]>
Commit | Line | Data |
---|---|---|
6930484c | 1 | <?php |
c06c1713 | 2 | require_once "../inc/common.php"; |
6930484c VP |
3 | |
4 | $logout = false; | |
bc75e1cb | 5 | |
ea90b321 | 6 | $redirect = get_config("base_url"); |
bc75e1cb BM |
7 | if (!empty($_GET['redirect'])) |
8 | { | |
9 | $str = urldecode($_GET['redirect']); | |
ea90b321 | 10 | if (str_starts_with($str, get_config("base_url"))) // prevent redirects to like https://othersite/ |
bc75e1cb BM |
11 | $redirect = $_GET['redirect']; |
12 | } | |
13 | ||
ea90b321 | 14 | $redirect = (isset($_GET['redirect'])) ? $_GET['redirect'] : get_config("base_url"); |
6930484c VP |
15 | if (!empty($_GET['logout'])) |
16 | { | |
17 | if (!isset($_SESSION['id'])) | |
18 | $failmsg = "Nothing to logout from"; | |
19 | else { | |
148df839 | 20 | $_SESSION = NULL; |
6930484c VP |
21 | session_destroy(); |
22 | $logout = true; | |
23 | } | |
24 | } | |
39206f24 VP |
25 | if (!empty($_GET['timeout'])) |
26 | { | |
27 | $failmsg = "Your session has timed out. Please login again to continue"; | |
28 | $_SESSION = NULL; | |
29 | session_destroy(); | |
30 | } | |
6930484c VP |
31 | if (!empty($_POST)) |
32 | { | |
33 | if ($_POST['username'] && $_POST['password']) | |
34 | { | |
6930484c | 35 | $user = new PanelUser($_POST['username']); |
6930484c | 36 | /* not being too informative with the login error in case of attackers */ |
6b08fcb9 BM |
37 | $hash_needs_updating = false; |
38 | if (isset($user->id) && $user->password_verify($_POST['password'], $hash_needs_updating)) | |
6930484c | 39 | { |
d3e3ec08 | 40 | /* SUCCESSFUL LOGIN */ |
6b08fcb9 BM |
41 | if ($hash_needs_updating) |
42 | { | |
43 | /* Set password again so it is freshly hashed */ | |
44 | $hash = PanelUser::password_hash($_POST['password']); | |
45 | $ar = ["update_pass_conf"=>$hash]; | |
46 | $user->update_core_info($ar); | |
47 | unset($ar); | |
48 | unset($hash); | |
49 | } | |
d3e3ec08 | 50 | panel_start_session($user); |
6930484c | 51 | $_SESSION['id'] = $user->id; |
e9996356 | 52 | $user->add_meta("last_login", date("Y-m-d H:i:s")); |
c44f6efa | 53 | Hook::run(HOOKTYPE_USER_LOGIN, $user); |
d3e3ec08 | 54 | |
54b9603c | 55 | /* Middle of install? Override redirect: */ |
41aad10c | 56 | if (!isset($config['unrealircd'])) |
1a6051db | 57 | $redirect = get_config("base_url")."settings/rpc-servers.php"; |
54b9603c | 58 | header('Location: ' . $redirect); |
c44f6efa | 59 | die(); |
6930484c VP |
60 | } |
61 | else | |
62 | { | |
d3e3ec08 | 63 | /* LOGIN FAILED */ |
c44f6efa VP |
64 | $fail = [ |
65 | "login" => htmlspecialchars($_POST['username']), | |
66 | "IP" => $_SERVER['REMOTE_ADDR'] | |
67 | ]; | |
68 | Hook::run(HOOKTYPE_USER_LOGIN_FAIL, $fail); | |
6930484c VP |
69 | $failmsg = "Incorrect login"; |
70 | } | |
71 | ||
72 | } | |
73 | else | |
74 | $failmsg = "Couldn't log you in: Missing credentials"; | |
75 | } | |
76 | ||
77 | ?><!DOCTYPE html> | |
78 | <head> | |
ea90b321 BM |
79 | <link href="<?php echo get_config("base_url"); ?>css/unrealircd-admin.css" rel="stylesheet"> |
80 | <script src="<?php echo get_config("base_url"); ?>js/unrealircd-admin.js"></script> | |
6930484c VP |
81 | <!-- Latest compiled and minified CSS --> |
82 | <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css"> | |
83 | ||
84 | <!-- jQuery library --> | |
85 | <script src="https://cdn.jsdelivr.net/npm/jquery@3.6.1/dist/jquery.slim.min.js"></script> | |
86 | ||
87 | <!-- Popper JS --> | |
