TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20 Commits 12 Branches 0 Tags
a4526979c491604244275e10020cd06835246304
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
twotalesanimation a4526979c4 Phase 2: Add rate limiting and session regeneration 
- Created RateLimitMiddleware class with 8 public methods
  * isLimited() - check if limit exceeded
  * incrementAttempt() - increment attempt counter
  * getRemainingAttempts() - get remaining attempts
  * getTimeRemaining() - get time remaining in window
  * reset() - reset counter after success
  * requireLimit() - check and die if exceeded
  * getStatus() - get status info for monitoring
  * Support for time-window based rate limiting

- Integrated rate limiting into critical endpoints:
  * validate_login.php: 5 attempts per 900 seconds (15 minutes)
  * send_reset_link.php: 3 attempts per 1800 seconds (30 minutes)
  * Prevents brute force attacks and password reset abuse
  * Still increments counter for non-existent emails (prevents enumeration)

- Integrated session regeneration on successful login:
  * Google OAuth login (both new and existing users)
  * Email/password login
  * Uses AuthenticationService::regenerateSession()
  * Prevents session fixation attacks

- Rate limit counters stored in PHP session
- Time-window based with 15-minute and 30-minute windows
- Graceful error messages with retry_after in JSON responses
- AJAX-aware error handling
2025-12-02 21:10:48 +02:00
assets
small updates
2025-12-02 18:17:20 +02:00
google-client
Initial commit
2025-04-18 10:32:42 +02:00
mailers
Initial commit
2025-04-18 10:32:42 +02:00
src
Phase 2: Add rate limiting and session regeneration
2025-12-02 21:10:48 +02:00
uploads/signatures
local changes.
2025-07-24 07:20:51 +02:00
vendor
dotenv implementation cont
2025-05-23 14:31:07 +02:00
.env.example
Phase 1 Complete: Service Layer Refactoring
2025-12-02 20:36:56 +02:00
.gitignore
Merge branch 'main' of http://192.168.0.107:30008/TwoTalesDev/4WDCSA.co.za
2025-06-13 10:45:41 +02:00
.htaccess
Pop submit ready
2025-06-13 10:22:14 +02:00
404.php
Initial commit
2025-04-18 10:32:42 +02:00
2025_agm_minutes.php
Initial commit
2025-04-18 10:32:42 +02:00
about.php
Initial commit
2025-04-18 10:32:42 +02:00
account_settings.php
Initial commit
2025-04-18 10:32:42 +02:00
ad_banner.php
Initial commit
2025-04-18 10:32:42 +02:00
add_campsite.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
add_to_cart.php
More ENV updates
2025-05-23 14:25:27 +02:00
admin_camp_bookings.php
Initial commit
2025-04-18 10:32:42 +02:00
admin_course_bookings.php
small updates
2025-12-02 18:17:20 +02:00
admin_efts.php
New POP Uploads
2025-05-23 14:19:25 +02:00
admin_members.php
local changes.
2025-07-24 07:20:51 +02:00
admin_payments.php
Initial commit
2025-04-18 10:32:42 +02:00
admin_trip_bookings.php
local changes.
2025-07-24 07:20:51 +02:00
admin_visitors.php
Initial commit
2025-04-18 10:32:42 +02:00
admin_web_users.php
Member info update
2025-06-08 16:29:50 +02:00
agm_content.php
Initial commit
2025-04-18 10:32:42 +02:00
bar_tabs.php
Initial commit
2025-04-18 10:32:42 +02:00
basic_indemnity.php
Initial commit
2025-04-18 10:32:42 +02:00
best_of_the_eastern_cape_2024.php
Initial commit
2025-04-18 10:32:42 +02:00
blog_details.php
Initial commit
2025-04-18 10:32:42 +02:00
blog.php
small updates
2025-12-02 18:17:20 +02:00
bookings.php
Initial commit
2025-04-18 10:32:42 +02:00
bush_mechanics.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
campsite_booking.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
campsites.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
change_password.php
More ENV updates
2025-05-23 14:25:27 +02:00
comment_box.php
Initial commit
2025-04-18 10:32:42 +02:00
composer.json
dotenv implementation
2025-05-23 11:50:53 +02:00
composer.lock
dotenv implementation
2025-05-23 11:50:53 +02:00
confirm2.php
Initial commit
2025-04-18 10:32:42 +02:00
confirm.php
Initial commit
2025-04-18 10:32:42 +02:00
connection.php
dotenv implementation
2025-05-23 11:50:53 +02:00
contact.php
Initial commit
2025-04-18 10:32:42 +02:00
course_details.php
Initial commit
2025-04-18 10:32:42 +02:00
create_bar_tab.php
Initial commit
2025-04-18 10:32:42 +02:00
driver_training.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
env.php
Phase 1 Complete: Service Layer Refactoring
2025-12-02 20:36:56 +02:00
events.php
local changes.
2025-07-24 07:20:51 +02:00
fetch_bar_tabs.php
Initial commit
2025-04-18 10:32:42 +02:00
fetch_drinks.php
Initial commit
2025-04-18 10:32:42 +02:00
fetch_users.php
More ENV updates
2025-05-23 14:25:27 +02:00
forgot_password.php
