[irc/unrealircd/unrealircd-webpanel.git] / login / index.php

<?php
require_once "../inc/common.php";

$logout = false;

$redirect = get_config("base_url");
if (!empty($_GET['redirect']))
{
	$str = urldecode($_GET['redirect']);
	if (str_starts_with($str, get_config("base_url"))) // prevent redirects to like https://othersite/
		$redirect = $_GET['redirect'];
}

$redirect = (isset($_GET['redirect'])) ? $_GET['redirect'] : get_config("base_url");
if (!empty($_GET['logout']))
{
	if (!isset($_SESSION['id']))
		$failmsg = "Nothing to logout from";
	else {
		$_SESSION = NULL;
		session_destroy();
		$logout = true;
	}
}
if (!empty($_GET['timeout']))
{
	$failmsg = "Your session has timed out. Please login again to continue";
	$_SESSION = NULL;
	session_destroy();
}
if (!empty($_POST))
{
	if ($_POST['username'] && $_POST['password'])
	{
		$user = new PanelUser($_POST['username']);
		/* not being too informative with the login error in case of attackers */
		$hash_needs_updating = false;
		if (isset($user->id) && $user->password_verify($_POST['password'], $hash_needs_updating))
		{
			/* SUCCESSFUL LOGIN */
			if ($hash_needs_updating)
			{
				/* Set password again so it is freshly hashed */
				$hash = PanelUser::password_hash($_POST['password']);
				$ar = ["update_pass_conf"=>$hash];
				$user->update_core_info($ar);
				unset($ar);
				unset($hash);
			}
			panel_start_session($user);
			$_SESSION['id'] = $user->id;
			$user->add_meta("last_login", date("Y-m-d H:i:s"));
			Hook::run(HOOKTYPE_USER_LOGIN, $user);

			/* Middle of install? Override redirect: */
			if (!isset($config['unrealircd']))
				$redirect = get_config("base_url")."settings/rpc-servers.php";
			header('Location: ' . $redirect);
			die();
		}
		else
		{
			/* LOGIN FAILED */
			$fail = [
				"login" => htmlspecialchars($_POST['username']),
				"IP" => $_SERVER['REMOTE_ADDR']
			];
			Hook::run(HOOKTYPE_USER_LOGIN_FAIL, $fail);
			$failmsg = "Incorrect login";
		}

	}
	else
	$failmsg = "Couldn't log you in: Missing credentials";
}

?><!DOCTYPE html>
<head>
<link href="<?php echo get_config("base_url"); ?>css/unrealircd-admin.css" rel="stylesheet">
<script src="<?php echo get_config("base_url"); ?>js/unrealircd-admin.js"></script>
 <!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css">

<!-- jQuery library -->
<script src="https://cdn.jsdelivr.net/npm/jquery@3.6.1/dist/jquery.slim.min.js"></script>

<!-- Popper JS -->
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js"></script>

<!-- Latest compiled JavaScript -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js"></script>

<!-- Font Awesome icons -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/css/all.min.css">

<link rel="icon" type="image/x-icon" href="<?php echo get_config("base_url"); ?>img/favicon.ico">
<title>UnrealIRCd Panel</title>
</head>
<section class="vh-100">
  <div class="container py-5 h-10">
	<div class="row d-flex justify-content-center align-items-center h-100">
	  <div class="col-12 col-md-8 col-lg-6 col-xl-5">
		<div class="card shadow-2-strong" style="border-radius: 1rem;">
		  <div class="card-body p-5 text-center">
			<form id="login" method="post" action="index.php?redirect=<?php echo $redirect; ?>">
				<h3><img src="<?php echo get_config("base_url"); ?>img/favicon.ico">	Log in to use Admin Panel</h3>
				
					<?php 
					if (isset($failmsg)) Message::Fail($failmsg);
					if ($logout)
						Message::Success("You have been logged out");
					?>
					<div class="input-group">
					<div id="username" class="input-group mb-3">
						<div class="input-group-prepend">
							<span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-user"></i></span>
						</div><input type="text" id="userinp" class="form-control" name="username" placeholder="Username" aria-label="Username" aria-describedby="basic-addon1">
						<div id="user_inv" class="invalid-feedback">
							Username cannot be empty.
						</div>