88 | <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js"></script> | |
89 | ||
90 | <!-- Latest compiled JavaScript --> | |
91 | <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js"></script> | |
92 | ||
93 | <!-- Font Awesome icons --> | |
94 | <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/css/all.min.css"> | |
95 | ||
ea90b321 | 96 | <link rel="icon" type="image/x-icon" href="<?php echo get_config("base_url"); ?>img/favicon.ico"> |
2405dc8e | 97 | <title>UnrealIRCd Panel</title> |
584066dc | 98 | </head> |
012c8a3e VP |
99 | <section class="vh-100"> |
100 | <div class="container py-5 h-10"> | |
9a005fe5 | 101 | <div class="row d-flex justify-content-center align-items-center"> |
012c8a3e VP |
102 | <div class="col-12 col-md-8 col-lg-6 col-xl-5"> |
103 | <div class="card shadow-2-strong" style="border-radius: 1rem;"> | |
104 | <div class="card-body p-5 text-center"> | |
cf6697ac | 105 | <form id="login" method="post" action="index.php?redirect=<?php echo $redirect; ?>"> |
ea90b321 | 106 | <h3><img src="<?php echo get_config("base_url"); ?>img/favicon.ico"> Log in to use Admin Panel</h3> |
012c8a3e VP |
107 | |
108 | <?php | |
109 | if (isset($failmsg)) Message::Fail($failmsg); | |
110 | if ($logout) | |
111 | Message::Success("You have been logged out"); | |
112 | ?> | |
113 | <div class="input-group"> | |
cf6697ac | 114 | <div id="username" class="input-group mb-3"> |
012c8a3e VP |
115 | <div class="input-group-prepend"> |
116 | <span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-user"></i></span> | |
cf6697ac VP |
117 | </div><input type="text" id="userinp" class="form-control" name="username" placeholder="Username" aria-label="Username" aria-describedby="basic-addon1"> |
118 | <div id="user_inv" class="invalid-feedback"> | |
119 | Username cannot be empty. | |
120 | </div> | |
121 | ||
012c8a3e | 122 | </div> |
cf6697ac | 123 | <div id="password" class="input-group mb-3"> |
012c8a3e VP |
124 | <div class="input-group-prepend"> |
125 | <span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-key"></i></span> | |
cf6697ac VP |
126 | </div><input type="password" id="passinp" class="form-control" name="password" placeholder="Password"> |
127 | <div id="pass_inv" class="invalid-feedback"> | |
128 | Password cannot be empty. | |
129 | </div> | |
130 | ||
012c8a3e | 131 | </div> |
2405dc8e | 132 | |
012c8a3e VP |
133 | </div> |
134 | <button type="submit" class="btn btn-primary btn-block">Log-In</button> | |
135 | </form> | |
136 | </div> | |
137 | </div> | |
6930484c | 138 | </div> |
2405dc8e | 139 | </div> |
012c8a3e | 140 | </div></section> |
9a005fe5 | 141 | <style> |
cf6697ac | 142 | |
9a005fe5 VP |
143 | body { |
144 | background-image: url('https://cdn.wallpapersafari.com/34/98/yznZmQ.jpg'); | |
145 | background-size: cover; | |
146 | } | |
147 | </style> | |
cf6697ac VP |
148 | <script> |
149 | var form = document.getElementById('login'); | |
150 | var pinp = document.getElementById('passinp'); | |
151 | var uinp = document.getElementById('userinp'); | |
152 | ||
153 | form.addEventListener('submit', (event) => | |
154 | { | |
155 | event.preventDefault(); | |
156 | var err = 0; | |
157 | if (uinp.value.length == 0) | |
158 | { | |
159 | $('#user_inv').show(); | |
160 | err++; | |
161 | } | |
162 | if (pinp.value.length == 0) | |
163 | { | |
164 | $('#pass_inv').show(); | |
165 | err++; | |
166 | } | |
167 | if (err) | |
168 | return; | |
169 | else | |
170 | form.submit(); | |
171 | }); | |
172 | </script> |