mirror of
https://github.com/openvk/openvk
synced 2024-12-22 16:42:32 +03:00
Auth: Add disabling the password reset page
This commit is contained in:
parent
29716660c7
commit
95a62f56e0
3 changed files with 8 additions and 1 deletions
|
@ -207,6 +207,9 @@ final class AuthPresenter extends OpenVKPresenter
|
|||
|
||||
function renderFinishRestoringPassword(): void
|
||||
{
|
||||
if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
|
||||
$this->notFound();
|
||||
|
||||
$request = $this->restores->getByToken(str_replace(" ", "+", $this->queryParam("key")));
|
||||
if(!$request || !$request->isStillValid()) {
|
||||
$this->flash("err", tr("token_manipulation_error"), tr("token_manipulation_error_comment"));
|
||||
|
@ -241,6 +244,9 @@ final class AuthPresenter extends OpenVKPresenter
|
|||
|
||||
function renderRestore(): void
|
||||
{
|
||||
if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
|
||||
$this->notFound();
|
||||
|
||||
if(!is_null($this->user))
|
||||
$this->redirect($this->user->identity->getURL());
|
||||
|
||||
|
|
|
@ -220,7 +220,7 @@
|
|||
<input type="hidden" name="hash" value="{$csrfToken}" />
|
||||
<input type="submit" value="{_log_in}" class="button" style="display: inline-block; font-family: Tahoma" />
|
||||
<a href="/reg"><input type="button" value="{_registration}" class="button" style="font-family: Tahoma" /></a><br><br>
|
||||
<a href="/restore">{_forgot_password}</a>
|
||||
{if !OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring']}<a href="/restore">{_forgot_password}</a>{/if}
|
||||
</form>
|
||||
{/ifset}
|
||||
</div>
|
||||
|
|
|
@ -28,6 +28,7 @@ openvk:
|
|||
forcePhoneVerification: false
|
||||
forceEmailVerification: false
|
||||
forceStrongPassword: false
|
||||
disablePasswordRestoring: true # turn this off if you have configured e-mail sending correctly
|
||||
enableSu: true
|
||||
rateLimits:
|
||||
actions: 5
|
||||
|
|
Loading…
Reference in a new issue