]>
Commit | Line | Data |
---|---|---|
1 | ||
2 | <?php | |
3 | require_once "../common.php"; | |
4 | ||
5 | $logout = false; | |
6 | ||
7 | $redirect = get_config("base_url"); | |
8 | if (!empty($_GET['redirect'])) | |
9 | { | |
10 | $str = urldecode($_GET['redirect']); | |
11 | if (str_starts_with($str, get_config("base_url"))) // prevent redirects to like https://othersite/ | |
12 | $redirect = $_GET['redirect']; | |
13 | } | |
14 | ||
15 | $redirect = (isset($_GET['redirect'])) ? $_GET['redirect'] : get_config("base_url"); | |
16 | if (!empty($_GET['logout'])) | |
17 | { | |
18 | if (!isset($_SESSION['id'])) | |
19 | $failmsg = "Nothing to logout from"; | |
20 | else { | |
21 | $_SESSION = NULL; | |
22 | session_destroy(); | |
23 | $logout = true; | |
24 | } | |
25 | } | |
26 | if (!empty($_GET['timeout'])) | |
27 | { | |
28 | $failmsg = "Your session has timed out. Please login again to continue"; | |
29 | $_SESSION = NULL; | |
30 | session_destroy(); | |
31 | } | |
32 | if (!empty($_POST)) | |
33 | { | |
34 | if ($_POST['username'] && $_POST['password']) | |
35 | { | |
36 | ||
37 | /* securitah */ | |
38 | security_check(); | |
39 | $user = new PanelUser($_POST['username']); | |
40 | /* not being too informative with the login error in case of attackers */ | |
41 | if (isset($user->id) && $user->password_verify($_POST['password'])) | |
42 | { | |
43 | $_SESSION['id'] = $user->id; | |
44 | header('Location: ' . $redirect); | |
45 | $user->add_meta("last_login", date("Y-m-d H:i:s")); | |
46 | Hook::run(HOOKTYPE_USER_LOGIN, $user); | |
47 | die(); | |
48 | } | |
49 | else | |
50 | { | |
51 | $fail = [ | |
52 | "login" => htmlspecialchars($_POST['username']), | |
53 | "IP" => $_SERVER['REMOTE_ADDR'] | |
54 | ]; | |
55 | Hook::run(HOOKTYPE_USER_LOGIN_FAIL, $fail); | |
56 | $failmsg = "Incorrect login"; | |
57 | } | |
58 | ||
59 | } | |
60 | else | |
61 | $failmsg = "Couldn't log you in: Missing credentials"; | |
62 | } | |
63 | ||
64 | ?><!DOCTYPE html> | |
65 | <head> | |
66 | <link href="<?php echo get_config("base_url"); ?>css/unrealircd-admin.css" rel="stylesheet"> | |
67 | <script src="<?php echo get_config("base_url"); ?>js/unrealircd-admin.js"></script> | |
68 | <!-- Latest compiled and minified CSS --> | |
69 | <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css"> | |
70 | ||
71 | <!-- jQuery library --> | |
72 | <script src="https://cdn.jsdelivr.net/npm/jquery@3.6.1/dist/jquery.slim.min.js"></script> | |
73 | ||
74 | <!-- Popper JS --> | |
75 | <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js"></script> | |
76 | ||
77 | <!-- Latest compiled JavaScript --> | |
78 | <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js"></script> | |
79 | ||
80 | <!-- Font Awesome icons --> | |
81 | <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/css/all.min.css"> | |
82 | ||
83 | <link rel="icon" type="image/x-icon" href="<?php echo get_config("base_url"); ?>img/favicon.ico"> | |
84 | <title>UnrealIRCd Panel</title> | |
85 | </head> | |
86 | <section class="vh-100"> | |
87 | <div class="container py-5 h-10"> | |
88 | <div class="row d-flex justify-content-center align-items-center h-100"> | |
89 | <div class="col-12 col-md-8 col-lg-6 col-xl-5"> | |
90 | <div class="card shadow-2-strong" style="border-radius: 1rem;"> | |
91 | <div class="card-body p-5 text-center"> | |
92 | <form id="login" method="post" action="index.php?redirect=<?php echo $redirect; ?>"> | |
93 | <h3><img src="<?php echo get_config("base_url"); ?>img/favicon.ico"> Log in to use Admin Panel</h3> | |
94 | ||
95 | <?php | |
96 | if (isset($failmsg)) Message::Fail($failmsg); | |
97 | if ($logout) | |
98 | Message::Success("You have been logged out"); | |
99 | ?> | |
100 | <div class="input-group"> | |
101 | <div id="username" class="input-group mb-3"> | |
102 | <div class="input-group-prepend"> | |
103 | <span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-user"></i></span> | |
104 | </div><input type="text" id="userinp" class="form-control" name="username" placeholder="Username" aria-label="Username" aria-describedby="basic-addon1"> | |
105 | <div id="user_inv" class="invalid-feedback"> | |
106 | Username cannot be empty. | |
107 | </div> | |
108 | ||
109 | </div> | |
110 | <div id="password" class="input-group mb-3"> | |
111 | <div class="input-group-prepend"> | |
112 | <span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-key"></i></span> | |
113 | </div><input type="password" id="passinp" class="form-control" name="password" placeholder="Password"> | |
114 | <div id="pass_inv" class="invalid-feedback"> | |
115 | Password cannot be empty. | |
116 | </div> | |
117 | ||
118 | </div> | |
119 | ||
120 | </div> | |
121 | <button type="submit" class="btn btn-primary btn-block">Log-In</button> | |
122 | </form> | |
123 | </div> | |
124 | </div> | |
125 | </div> | |
126 | </div> | |
127 | </div></section> | |
128 | ||
129 | <script> | |
130 | var form = document.getElementById('login'); | |
131 | var pinp = document.getElementById('passinp'); | |
132 | var uinp = document.getElementById('userinp'); | |
133 | ||
134 | form.addEventListener('submit', (event) => | |
135 | { | |
136 | event.preventDefault(); | |
137 | var err = 0; | |
138 | if (uinp.value.length == 0) | |
139 | { | |
140 | $('#user_inv').show(); | |
141 | err++; | |
142 | } | |
143 | if (pinp.value.length == 0) | |
144 | { | |
145 | $('#pass_inv').show(); | |
146 | err++; | |
147 | } | |
148 | if (err) | |
149 | return; | |
150 | else | |
151 | form.submit(); | |
152 | }); | |
153 | </script> | |
154 | ||
155 | <?php require_once "../footer.php"; |