ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent users disabling MFA when it is enforced

Browse Source
This commit is contained in:
wrongecho
2025-01-29 21:29:04 +00:00
parent bf019f374a
commit badda09245
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
post/user/profile.php
+7
View File
@@ -261,6 +261,13 @@ if (isset($_POST['enable_mfa'])) {
if (isset($_GET['disable_mfa'])){ if (isset($_GET['disable_mfa'])){
if ($session_user_config_force_mfa) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Multi-Factor authentication cannot be disabled for your account";
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit();
}
// CSRF Check // CSRF Check
validateCSRFToken($_GET['csrf_token']); validateCSRFToken($_GET['csrf_token']);