From 77cbb4f946b9b72dd90a0248531d5d11eb71f674 Mon Sep 17 00:00:00 2001
From: Armando <armfem@worteks.com>
Date: Thu, 18 Apr 2024 12:19:47 +0200
Subject: [PATCH] Added more explicit variable name and correcting number of
 token tries.

---
 .gitignore          | 1 +
 conf/config.inc.php | 2 +-
 docs/config_sms.rst | 2 +-
 htdocs/sendsms.php  | 8 ++++----
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index f7a838df..406b503e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /vendor/
 /htdocs/vendor/
+composer.lock
diff --git a/conf/config.inc.php b/conf/config.inc.php
index f5f4116a..5dde5ae7 100644
--- a/conf/config.inc.php
+++ b/conf/config.inc.php
@@ -314,7 +314,7 @@
 # SMS token length
 $sms_token_length = 6;
 # Max attempts allowed for SMS token
-$max_attempts = 3;
+$sms_max_attempts_token = 3;
 
 # Encryption, decryption keyphrase, required if $use_tokens = true and $crypt_tokens = true, or $use_sms, or $crypt_answer
 # Please change it to anything long, random and complicated, you do not have to remember it
diff --git a/docs/config_sms.rst b/docs/config_sms.rst
index e4e42568..ea8a8e62 100644
--- a/docs/config_sms.rst
+++ b/docs/config_sms.rst
@@ -173,6 +173,6 @@ You can also configure the allowed attempts:
 
 .. code-block:: php
 
-   $max_attempts = 3;
+   $sms_max_attempts_token = 3;
 
 After these attempts, the sent token is no more valid.
diff --git a/htdocs/sendsms.php b/htdocs/sendsms.php
index e56b232e..94904093 100644
--- a/htdocs/sendsms.php
+++ b/htdocs/sendsms.php
@@ -36,7 +36,8 @@
 $token = "";
 $sessiontoken = "";
 $attempts = 0;
-
+# Because the loop starts at 0 and not at 1
+$sms_max_attempts_token = $sms_max_attempts_token - 1;
 
 #==============================================================================
 # Verify minimal information for treatment
@@ -97,7 +98,7 @@
             list($result, $token) = obscure_info_sendsms("tokenattempts","tokennotvalid");
             error_log("Unable to open session $smstokenid");
         } elseif ($sessiontoken != $smstoken) {
-            if ($attempts < $max_attempts) {
+            if ($attempts < $sms_max_attempts_token) {
                 $_SESSION['attempts'] = $attempts + 1;
                 $result = "tokenattempts";
                 error_log("SMS token $smstoken not valid, attempt $attempts");
@@ -196,11 +197,10 @@
 
     $data = array( "sms_attribute" => $sms, "smsresetmessage" => $messages['smsresetmessage'], "smstoken" => $smstoken) ;
 
-    # Send message
+    # The default sms method is mail
     if (!$sms_method) { $sms_method = "mail"; }
 
     if ($sms_method === "mail") {
-
         if ($mailer->send_mail($smsmailto, $mail_from, $mail_from_name, $smsmail_subject, $sms_message, $data)) {
             $token  = encrypt(session_id(), $keyphrase);
             $result = "smssent";