Add security hardening, captcha login, and password reset via email

jukka/intra.cuitunet.fi

- .htaccess: HTTPS enforcement, security headers, block sensitive files
- data/.htaccess: deny all direct access to data directory
- Secure session settings (httponly, secure, strict mode, samesite)
- Rate limiting on login (10 attempts per 15 min per IP)
- Math captcha on login form (server-side validated)
- Password reset via email with token (1 hour expiry)
- Forgot password UI with reset link flow
- Email field added to user management
- Updated .gitignore for reset_tokens.json and login_attempts.json

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

This commit is contained in:

Jukka Lampikoski

2026-03-10 01:00:19 +02:00

parent e4914e9edb

commit 8a07689a1f

7 changed files with 388 additions and 8 deletions

									
										2

data/.htaccess
									
										Normal file
									
												View File
												
				@@ -0,0 +1,2 @@

				# Estä kaikki suora pääsy data-kansioon

				Deny from all

Add security hardening, captcha login, and password reset via email

2 data/.htaccess Normal file Unescape Escape View File

2

data/.htaccess Normal file

View File