					</div>
					<div id="password" class="input-group mb-3">
						<div class="input-group-prepend">
							<span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-key"></i></span>
						</div><input type="password" id="passinp" class="form-control" name="password" placeholder="Password">
						<div id="pass_inv" class="invalid-feedback">
						Password cannot be empty.
						</div>

					</div>

				</div>
				<button type="submit" class="btn btn-primary btn-block">Log-In</button>
			</form>
			</div>
		</div>
	</div>
</div>
</div></section>

<script>
	var form = document.getElementById('login');
	var pinp = document.getElementById('passinp');
	var uinp = document.getElementById('userinp');
	
	form.addEventListener('submit', (event) =>
	{
		event.preventDefault();
		var err = 0;
		if (uinp.value.length == 0)
		{
			$('#user_inv').show();
			err++;
		}
		if (pinp.value.length == 0)
		{
			$('#pass_inv').show();
			err++;
		}
		if (err)
			return;
		else
			form.submit();
	});
</script>

<?php require_once "../inc/footer.php";
Commit	Line	Data
6930484c	1	<?php
c06c1713	2	require_once "../inc/common.php";
6930484c VP	3
6930484c VP	4	$logout = false;
bc75e1cb	5
ea90b321	6	$redirect = get_config("base_url");
bc75e1cb BM	7	if (!empty($_GET['redirect']))
	8	{
	9	$str = urldecode($_GET['redirect']);
ea90b321	10	if (str_starts_with($str, get_config("base_url"))) // prevent redirects to like https://othersite/
bc75e1cb BM	11	$redirect = $_GET['redirect'];
	12	}
	13
ea90b321	14	$redirect = (isset($_GET['redirect'])) ? $_GET['redirect'] : get_config("base_url");
6930484c VP	15	if (!empty($_GET['logout']))
	16	{
	17	if (!isset($_SESSION['id']))
	18	$failmsg = "Nothing to logout from";
	19	else {
148df839	20	$_SESSION = NULL;
6930484c VP	21	session_destroy();
	22	$logout = true;
	23	}
	24	}
39206f24 VP	25	if (!empty($_GET['timeout']))
	26	{
	27	$failmsg = "Your session has timed out. Please login again to continue";
	28	$_SESSION = NULL;
	29	session_destroy();
	30	}
6930484c VP	31	if (!empty($_POST))
	32	{
	33	if ($_POST['username'] && $_POST['password'])
	34	{
6930484c	35	$user = new PanelUser($_POST['username']);
6930484c	36	/* not being too informative with the login error in case of attackers */
6b08fcb9 BM	37	$hash_needs_updating = false;
6b08fcb9 BM	38	if (isset($user->id) && $user->password_verify($_POST['password'], $hash_needs_updating))
6930484c	39	{
d3e3ec08	40	/* SUCCESSFUL LOGIN */
6b08fcb9 BM	41	if ($hash_needs_updating)
	42	{
	43	/* Set password again so it is freshly hashed */
	44	$hash = PanelUser::password_hash($_POST['password']);
	45	$ar = ["update_pass_conf"=>$hash];
	46	$user->update_core_info($ar);
	47	unset($ar);
	48	unset($hash);
	49	}
d3e3ec08	50	panel_start_session($user);
6930484c	51	$_SESSION['id'] = $user->id;
e9996356	52	$user->add_meta("last_login", date("Y-m-d H:i:s"));
c44f6efa	53	Hook::run(HOOKTYPE_USER_LOGIN, $user);
d3e3ec08	54
54b9603c	55	/* Middle of install? Override redirect: */
41aad10c	56	if (!isset($config['unrealircd']))
1a6051db	57	$redirect = get_config("base_url")."settings/rpc-servers.php";
54b9603c	58	header('Location: ' . $redirect);
c44f6efa	59	die();
6930484c VP	60	}
	61	else
	62	{
d3e3ec08	63	/* LOGIN FAILED */
c44f6efa VP	64	$fail = [
	65	"login" => htmlspecialchars($_POST['username']),
	66	"IP" => $_SERVER['REMOTE_ADDR']
	67	];
	68	Hook::run(HOOKTYPE_USER_LOGIN_FAIL, $fail);
6930484c VP	69	$failmsg = "Incorrect login";
	70	}
	71
	72	}
	73	else
	74	$failmsg = "Couldn't log you in: Missing credentials";
