]> jfr.im git - irc/unrealircd/unrealircd-webpanel.git/blob - login/index.php
projects / irc / unrealircd / unrealircd-webpanel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add Plugins: remove author from card footer
[irc/unrealircd/unrealircd-webpanel.git] / login / index.php
1 <?php
2 require_once "../inc/common.php";
3
4 $logout = false;
5
6 $redirect = get_config("base_url");
7 if (!empty($_GET['redirect']))
8 {
9 $str = urldecode($_GET['redirect']);
10 if (str_starts_with($str, get_config("base_url"))) // prevent redirects to like https://othersite/
11 $redirect = $_GET['redirect'];
12 }
13
14 $redirect = (isset($_GET['redirect'])) ? $_GET['redirect'] : get_config("base_url");
15 if (!empty($_GET['logout']))
16 {
17 if (!isset($_SESSION['id']))
18 $failmsg = "Nothing to logout from";
19 else {
20 $_SESSION = NULL;
21 session_destroy();
22 $logout = true;
23 }
24 }
25 if (!empty($_GET['timeout']))
26 {
27 $failmsg = "Your session has timed out. Please login again to continue";
28 $_SESSION = NULL;
29 session_destroy();
30 }
31 if (!empty($_POST))
32 {
33 if ($_POST['username'] && $_POST['password'])
34 {
35 $user = new PanelUser($_POST['username']);
36 /* not being too informative with the login error in case of attackers */
37 $hash_needs_updating = false;
38 if (isset($user->id) && $user->password_verify($_POST['password'], $hash_needs_updating))
39 {
40 /* SUCCESSFUL LOGIN */
41 if ($hash_needs_updating)
42 {
43 /* Set password again so it is freshly hashed */
44 $hash = PanelUser::password_hash($_POST['password']);
45 $ar = ["update_pass_conf"=>$hash];
46 $user->update_core_info($ar);
47 unset($ar);
48 unset($hash);
49 }
50 panel_start_session($user);
51 $_SESSION['id'] = $user->id;
52 $user->add_meta("last_login", date("Y-m-d H:i:s"));
53 Hook::run(HOOKTYPE_USER_LOGIN, $user);
54
55 /* Middle of install? Override redirect: */
56 if (!isset($config['unrealircd']))
57 $redirect = get_config("base_url")."settings/rpc-servers.php";
58 header('Location: ' . $redirect);
59 die();
60 }
61 else
62 {
63 /* LOGIN FAILED */
64 $fail = [
65 "login" => htmlspecialchars($_POST['username']),
66 "IP" => $_SERVER['REMOTE_ADDR']
67 ];
68 Hook::run(HOOKTYPE_USER_LOGIN_FAIL, $fail);
69 $failmsg = "Incorrect login";
70 }
71
72 }
73 else
74 $failmsg = "Couldn't log you in: Missing credentials";
75 }
76
77 ?><!DOCTYPE html>
78 <head>
79 <link href="<?php echo get_config("base_url"); ?>css/unrealircd-admin.css" rel="stylesheet">
80 <script src="<?php echo get_config("base_url"); ?>js/unrealircd-admin.js"></script>
81 <!-- Latest compiled and minified CSS -->
82 <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/css/bootstrap.min.css">
83
84 <!-- jQuery library -->
85 <script src="https://cdn.jsdelivr.net/npm/jquery@3.6.1/dist/jquery.slim.min.js"></script>
86
87 <!-- Popper JS -->
88 <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js"></script>
89
90 <!-- Latest compiled JavaScript -->
91 <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.bundle.min.js"></script>
92
93 <!-- Font Awesome icons -->
94 <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/css/all.min.css">
95
96 <link rel="icon" type="image/x-icon" href="<?php echo get_config("base_url"); ?>img/favicon.ico">
97 <title>UnrealIRCd Panel</title>
98 </head>
99 <section class="vh-100">
100 <div class="container py-5 h-10">
101 <div class="row d-flex justify-content-center align-items-center h-100">
102 <div class="col-12 col-md-8 col-lg-6 col-xl-5">
103 <div class="card shadow-2-strong" style="border-radius: 1rem;">
104 <div class="card-body p-5 text-center">
105 <form id="login" method="post" action="index.php?redirect=<?php echo $redirect; ?>">
106 <h3><img src="<?php echo get_config("base_url"); ?>img/favicon.ico"> Log in to use Admin Panel</h3>
107
108 <?php
109 if (isset($failmsg)) Message::Fail($failmsg);
110 if ($logout)
111 Message::Success("You have been logged out");
112 ?>
113 <div class="input-group">
114 <div id="username" class="input-group mb-3">
115 <div class="input-group-prepend">
116 <span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-user"></i></span>
117 </div><input type="text" id="userinp" class="form-control" name="username" placeholder="Username" aria-label="Username" aria-describedby="basic-addon1">
118 <div id="user_inv" class="invalid-feedback">
119 Username cannot be empty.
120 </div>
121
122 </div>
123 <div id="password" class="input-group mb-3">
124 <div class="input-group-prepend">
125 <span class="input-group-text" id="basic-addon1"><i class="fa-solid fa-key"></i></span>
126 </div><input type="password" id="passinp" class="form-control" name="password" placeholder="Password">
127 <div id="pass_inv" class="invalid-feedback">
128 Password cannot be empty.
129 </div>
130
131 </div>
132
133 </div>
134 <button type="submit" class="btn btn-primary btn-block">Log-In</button>
135 </form>
136 </div>
137 </div>
138 </div>
139 </div>
140 </div></section>
141
142 <script>
143 var form = document.getElementById('login');
144 var pinp = document.getElementById('passinp');
145 var uinp = document.getElementById('userinp');
146
147 form.addEventListener('submit', (event) =>
148 {
149 event.preventDefault();
150 var err = 0;
151 if (uinp.value.length == 0)
152 {
153 $('#user_inv').show();
154 err++;
155 }
156 if (pinp.value.length == 0)
157 {
158 $('#pass_inv').show();
159 err++;
160 }
161 if (err)
162 return;
163 else
164 form.submit();
165 });
166 </script>
167
168 <?php require_once "../inc/footer.php";
Unnamed repository; edit this file 'description' to name the repository.