From 5d2ce4ecfb0e9c397ef5c73b107fb9a0e122e910 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Mon, 12 Aug 2024 18:37:38 +0200
Subject: [PATCH] allow 60sec discrepancy for email based 2fa; fix dbms version
 compare issue when removing user; adjust pure-ftpd mysql.conf file
 permissions

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 index.php                                       | 3 ++-
 lib/Froxlor/Database/Manager/DbManagerMySQL.php | 2 +-
 lib/configfiles/bookworm.xml                    | 2 +-
 lib/configfiles/bullseye.xml                    | 2 +-
 lib/configfiles/focal.xml                       | 2 +-
 lib/configfiles/jammy.xml                       | 2 +-
 lib/configfiles/noble.xml                       | 2 +-
 7 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/index.php b/index.php
index dd3f2673..3ee8b942 100644
--- a/index.php
+++ b/index.php
@@ -84,7 +84,8 @@ if ($action == '2fa_entercode') {
 		// verify code set to user's data_2fa field
 		$sel_stmt = Database::prepare("SELECT `data_2fa` FROM " . $table . " WHERE `" . $field . "` = :uid");
 		$userinfo_code = Database::pexecute_first($sel_stmt, ['uid' => $uid]);
-		$result = $tfa->verifyCode($userinfo_code['data_2fa'], $code);
+		// 60sec discrepancy (possible slow email delivery)
+		$result = $tfa->verifyCode($userinfo_code['data_2fa'], $code, 60);
 	} else {
 		$result = $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3);
 	}
diff --git a/lib/Froxlor/Database/Manager/DbManagerMySQL.php b/lib/Froxlor/Database/Manager/DbManagerMySQL.php
index a73a1be4..7ba1a43d 100644
--- a/lib/Froxlor/Database/Manager/DbManagerMySQL.php
+++ b/lib/Froxlor/Database/Manager/DbManagerMySQL.php
@@ -187,7 +187,7 @@ class DbManagerMySQL
 	 */
 	public function deleteUser(string $username, string $host)
 	{
-		if (Database::getAttribute(PDO::ATTR_SERVER_VERSION) < '5.0.2') {
+		if (version_compare(Database::getAttribute(PDO::ATTR_SERVER_VERSION), '5.0.2', '<')) {
 			// Revoke privileges (only required for MySQL 4.1.2 - 5.0.1)
 			$stmt = Database::prepare("REVOKE ALL PRIVILEGES ON * . * FROM `" . $username . "`@`" . $host . "`");
 			Database::pexecute($stmt);
diff --git a/lib/configfiles/bookworm.xml b/lib/configfiles/bookworm.xml
index d0d2697b..153ddd2d 100644
--- a/lib/configfiles/bookworm.xml
+++ b/lib/configfiles/bookworm.xml
@@ -3174,7 +3174,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #
diff --git a/lib/configfiles/bullseye.xml b/lib/configfiles/bullseye.xml
index d9913f62..984c4c89 100644
--- a/lib/configfiles/bullseye.xml
+++ b/lib/configfiles/bullseye.xml
@@ -4742,7 +4742,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #
diff --git a/lib/configfiles/focal.xml b/lib/configfiles/focal.xml
index 7dc03c82..d6d2ce1c 100644
--- a/lib/configfiles/focal.xml
+++ b/lib/configfiles/focal.xml
@@ -3961,7 +3961,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #
diff --git a/lib/configfiles/jammy.xml b/lib/configfiles/jammy.xml
index 3ba120b7..028d60f1 100644
--- a/lib/configfiles/jammy.xml
+++ b/lib/configfiles/jammy.xml
@@ -3953,7 +3953,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #
diff --git a/lib/configfiles/noble.xml b/lib/configfiles/noble.xml
index 08100a43..e1d5a3f4 100644
--- a/lib/configfiles/noble.xml
+++ b/lib/configfiles/noble.xml
@@ -2628,7 +2628,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #