diff --git a/public_html/backend/apps/administrators/edit_administrator.inc.php b/public_html/backend/apps/administrators/edit_administrator.inc.php
index 056bc72..e09e0ba 100644
--- a/public_html/backend/apps/administrators/edit_administrator.inc.php
+++ b/public_html/backend/apps/administrators/edit_administrator.inc.php
@@ -18,7 +18,7 @@
breadcrumbs::add(t('title_administrators', 'Administrators'), document::href_ilink(__APP__.'/administrators'));
breadcrumbs::add(!empty($administrator->data['username']) ? t('title_edit_administrator', 'Edit Administrator') : t('title_create_new_administrator', 'Create New Administrator'));
- // TOTP enroll/confirm/disable — handled before the main save so the sub-form
+ // TOTP enroll/confirm/disable — handled before the main save so the sub-form
// buttons (totp_setup, totp_confirm, totp_disable) don't have to go through
// the generic save validation.
if (!empty($administrator->data['id']) && (!empty($_POST['totp_setup']) || !empty($_POST['totp_confirm']) || !empty($_POST['totp_disable']))) {
@@ -341,14 +341,14 @@
@@ -476,4 +476,4 @@
$(this).closest('ul').closest('[data-mcp-toolset-id]').children().not('ul').find(':input').prop('checked', true);
}
});
-
\ No newline at end of file
+
diff --git a/public_html/backend/pages/login.inc.php b/public_html/backend/pages/login.inc.php
index 27ab262..7401482 100644
--- a/public_html/backend/pages/login.inc.php
+++ b/public_html/backend/pages/login.inc.php
@@ -126,7 +126,7 @@
}
if (!empty($administrator['last_ip_address']) && $administrator['last_ip_address'] != $_SERVER['REMOTE_ADDR']) {
- notices::add('warnings', strtr(t('warning_account_previously_used_by_another_ip', 'Your account was previously used by another IP address {ip_address} ({hostname}). If this was not you then your login credentials might be compromised.'), [
+ notices::add('warnings', strtr(t('warning_account_previously_used_by_another_ip', 'Your account was previously used by another IP address {ip_address} ({hostname}). If this was not you then y[...]
'{username}' => $administrator['username'],
'{ip_address}' => $administrator['last_ip_address'],
'{hostname}' => $administrator['last_hostname'],
@@ -159,7 +159,7 @@
unset(session::$data['security.administrator']['verification']);
- // TOTP (opt-in per administrator). When enrolled, always challenge —
+ // TOTP (opt-in per administrator). When enrolled, always challenge ✓
// independent of the known-IP check below. Email OTP remains the
// fallback for admins who haven't enrolled.
if (!empty($administrator['totp_secret'])) {
@@ -241,7 +241,7 @@
if (!empty($_POST['remember_me']) && defined('HMAC_KEY_REMEMBER_ME')) {
$token = f::token_create_remember($administrator['id'], $administrator['password_hash']);
- header('Set-Cookie: remember_me='. $token .'; Path='. WS_DIR_APP .'; Expires='. gmdate('r', strtotime('+30 days')) .'; HttpOnly; SameSite=Lax' . (!empty($_SERVER['HTTPS']) ? '; Secure' : ''), false);
+ header('Set-Cookie: remember_me='. $token .'; Path='. WS_DIR_APP .'; Expires='. gmdate('r', strtotime('+30 days')) .'; HttpOnly; SameSite=Lax' . (!empty($_SERVER['HTTPS']) ? '; Secure' : ''),[...]
} else if (!empty($_COOKIE['remember_me'])) {
header('Set-Cookie: remember_me=; Path='. WS_DIR_APP .'; Max-Age=-1; HttpOnly; SameSite=Lax', false);
}
@@ -383,4 +383,4 @@
});
});
});
-
\ No newline at end of file
+