	75	}
	76
	77	?><!DOCTYPE html>
	78	<head>
ea90b321 BM	79	<link href="<?php echo get_config("base_url"); ?>css/unrealircd-admin.css" rel="stylesheet">
ea90b321 BM	80	<script src="<?php echo get_config("base_url"); ?>js/unrealircd-admin.js"></script>
6930484c VP	81	<!-- Latest compiled and minified CSS -->
	82	<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css">
	83
	84	<!-- jQuery library -->
	85	<script src="https://cdn.jsdelivr.net/npm/jquery@3.6.1/dist/jquery.slim.min.js"></script>
	86
	87	<!-- Popper JS -->
	88	<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js"></script>
	89
	90	<!-- Latest compiled JavaScript -->
	91	<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js"></script>
	92
	93	<!-- Font Awesome icons -->
	94	<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/css/all.min.css">
	95
ea90b321	96	<link rel="icon" type="image/x-icon" href="<?php echo get_config("base_url"); ?>img/favicon.ico">
2405dc8e	97	<title>UnrealIRCd Panel</title>
584066dc	98	</head>
012c8a3e VP	99	<section class="vh-100">
	100	<div class="container py-5 h-10">
	101	<div class="row d-flex justify-content-center align-items-center h-100">
	102	<div class="col-12 col-md-8 col-lg-6 col-xl-5">
	103	<div class="card shadow-2-strong" style="border-radius: 1rem;">
	104	<div class="card-body p-5 text-center">
cf6697ac	105	<form id="login" method="post" action="index.php?redirect=<?php echo $redirect; ?>">
ea90b321	106	<h3><img src="<?php echo get_config("base_url"); ?>img/favicon.ico"> Log in to use Admin Panel</h3>
012c8a3e VP	107
	108	<?php
	109	if (isset($failmsg)) Message::Fail($failmsg);
	110	if ($logout)
	111	Message::Success("You have been logged out");
	112	?>
	113	<div class="input-group">
cf6697ac	114	<div id="username" class="input-group mb-3">
012c8a3e VP	115	<div class="input-group-prepend">
012c8a3e VP	116	<span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-user"></i></span>
cf6697ac VP	117	</div><input type="text" id="userinp" class="form-control" name="username" placeholder="Username" aria-label="Username" aria-describedby="basic-addon1">
	118	<div id="user_inv" class="invalid-feedback">
	119	Username cannot be empty.
	120	</div>
	121
012c8a3e	122	</div>
cf6697ac	123	<div id="password" class="input-group mb-3">
012c8a3e VP	124	<div class="input-group-prepend">
012c8a3e VP	125	<span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-key"></i></span>
cf6697ac VP	126	</div><input type="password" id="passinp" class="form-control" name="password" placeholder="Password">
	127	<div id="pass_inv" class="invalid-feedback">
	128	Password cannot be empty.
	129	</div>
	130
012c8a3e	131	</div>
2405dc8e	132
012c8a3e VP	133	</div>
	134	<button type="submit" class="btn btn-primary btn-block">Log-In</button>
	135	</form>
	136	</div>
	137	</div>
6930484c	138	</div>
2405dc8e	139	</div>
012c8a3e	140	</div></section>
cf6697ac VP	141
	142	<script>
	143	var form = document.getElementById('login');
	144	var pinp = document.getElementById('passinp');
	145	var uinp = document.getElementById('userinp');
	146
	147	form.addEventListener('submit', (event) =>
	148	{
	149	event.preventDefault();
	150	var err = 0;
	151	if (uinp.value.length == 0)
	152	{
	153	$('#user_inv').show();
	154	err++;
	155	}
	156	if (pinp.value.length == 0)
	157	{
	158	$('#pass_inv').show();
	159	err++;
	160	}
	161	if (err)
	162	return;
	163	else
	164	form.submit();
	165	});
	166	</script>
	167
c06c1713	168	<?php require_once "../inc/footer.php";