- Email 2FA is now optional and disabled by default.
Existing and new accounts default to 2FA off. Registration signs users in directly. Users can enable it under My Account. Administrators can manage it under Users & Staff. Verified password-only and opted-in email-code login flows. PHP/JavaScript checks and browser console passed.
This commit is contained in:
@@ -398,6 +398,7 @@ final class AdminController extends BaseController
|
||||
if ($id > 0) {
|
||||
$this->db->execute(
|
||||
'UPDATE users SET full_name = ?, phone = ?, role = ?, active = ?, newsletter_opt_in = ?,
|
||||
two_factor_enabled = ?,
|
||||
updated_at = CURRENT_TIMESTAMP WHERE id = ?',
|
||||
[
|
||||
Security::clean((string) ($_POST['full_name'] ?? '')),
|
||||
@@ -405,6 +406,7 @@ final class AdminController extends BaseController
|
||||
$role,
|
||||
isset($_POST['active']) ? 1 : 0,
|
||||
isset($_POST['newsletter_opt_in']) ? 1 : 0,
|
||||
isset($_POST['two_factor_enabled']) ? 1 : 0,
|
||||
$id,
|
||||
]
|
||||
);
|
||||
@@ -417,8 +419,9 @@ final class AdminController extends BaseController
|
||||
}
|
||||
$this->db->execute(
|
||||
'INSERT INTO users
|
||||
(email, password_hash, full_name, phone, role, active, newsletter_opt_in, email_verified_at)
|
||||
VALUES (?, ?, ?, ?, ?, 1, ?, CURRENT_TIMESTAMP)',
|
||||
(email, password_hash, full_name, phone, role, active, newsletter_opt_in,
|
||||
two_factor_enabled, email_verified_at)
|
||||
VALUES (?, ?, ?, ?, ?, 1, ?, ?, CURRENT_TIMESTAMP)',
|
||||
[
|
||||
$email,
|
||||
password_hash($password, PASSWORD_DEFAULT),
|
||||
@@ -426,6 +429,7 @@ final class AdminController extends BaseController
|
||||
Security::clean((string) ($_POST['phone'] ?? '')),
|
||||
$role,
|
||||
isset($_POST['newsletter_opt_in']) ? 1 : 0,
|
||||
isset($_POST['two_factor_enabled']) ? 1 : 0,
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user