Initial commit
2025-04-18 10:32:42 +02:00
functions.php
Phase 1 Complete: Service Layer Refactoring
2025-12-02 20:36:56 +02:00
gellery-grid.html
Initial commit
2025-04-18 10:32:42 +02:00
get_campsites.php
More ENV updates
2025-05-23 14:25:27 +02:00
get_tab_total.php
More ENV updates
2025-05-23 14:25:27 +02:00
google_validate_login.php
dotenv implementation
2025-05-23 11:50:53 +02:00
header01.php
Phase 1 Complete: Service Layer Refactoring
2025-12-02 20:36:56 +02:00
header02.php
small updates
2025-12-02 18:17:20 +02:00
header_css.css
Initial commit
2025-04-18 10:32:42 +02:00
indemnity_waiver.php
Initial commit
2025-04-18 10:32:42 +02:00
indemnity.php
Initial commit
2025-04-18 10:32:42 +02:00
index2.php
Initial commit
2025-04-18 10:32:42 +02:00
index.php
Phase 1 Complete: Service Layer Refactoring
2025-12-02 20:36:56 +02:00
insta_footer.php
Initial commit
2025-04-18 10:32:42 +02:00
instapage.php
Initial commit
2025-04-18 10:32:42 +02:00
login.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
logos.php
Initial commit
2025-04-18 10:32:42 +02:00
logout.php
Initial commit
2025-04-18 10:32:42 +02:00
member_info.php
Member info update
2025-06-08 16:29:50 +02:00
membership_application.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
membership_details.php
Initial commit
2025-04-18 10:32:42 +02:00
membership_payment.php
New POP Uploads
2025-05-23 14:19:25 +02:00
membership.php
Initial commit
2025-04-18 10:32:42 +02:00
MIGRATION_GUIDE.md
Add comprehensive documentation for Phase 1 refactoring
2025-12-02 20:38:06 +02:00
modal.html
Initial commit
2025-04-18 10:32:42 +02:00
modal.php
More ENV updates
2025-05-23 14:25:27 +02:00
payment_confirmation.php
local changes.
2025-07-24 07:20:51 +02:00
PHASE1_COMPLETE.md
Phase 1 Complete: Executive summary
2025-12-02 20:38:46 +02:00
phpinfo.php
small updates
2025-12-02 18:17:20 +02:00
privacy_policy.php
Initial commit
2025-04-18 10:32:42 +02:00
process_application.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
process_booking.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
process_camp_booking.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
process_course_booking.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
process_eft.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
process_membership_payment.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
process_payments.php
local changes.
2025-07-24 07:20:51 +02:00
process_signature.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
process_trip_booking.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
REFACTORING_PHASE1.md
Add comprehensive documentation for Phase 1 refactoring
2025-12-02 20:38:06 +02:00
register_user.php
More ENV updates
2025-05-23 14:25:27 +02:00
register.php
Initial commit
2025-04-18 10:32:42 +02:00
renew_membership.php
More ENV updates
2025-05-23 14:25:27 +02:00
rescue_recovery.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
resend_verification.php
Initial commit
2025-04-18 10:32:42 +02:00
reset_password.php
Initial commit
2025-04-18 10:32:42 +02:00
review_box.php
Initial commit
2025-04-18 10:32:42 +02:00
send_reset_link.php
Phase 2: Add rate limiting and session regeneration
2025-12-02 21:10:48 +02:00
session.php
Initial commit
2025-04-18 10:32:42 +02:00
sitemap.xml
Initial commit
2025-04-18 10:32:42 +02:00
submit_order.php
Initial commit
2025-04-18 10:32:42 +02:00
submit_pop.php
small updates
2025-12-02 18:17:20 +02:00
testenv.php
dotenv implementation cont
2025-05-23 14:31:07 +02:00
trip-details.php
Phase 2: Add CSRF token protection to all forms and processors - Created CsrfMiddleware class with 8 helper methods - Added CSRF tokens to 9 POST forms across trip/course/camping/membership - Added CSRF validation to all 10 POST processors - CsrfMiddleware.requireToken() validates and dies on invalid tokens - 100% POST endpoint coverage with CSRF protection
2025-12-02 21:08:56 +02:00
trips.php
local changes.
2025-07-24 07:20:51 +02:00
update_application.php
More ENV updates
2025-05-23 14:25:27 +02:00
update_password.php
More ENV updates
2025-05-23 14:25:27 +02:00
update_user.php
More ENV updates
2025-05-23 14:25:27 +02:00
upload_profile_picture.php
More ENV updates
2025-05-23 14:25:27 +02:00
validate_login.php
Phase 2: Add rate limiting and session regeneration
2025-12-02 21:10:48 +02:00
verify.php
More ENV updates
2025-05-23 14:25:27 +02:00
view_cart.php
Initial commit
2025-04-18 10:32:42 +02:00
view_indemnity.php
Initial commit
2025-04-18 10:32:42 +02:00
Description
No description provided
168 MiB
Languages
PHP 61.8%
CSS 26.1%
Sass 5.5%
HTML 4.4%
JavaScript 1.1%
Other 1.1%