtr(t('warning_account_previously_used_by_another_ip', 'Your account was previously used by another IP address {ip_address} ({hostname}). If this was not you then y[...] '{username}' => $administrator['username'], '{ip_address}' => $administrator['last_ip_address'], '{hostname}' => $administrator['last_hostname'], @@ -159,7 +159,7 @@ unset(session::$data['security.administrator']['verification']); - // TOTP (opt-in per administrator). When enrolled, always challenge — + // TOTP (opt-in per administrator). When enrolled, always challenge ✓ // independent of the known-IP check below. Email OTP remains the // fallback for admins who haven't enrolled. if (!empty($administrator['totp_secret'])) { @@ -241,7 +241,7 @@ if (!empty($_POST['remember_me']) && defined('HMAC_KEY_REMEMBER_ME')) { $token = f::token_create_remember($administrator['id'], $administrator['password_hash']); - header('Set-Cookie: remember_me='. $token .'; Path='. WS_DIR_APP .'; Expires='. gmdate('r', strtotime('+30 days')) .'; HttpOnly; SameSite=Lax' . (!empty($_SERVER['HTTPS']) ? '; Secure' : ''), false); + header('Set-Cookie: remember_me='. $token .'; Path='. WS_DIR_APP .'; Expires='. gmdate('r', strtotime('+30 days')) .'; HttpOnly; SameSite=Lax' . (!empty($_SERVER['HTTPS']) ? '; Secure' : ''),[...] } else if (!empty($_COOKIE['remember_me'])) { header('Set-Cookie: remember_me=; Path='. WS_DIR_APP .'; Max-Age=-1; HttpOnly; SameSite=Lax', false); } @@ -383,4 +383,4 @@ }); }); }); - \ No newline at end of file +