Skip to content

Commit

Permalink
Added more explicit variable name and correcting number of token trie…
Browse files Browse the repository at this point in the history
  • Loading branch information
armfem authored and davidcoutadeur committed Apr 18, 2024
1 parent e458c7e commit ccbd142
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 6 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
/vendor/
/htdocs/vendor/
composer.lock
2 changes: 1 addition & 1 deletion conf/config.inc.php
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@
# SMS token length
$sms_token_length = 6;
# Max attempts allowed for SMS token
$max_attempts = 3;
$sms_max_attempts_token = 3;

# Encryption, decryption keyphrase, required if $use_tokens = true and $crypt_tokens = true, or $use_sms, or $crypt_answer
# Please change it to anything long, random and complicated, you do not have to remember it
Expand Down
2 changes: 1 addition & 1 deletion docs/config_sms.rst
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,6 @@ You can also configure the allowed attempts:

.. code-block:: php
$max_attempts = 3;
$sms_max_attempts_token = 3;
After these attempts, the sent token is no more valid.
7 changes: 3 additions & 4 deletions htdocs/sendsms.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@
$sessiontoken = "";
$attempts = 0;


#==============================================================================
# Verify minimal information for treatment
# Encryption needs to be activated
Expand Down Expand Up @@ -97,7 +96,8 @@
list($result, $token) = obscure_info_sendsms("tokenattempts","tokennotvalid");
error_log("Unable to open session $smstokenid");
} elseif ($sessiontoken != $smstoken) {
if ($attempts < $max_attempts) {
# To have only x tries and not x+1 tries
if ($attempts < ($sms_max_attempts_token - 1)) {
$_SESSION['attempts'] = $attempts + 1;
$result = "tokenattempts";
error_log("SMS token $smstoken not valid, attempt $attempts");
Expand Down Expand Up @@ -196,11 +196,10 @@

$data = array( "sms_attribute" => $sms, "smsresetmessage" => $messages['smsresetmessage'], "smstoken" => $smstoken) ;

# Send message
# The default sms method is mail
if (!$sms_method) { $sms_method = "mail"; }

if ($sms_method === "mail") {

if ($mailer->send_mail($smsmailto, $mail_from, $mail_from_name, $smsmail_subject, $sms_message, $data)) {
$token = encrypt(session_id(), $keyphrase);
$result = "smssent";
Expand Down

0 comments on commit ccbd142

Please sign in to comment.