fix(security): fix login AND logic to OR, add signup input validation, separate OTP rate limit keys

2026-06-17 07:05:58 +03:00
parent 70c06edd71
commit 1a9619f9f8
3 changed files with 38 additions and 7 deletions
--- a/backend/auth/otp/verify.php
+++ b/backend/auth/otp/verify.php
@@ -7,7 +7,7 @@ require_once __DIR__ . '/../../functions.php';

 // 0. Rate Limiting: 3 محاولات OTP كل 5 دقائق لكل IP
 $rateLimiter = new RateLimiter($redis);
-$rateLimiter->enforce(RateLimiter::identifier(), 'otp');
+$rateLimiter->enforce(RateLimiter::identifier(), 'otp_verify');

 // 1. Fetch input parameters
 $phone_number = filterRequest("phone_number");