TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
23 Commits 12 Branches 0 Tags
88832d1af2646cb48d98df0f3fd62796d52981e6
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
twotalesanimation 88832d1af2 Fix: Rate limiting now checks email only, not IP address 
The countRecentFailedAttempts() function was requiring BOTH email AND ip_address to match, which caused failed attempts from different IPs to not count together. This prevented account lockout from working properly.

Changed to count failed attempts by email only. IP address is still recorded for audit purposes but doesn't affect the failed attempt count.

This ensures:
- Failed attempts accumulate correctly regardless of IP changes
- Accounts lock after 5 failed attempts within 15 minutes
- Prevents attackers from bypassing by changing IP
2025-12-03 15:39:26 +02:00
assets
small updates
2025-12-02 18:17:20 +02:00
google-client
Initial commit
2025-04-18 10:32:42 +02:00
mailers
Initial commit
2025-04-18 10:32:42 +02:00
migrations
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
uploads/signatures
local changes.
2025-07-24 07:20:51 +02:00
vendor
dotenv implementation cont
2025-05-23 14:31:07 +02:00
.gitignore
Merge branch 'main' of http://192.168.0.107:30008/TwoTalesDev/4WDCSA.co.za
2025-06-13 10:45:41 +02:00
.htaccess
Pop submit ready
2025-06-13 10:22:14 +02:00
404.php
Initial commit
2025-04-18 10:32:42 +02:00
2025_agm_minutes.php
Initial commit
2025-04-18 10:32:42 +02:00
about.php
Initial commit
2025-04-18 10:32:42 +02:00
account_settings.php
updated CSRF tokens
2025-12-03 13:26:57 +02:00
ad_banner.php
Initial commit
2025-04-18 10:32:42 +02:00
add_campsite.php
Task 10: Harden file upload validation
2025-12-03 13:30:45 +02:00
add_to_cart.php
More ENV updates
2025-05-23 14:25:27 +02:00
admin_camp_bookings.php
Initial commit
2025-04-18 10:32:42 +02:00
admin_course_bookings.php
small updates
2025-12-02 18:17:20 +02:00
admin_efts.php
New POP Uploads
2025-05-23 14:19:25 +02:00
admin_members.php
local changes.
2025-07-24 07:20:51 +02:00
admin_payments.php
Initial commit
2025-04-18 10:32:42 +02:00
admin_trip_bookings.php
local changes.
2025-07-24 07:20:51 +02:00
admin_visitors.php
Initial commit
2025-04-18 10:32:42 +02:00
admin_web_users.php
Member info update
2025-06-08 16:29:50 +02:00
agm_content.php
Initial commit
2025-04-18 10:32:42 +02:00
bar_tabs.php
Task 9: Add CSRF tokens to form templates and backend processors
2025-12-03 11:47:26 +02:00
basic_indemnity.php
Initial commit
2025-04-18 10:32:42 +02:00
best_of_the_eastern_cape_2024.php
Initial commit
2025-04-18 10:32:42 +02:00
blog_details.php
Initial commit
2025-04-18 10:32:42 +02:00
blog.php
small updates
2025-12-02 18:17:20 +02:00
bookings.php
Initial commit
2025-04-18 10:32:42 +02:00
bush_mechanics.php
updated CSRF tokens
2025-12-03 13:26:57 +02:00
campsite_booking.php
updated CSRF tokens
2025-12-03 13:26:57 +02:00
campsites.php
Task 9: Add CSRF tokens to form templates and backend processors
2025-12-03 11:47:26 +02:00
change_password.php
More ENV updates
2025-05-23 14:25:27 +02:00
comment_box.php
Task 9: Add CSRF tokens to form templates and backend processors
2025-12-03 11:47:26 +02:00
composer.json
dotenv implementation
2025-05-23 11:50:53 +02:00
composer.lock
dotenv implementation
2025-05-23 11:50:53 +02:00
confirm2.php
Initial commit
2025-04-18 10:32:42 +02:00
confirm.php
Initial commit
2025-04-18 10:32:42 +02:00
connection.php
dotenv implementation
2025-05-23 11:50:53 +02:00
contact.php
Initial commit
2025-04-18 10:32:42 +02:00
course_details.php
Task 9: Add CSRF tokens to form templates and backend processors
2025-12-03 11:47:26 +02:00
create_bar_tab.php
Task 9: Add CSRF tokens to form templates and backend processors
2025-12-03 11:47:26 +02:00
DB_existing schema.sql
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
driver_training.php
updated CSRF tokens
2025-12-03 13:26:57 +02:00
env.php
dotenv implementation
2025-05-23 11:50:53 +02:00
events.php
local changes.
2025-07-24 07:20:51 +02:00
fetch_bar_tabs.php
Initial commit
2025-04-18 10:32:42 +02:00
fetch_drinks.php
Initial commit
2025-04-18 10:32:42 +02:00
fetch_users.php
More ENV updates
2025-05-23 14:25:27 +02:00
forgot_password.php
updated CSRF tokens
2025-12-03 13:26:57 +02:00
functions.php
Fix: Rate limiting now checks email only, not IP address
2025-12-03 15:39:26 +02:00
gellery-grid.html
Initial commit
2025-04-18 10:32:42 +02:00
get_campsites.php
More ENV updates
2025-05-23 14:25:27 +02:00
get_tab_total.php
More ENV updates
2025-05-23 14:25:27 +02:00
google_validate_login.php
dotenv implementation
2025-05-23 11:50:53 +02:00
header01.php
small updates
2025-12-02 18:17:20 +02:00
header02.php
small updates
2025-12-02 18:17:20 +02:00
header_css.css
Initial commit
2025-04-18 10:32:42 +02:00
indemnity_waiver.php
Initial commit
2025-04-18 10:32:42 +02:00
indemnity.php
Initial commit
2025-04-18 10:32:42 +02:00
index2.php
Initial commit
2025-04-18 10:32:42 +02:00
index.php
small updates
2025-12-02 18:17:20 +02:00
insta_footer.php
Initial commit
2025-04-18 10:32:42 +02:00
instapage.php
Initial commit
2025-04-18 10:32:42 +02:00
login.php
updated CSRF tokens
2025-12-03 13:26:57 +02:00
logos.php
Initial commit
2025-04-18 10:32:42 +02:00
logout.php
Initial commit
2025-04-18 10:32:42 +02:00
member_info.php
Member info update
2025-06-08 16:29:50 +02:00
membership_application.php
Task 9: Add CSRF tokens to form templates and backend processors
2025-12-03 11:47:26 +02:00
membership_details.php
Initial commit
2025-04-18 10:32:42 +02:00
membership_payment.php
New POP Uploads
2025-05-23 14:19:25 +02:00
membership.php
Initial commit
2025-04-18 10:32:42 +02:00
modal.html
Initial commit
2025-04-18 10:32:42 +02:00
modal.php
More ENV updates
2025-05-23 14:25:27 +02:00
payment_confirmation.php
local changes.
2025-07-24 07:20:51 +02:00
PHASE_1_COMPLETION_SUMMARY.md
Phase 1 Complete: Security & Stability - Final Summary
2025-12-03 13:33:32 +02:00
PHASE_1_PROGRESS.md
Add Phase 1 progress documentation and Task 9 quick-start guide
2025-12-03 11:31:09 +02:00
PHASE_1_SECURITY_TESTING_CHECKLIST.md
Task 11: Create comprehensive security testing checklist
2025-12-03 13:32:17 +02:00
phpinfo.php
small updates
2025-12-02 18:17:20 +02:00
privacy_policy.php
Initial commit
2025-04-18 10:32:42 +02:00
process_application.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
process_booking.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
process_camp_booking.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
process_course_booking.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
process_eft.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
process_membership_payment.php
More ENV updates
2025-05-23 14:25:27 +02:00
process_payments.php
local changes.
2025-07-24 07:20:51 +02:00
process_signature.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
process_trip_booking.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
register_user.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
register.php
updated CSRF tokens
2025-12-03 13:26:57 +02:00
renew_membership.php
More ENV updates
2025-05-23 14:25:27 +02:00
rescue_recovery.php
small updates
2025-12-02 18:17:20 +02:00
resend_verification.php
Initial commit
2025-04-18 10:32:42 +02:00
reset_password.php
Initial commit
2025-04-18 10:32:42 +02:00
review_box.php
Initial commit
2025-04-18 10:32:42 +02:00
run_migration.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
send_reset_link.php
More ENV updates
2025-05-23 14:25:27 +02:00
session.php
Initial commit
2025-04-18 10:32:42 +02:00
sitemap.xml
Initial commit
2025-04-18 10:32:42 +02:00
submit_order.php
Task 9: Add CSRF tokens to form templates and backend processors
2025-12-03 11:47:26 +02:00
submit_pop.php
Task 10: Harden file upload validation
2025-12-03 13:30:45 +02:00
TASK_9_ADD_CSRF_FORMS.md
Add Phase 1 progress documentation and Task 9 quick-start guide
2025-12-03 11:31:09 +02:00
testenv.php
dotenv implementation cont
2025-05-23 14:31:07 +02:00
trip-details.php
updated CSRF tokens
2025-12-03 13:26:57 +02:00
trips.php
local changes.
2025-07-24 07:20:51 +02:00
update_application.php
More ENV updates
2025-05-23 14:25:27 +02:00
update_password.php
More ENV updates
2025-05-23 14:25:27 +02:00
update_user.php
More ENV updates
2025-05-23 14:25:27 +02:00
upload_profile_picture.php
Task 10: Harden file upload validation
2025-12-03 13:30:45 +02:00
validate_login.php
Phase 1: Implement CSRF protection, input validation, and rate limiting
2025-12-03 11:28:53 +02:00
verify.php
More ENV updates
2025-05-23 14:25:27 +02:00
view_cart.php
Initial commit
2025-04-18 10:32:42 +02:00
view_indemnity.php
Initial commit
2025-04-18 10:32:42 +02:00
Description
No description provided
168 MiB
Languages
PHP 61.8%
CSS 26.1%
Sass 5.5%
HTML 4.4%
JavaScript 1.1%
Other 1.1%